Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
CF-RAY
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
X-Xss-Protection
Alt-Svc
X-Served-By
CF-Ray
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Request-ID
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-DNS-Prefetch-Control
P3p
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
X-CDN
Upgrade
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
X-Template
X-Language
Feature-Policy
X-Age
X-Dns-Prefetch-Control
X-Backend
X-Cache-Group
X-Hacker
X-Server
X-Amz-Request-Id
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
X-UA-Device
EagleId
X-Proxy-Cache
Request-Context
X-Turbo-Charged-By
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Host-Header
Grace
Report-To
X-Buckets
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
Cf-Railgun
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
X-Vhost
X-WebKit-CSP
X-Host
X-Backend-Server
X-Dispatcher
X-Device
NEL
X-Node
Surrogate-Control
X-Server-Id
Cf-Bgj
X-Ruxit-JS-Agent
Content-Location
X-Response-Time
X-Cache-Lookup
Request-Id
Accept-CH-Lifetime
X-Origin-Cache
X-Akam-SW-Version
X-Ac
EagleEye-TraceId
Accept-CH
X-ASPNET-VERSION
X-Country
Rating
X-HW
X-Mod-Pagespeed
X-Readtime
X-Cloud-Trace-Context
X-Application-Context
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Allow
Pinterest-Generated-By
Edge-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country-Code
X-PC
X-TtlSet
X-Vname
X-DataDome
X-Varnish-TTL
X-Cnection
X-MS-InvokeApp
X-Url
X-Origin-Upstream-Status
X-GitHub-Request-Id
X-Content-Type
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
Fusion-Deployment-Id
X-D2id
X-Clacks-Overhead
X-Trace
Response
Pinterest-Version
Pagespeed
X-Pinterest-Rid
Display
X-Middleton-Display
X-Middleton-Response
X-Sol
X-Abt-Application-Version
X-Server-Name
X-Px
X-Vcap-Request-Id
X-Navigation-Version
X-Rack-Cache
X-B3-TraceId
X-FTR-Request-ID
Verso
MS-Author-Via
X-DynaTrace
Service-Worker-Allowed
X-ESI
X-Cached
X-Webkit-CSP
X-Fastly-Request-ID
X-Element-Page-Cache
X-Client-IP
Arr-Disable-Session-Affinity
X-Cache-TTL
X-CST
X-FastCGI-Cache
X-Dw-Request-Base-Id
X-TTL
X-Powered-By-Plesk
X-Upstream
Content-MD5
SPRequestGuid
X-SharePointHealthScore
Fastly-Restarts
AR-ATIME
AR-CACHE
AR-Request-ID
AR-PoweredBy
Ar-Sid
X-Version
X-NF-Request-ID
X-VARITI-CCR
X-Forwarded-Proto
X-Debug
X-GoogleNews-Bot
X-Goog-Hash
X-Kinja
X-Kinja-Revision
X-Use-Magma
X-Exp-Variant
X-Kinja-Build
X-Kinja-Server
X-Exp-Id
X-Cdn-Fetch
X-T
X-Jurisdiction
X-Powered-CMS
Access-Control-Request-Method
X-MSEdge-Ref
X-XRDS-Location
X-Release
X-Content-Digest
TP-L2-Cache
SPIisLatency
TP-Cache
SPRequestDuration
S
X-Edge
X-Pinterest-Direct
X-Amz-Rid
Accept-Ch
TCN
X-Ttl
RTSS
Cache-Tag
X-Ezoic-Cdn
Public-Key-Pins
X-NWS-LOG-UUID
X-Node-Name
X-Yandex-Sdch-Disable
Fastcgi-Cache
X-Request-Processing-Time
X-Cache-Key
X-Request-Received
X-MCACHE
X-Mid
Server-Node
X-PressLabs-Stats
Front-End-Https
X-Accel-Expires
X-Amzn-Trace-Id
X-Server-ID
X-Ser
X-Recruiting
X-Kinsta-Cache
X-Logged-In
X-Request-Handler-Origin-Region
X-Microsite
ServerID
X-Ratelimit-Remaining
X-Cache-Hit
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-SRCache-Store-Status
X-Origin-Server
Accept-Charset
X-SRCache-Fetch-Status
X-Page-Id
X-Mg-S
Host
X-Amz-Server-Side-Encryption
X-Grace
X-Varnish-Age
X-B
X-Content-Security-Policy-Report-Only
Alternate-Protocol
X-ECACHE
X-DIS-Request-ID
X-Shield-Request-Id
X-HP-Webp
Nginx-Cache
X-Mobile-URL
Edge-Cache-Tag
X-Hostname
X-Ratelimit-Limit
X-FTR-DC
Realpath
X-FTR-Realm
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend
X-Hits
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Expires
X-F-Cache
X-Content-Options
X-Git-Hash
Filterid
X-FireWall-Port
X-LB-Cache
MicrosoftSharePointTeamServices
X-Seen-By
X-Load-Cache
X-Activity-Id
X-Az
X-AppVersion
X-N
X-Jobs
X-Request-Guid
X-App-Environment
X-Forwarded-For
Paypal-Debug-Id
X-Type
X-Varnish-Backend
X-Rid
Cache-Tags
Fastcgi-Useragent
Cleartype
DynaTrace
Accept-Ch-Lifetime
X-Varnish-Grace
X-Cached-By
X-Upgrade-Enabled
X-Zen-Fury
X-Kong-Upstream-Latency
X-WebKit-CSP-Report-Only
X-Kong-Proxy-Latency
X-TEC-API-VERSION
X-Daa-Tunnel
Access-Control-Allow-Method
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Proxy
X-Cache-Age
X-Litespeed-Cache
Powered-By-ChinaCache
X-Correlation-ID
X-FB-Debug
X-Amz-Meta-S3cmd-Attrs
X-Akamai-Edgescape
X-App-Server
X-Respond-Thread
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Geo-Country
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
DC
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-Host-Name
X-Cache-Rule
X-Id
X-HS-Combine-CSS
X-Cache-Operation
X-B3-Sampled
AMP-Access-Control-Allow-Source-Origin
X-Content-Powered-By
X-B-Cache
X-IPLB-Instance
X-Signature
X-User-Agent
X-Debug-Info
Content-Disposition
X-AOL-HN
X-Accel-Buffering
MS-CV
X-Response-Served-From
Healthy
X-Original-Request-Id
X-Whom
X-Region
X-Wix-Request-Id
X-HTML-Minification-Powered-By
X-Mobile
Payment
X-Frontend
X-UUID
X-Distributor
X-FW-Static
X-FW-Type
X-Rule
X-Cacheable-TTL
X-Instance
X-FW-Server
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-Is-Bot
X-Rendered-As
X-Cache-Time
X-VCache
X-Tumblr-User
X-Tumblr-Pixel
Akamai-Age-Ms
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Refresh
X-Ua
Datacenter
X-Endurance-Cache-Level
X-Amzn-RequestId
X-Amz-Apigw-Id
Surrogate-Key
Filters
NGB
Liferay-Portal
Charset
X-Acc-Debug-Context
X-Via-JSL
Viewport
X-Protected-By
S-Cnection
X-XRDS-LOCATION
Nel
X-App-Version
PB-RID
X-Backend-Name
Arc-Version
PB-PID
X-Hyper-Cache
X-Ah-Environment
Countrycode
X-Tec-Api-Origin
X-Cache-Expired-At
X-Varnish-Server
X-Tec-Api-Version
X-Tec-Api-Root
X-Oneagent-Js-Injection
X-Cache-Server
X-Amz-Replication-Status
Section-Io-Cache
GEO-INFO
Retry-After
X-Cache-Action
X-Sucuri-ID
X-PHP-Backend
Version
X-Source
Referer-Policy
X-Azure-Ref
X-NewRelic-App-Data
X-EdgeConnect-Cache-Status
X-Proxy-Cache-Status
X-WA-Info
X-Cache-Control
X-Unique-Id
Eomportal-Instance
X-Esi
X-Framework
X-Real-IP
X-RemovedCookies
X-L-Path
X-Environment-Context
X-ProcessESI
X-Yottaa-Optimizations
Frame-Options
X-Air-Hostname
X-Yottaa-Metrics
X-URL
X-RN-RSRV
Server-Name
X-ES-SERVER
X-Cache-Var-Map
Meta-Geo
Ms-Operation-Id
X-Cache-Var
X-RTag
X-Revision
X-GeoIP
X-Mode
X-From
X-ProxyCache-Key
X-ProxyCache-Status
X-Qloud-Router
X-R9-Blue-Green-Version
X-Cache-TTL-Remaining
X-Time-Microsecs
X-Xfnlog-Site
X-DynaTrace-JS-Agent
X-BYPASS-REASON
X-Cache-Host
X-FW-Version
X-Labrador-Cache-Channel
X-Human
X-Hosted-By
X-Drupal-Cache-Contexts
DB-Nickname
X-Cluster
X-AWS-Id
Mn-Server-Ip
Ec-Rule-Version
X-LJ-Flow-ID
Cross-Origin-Window-Policy
X-OCL
X-Server-W
X-Status
X-TNCMS
Uber-Trace-Id
X-VWS-Id
Cache-Tv-Group
X-PHP-Host
Powered
X-PCL
X-Loop
X-Amzn-Remapped-Content-Length
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Selected-Fe
Webcakes-Region
X-Sucuri-Cache
Webcakes-App-Version
TWC-Privacy
Webcakes-App-Name
TWC-Locale-Group
X-Hl-Ver
X-Redis-Cache
X-Proxy-Build
X-Routing-Service
X-Site-Version
X-Zipkin-Id
X-Timing-Wait
X-Proxied
X-Locale
Property-Id
TWC-Connection-Speed
X-Debug-Cache
X-Detected-As
X-Handled-By
X-FB-TRIP-ID
TWC-Device-Class
X-Fastcgi-Cache
X-Origin-Hint
X-NYM-Debug-Backend
X-Format
X-Be
X-Access
X-Section
X-Proto
X-ServerID
X-Via-Fastly
X-BCube-Filmed-By
X-Device-Type
X-ATG-Version
X-Ratelimit-Reset
FSS-Cache
X-Generated-By
X-Cache-PHP
X-No-Session
X-Drupal-Cache-Tags
X-Time
X-CDN-Forward
X-Contextid
X-CSRF-Token
X-Correlation-Id
X-JoinUs
Cache
From-Origin
X-SaId
Webserver
X-FTR-Cache-Host
CACHE
X-Varnish-Cache-Hits
X-Hp-Webp
X-NC
X-Adobe-Content
CF-Cached-On
X-Adobe-Loc
X-NCache
X-AIR-PT
X-Oss-Hash-Crc64ecma
X-Origin
X-Oss-Storage-Class
OT-Force-Account-Verify
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Request-Id
X-TIME
X-NWS-UUID-VERIFY
VIX-Pulpo-Upstream-Status
Azure-SiteName
X-GoCache-CacheStatus
Azure-RegionName
Azure-SlotName
Azure-Version
VIX-Pulpo-Node
X-TT
Azure-InstanceId
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Akamai-Transformed
X-IPS-LoggedIn
X-TA-CDN-Provider
Access-Control-Request-Headers
X-IP
Upgrade-Insecure-Requests
X-Aspnet-Duration-Ms
X-Flags
X-Is-Crawler
X-Providence-Cookie
X-Route-Name
X-Cache-Enabled
X-Bc-Bl
X-Adobe-Source
X-CCM
X-EIG-Tracking-Id
SD-X-WS
X-ECache
X-Cache-2
X-APP-VERSION
X-Backend-Host
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-Pinterest-Sli-Endpoint-Name
X-Pinterest-Sli-Latency-Threshold
X-Sorting-Hat-PodId
X-Pinterest-Sli-Response-Type
X-ShardId
X-EC-Lua
X-Shopify-Stage
X-Alternate-Cache-Key
X-Ruxit-Js-Agent
X-ShopId
X-ApacheServer
X-Tumblr-Pixel-3
X-Pubstack
X-Soup
X-Forwarded-Host
X-PERF
X-Backend-TTL
X-Cache-Grace
X-G
X-Web-Node
Fastly-SSL
Decoy-Debug-Status
Decoy-Debug-Key
X-Viewer-Country
Cache-Status
Decoy-Debug-TTL
X-Varnishpool
X-Say-TTL
X-Say-Cacheable
X-Cache-Backend
X-LAGOON
X-Cluster-Name
X-Cdn
X-SayCDN-TTL
X-Storage
Node
X-Aed
X-ScT
X-S-Cookie
X-A-Wwc
X-S
X-Application
X-D
X-Connection-Hash
X-CF-Lambda-Version
X-A-Dgt
X-Destination
X-External-Request-Id
X-CF-Lambda-Fn
X-Cache-NE
X-Transaction
X-B-Cookie
X-Trv-Group
X-Twitter-Response-Tags
X-ARC
MD5-Digest
Apple-News-Services-Request-Url
X-PBS-Appsvrname
DCR-Decision-By
DCR-Processing-Time-Ms
X-Request-UUID
Apple-News-Services-Parsed-Url
X-RCS-CacheZone
X-Processor
Apple-News-Services-Handled
Apple-News-Services-Host
X-PAYTM-SRV-ID
Fastcgi-X-Cache-Version
X-Rewrite-Enabled
X-Rojux
X-A-Ccd
X-A-Dam
X-A
Rendered-Blocks
Host-ID
Machine
Meta-Geo-Continent
Mobile-Detection-Method
X-A-Dcw
X-VG-WebServer
Xc-Version
X-Vtex-Processado-Em
X-VG-WebCache
X-Worker
X-Vtex-Remote-Cache
X-Vdms-Path
X-Vdms-Version
X-TX-ID
X-Cache-Config
X-UPSTREAM-Address
Adler-Geo
X-Platform-Server
CDN-Cache
X-Clara-WADP
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
CDN-CachedAt
X-WADP-Cache
X-Rebelmouse-Cache-Control
X-Cache-Bucket
Platform
Is-Eu
X-Ms-Version
X-Ms-Request-Id
X-Micro-Cache
Fastly-SWR
Fastly-SIE
CDN-RequestCountryCode
CDN-PullZone
CDN-RequestId
CDN-Uid
CloudFront-Viewer-Country
CDN-EdgeStorageId
X-Rebelmouse-Surrogate-Control
X-Servername
X-Envoy-Decorator-Operation
Country
X-Variation
X-Generation-Time
X-Fmm-Version
X-Fastly-Cache
X-DPWN-IS-SECURE
X-Varnish-Beresp-Ttl
X-VG-TLSProxy
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-UA
Backend
Country-Code
X-OVcl
X-Owner
Fastly-Drupal-HTML
X-DefHash
X-OVcl-Cache
X-Fastly-Backend
X-Platform
X-Gzip
X-SN
X-Bip
X-HS-Content-Campaign-Id
X-Esi-Check
X-Cache-Id
X-Hash
X-Thanos
X-Li-Fabric
X-Microcachable
Rt-Fastcgi-Cache
X-Varnish-CookieHashed-On
X-Minions-Version
Surrogated-Key
Wxu-Next-Region
Wxu-Next-Commit
X-Method
Wxu-Next-Hostname
X-Varnish-Cacheable
X-Varnish-CookieINHashed-On
X-DefElseHash
L
X-Backend-State
X-Li-Pop
X-Accel-Expires-Debug
Origin
NM-Fastcgi-Cache
X-Varnish-Remaining-TTL
X-Old-Content-Length
C-Via
X-CUA
Gh-Request-Id
X-Wikidot-Static-Cache
X-Render-Time
X-Varnish-Ttl
X-Date
X-Request-Start
X-Dispatcher-Server
X-Core-Value
X-Core-Mission
X-Clientip
X-Request-Host
X-Webstats-RespID
X-Wikidot-Backend
X-Cms-Context
X-Skip-Cache
X-Auto-Login
Akamai-GRN
X-Policy
X-Cache-NGX
X-LI-UUID
X-Irp-Debug
X-Slack-Backend
X-CS
X-NGENIX-Cache
AKAMAI
CacheControlHeader
Time
X-Mvc-Supplant-Cachable
X-Level-Front-Cache
X-Csrf-Jwt
X-Content-Age
PFcat
X-JWT-State
X-HN
X-Amz-Meta-Cb-Modifiedtime
X-Is-Gdpr
X-Gamma-Serve
X-Req
X-Generated-On
X-Has-Esi
X-Developers
X-VarnishDD-TTL
X-Reqid
Fastly-Backend-Name
X-Up
X-Eu-Site
L5d-Success-Class
X-CGP
X-Cache-Date
Ha-Gx-Prefs
HA-Ipaddr
X-Cache-Tags
X-COUNTRY
X-Session-Fingerprint
X-Cache-URL
X-Location
X-Cdn-Srv
X-Cache-Debug
X-Geo-Header
X-Branch-Name
X-Edge-Location
X-Page-View
Mail-Subject
FSS-Proxy
Group
We-Hiring
X-Wa
Now
Memcached
X-DC
UCS
Pagetype
Ufe-Result
X-Proxy-Upstream
X-LB-ID
X-Refresh
X-Aicache-OS
X-B3-Spanid
X-NODE
X-PF-Uncompressing
X-Via-Poph
SRV
X-GEO
X-Via-Popn
X-CACHE-AGE
X-Agile
X-Agile-Id
X-RateLimit-Remaining
X-B3-Traceid
X-Agile-Age
X-Debug-Cache-Fetch
Hostname
X-Servedbyhost
X-ZONE
X-Debug-Cache-Store
X-BC
X-Via-CDN
X-Mvc-Supplant-OutputCached
X-LI-Proto
NGX
HostName
X-Datadome
X-Ftr-Cache-Host
X-Nginx-Cache
X-Ua-Device
M-TraceId
X-FORWARDED-FOR
X-Dc
X-Check-Cacheable
X-ID
X-Sql-Count
X-SERVER
X-Sql-Duration-Ms
X-LLID
X-NU-AKA-ACS-Version
X-SRV
X-FPC
X-Presslabs-Stats
X-Varnish-Hostname
Arc-Country
X-Request-Time
Xserver
X-VCL-Version
VivaBuild
Cdn-Host
X-Bc
Cdn-Request-Time
X-SERVER-NAME
X-Cache-Remote
Viewtype
X-Zone
X-Edge-Server
X-Cdn-Forward
X-Via-Edge
X-Via-SSL
X-RunCloud-Cache
X-Via-Ucdn
X-LiteSpeed-Cache-Control
XServer
X-Www-Served-By
Edge-Copy-Time
X-Cluster-Node
X-CF-Powered-By
WebServer
X-APP
X-Action
SID
Srv
X-CSRF-TOKEN
X-UnsetCookies
WWW-Authenticate
X-RSL
X-Cs
X-DSS
GeoIp-Country-Code
ServedBy
X-DW
X-Via-Popv
On-Server
X-Svr
Cache-Hits
X-RPM
Geoip-Latitude
X-Dynatrace-Js-Agent
X-DB
X-HS-Status
X-Instart-Request-ID
Memory
X-DI
X-RPS
X-S-Maxage
X-NGINX-Cache
X-Vgn-Hpd-Ssi
X-Srv
ProcessTime
X-MP-GENERATED-AT
X-Oss-Cdn-Auth
NtCoent-Length
X-Vcache
Apigw-Requestid
X-We-Are-Hiring
T-Server
X-Geo
X-Pass-Why
Ohc-File-Size
User-Agent
X-MSEdge-Flight
Processtime
W
X-MSEdge-Features
X-ORACLE-APMCS-REQUEST-ID
X-Hit
Server-Info
LB
Actual-Object-TTL
X-Akamai-Request-ID2
X-Erf-Stays-Bingo-Pdp-Web
N-Cache
Server-Host
Pics-Label
Sid
GeoIP-Latitude
GeoIP-Country-Code
X-Varnish-Hits
X-HOST
Protected
Geo-Info
X-Unique-ID
Magicmarker
WZWS-RAY
X-SB
X-Tb
X-Epic-Correlation-Id
X-Envoy-Upstream-Healthchecked-Cluster
CF-IPCountry
X-VC
S-Rt
X-HITS
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Amp-Access-Control-Allow-Source-Origin
X-Newrelic-App-Data
CDN
X-Cache-Hm
X-Cache-Hfrom
X-Info
X-Vcl-Version
X-Uri
Accept-Language
X-Pjax-Url
Ohc-Cache-HIT
X-Webkit-CSP-Report-Only
Esi-Enabled
X-FC-Vary-Parameters
X-Fastly-Country-Code
A
X-Fpc
Cteonnt-Length
X-Acc-Rdl
Cdn
X-CACHE-KEY
X-Mobile-Rewrite
X-Key
User-Cache-Control
Lb
X-Nc
X-TT-LOGID
Tracecode
DSUID
Odigeo-Trace-Id
Section-Io-Id
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-Provided-By
X-Newrelic-Synthetics
Section-Io-Origin-Status
X-UA-Device-Type
Cache-Name
X-Via-NSCOPI
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
Ssr
Origin-Cache-Control
Origin-Edge-Control
X-Magnolia-Registration
Lfy
X-ServedByHost
X-Li-Proto
X-Dispatch
X-Instart-Info
X-Origin-Date
X-StackifyID
Proxy-Firewall
X-Dynatrace
X-Cache-Tag
CountryCode
Vix-Hermes-Req-Id
Web-Mar-Node
V-Age
True-Client-Country-4JS
Thinkindot-Control
X-API-Version
X-BBC-Edge-Cache-Status
X-Cache-Expires
X-Cache-Info
X-Cache-ASPX
X-Men
X-BBXSRF
X-Block-Status
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Path
Release
MIME-Version
Locid
Instruction
CDCHOST
Server-Ext
Server-Hostname
SR-User-Adfree
X-Contensis-Viewer-Groups
X-Scheme
Sever-Int
Server-ID
FNAC-ModuleRouting
X-Gen-Mode
X-Sigma-Backend
X-SIPLIST1
X-SRCache-Key
X-Sigma
X-Server-IP
X-Rocket-Build-Number
X-SD-PageType
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Varnish-Url
X-VServer
X-Varnish-Authentication
X-User
X-Thinkindot-L3
X-Traceid
X-Response-By
X-Request-URI
X-Hnp-Log
X-Loc
X-Goog-Meta-Goog-Reserved-File-Mtime
X-GeoIP-City
X-Gdpr
X-Cc-Via
X-Matched-Rule
X-Nginx-Cache-Key
X-Origin-Time
X-Origin-TTL
X-Origin-Expires
X-Origin-CC
X-Node-Id
X-Nyt-Route
X-Developer
IsBot
Server-Ttl
X-Cc-Req-Id
X-Geo-Region
X-B3-SpanId
Powered-By
X-TH-Server
X-Served-From
Cache-Key
X-Akamai-Pragma-Client-IP
D-Cc-Upstream
X-Trace-Id
X-Swa-Ws
X-Device-Os
X-Var-Ttl
X-Lb-Id
X-Cdn-Origin
Cache-Provider
X-Fetched-On
X-Via-PopH
X-Parent-Response-Time
X-RAMCache
X-Azure-Ref-OriginShield
X-Via-PopN
X-Sn-Servicetimems
X-NodeID
X-Via-PopV
X-Generated-In
Cache-Host
Pramga
Kp-EeAlive
X-Cache-Spec
HitType
X-No-Cache
Fastcgi-Cache-TTL
X-RateLimit-Remaining-Second
X-Generated
X-RateLimit-Limit-Second
X-ServiceProvider
X-TrackingId
X-Agile-Brick-Ok
BehaviorPad-Version
X-VC-Cache
X-WA
X-Batcache
X-Tt-Logid
X-LiteSpeed-Tag
X-ElasticPress-Query
Tcn
X-RateLimit-Limit
X-HostName
Source
Cf-Alt-Svc
Req-Svc-Chain
Cf-Device-Type
X-Pf-Uncompressing
X-MiniProfiler-Ids
X-Request-URL
Xet-Cookie
X-Varnish-Beresp-TTL
X-Yottaa-OS
Who
X-PJAX-URL
Dnion-Transfer-Encoding
X-Selected-Scheme
X-Selected-Name
X-Selected-Host-Header
X-App
X-Snapshot-Date
X-Planisys-CDN-Rules
X-B3-Parentspanid
X-Planisys-CDN-TTL
X-Proxy-Cachei7
X-Planisys-CDN-Cache
PICS-Label
X-Dw-Trace-Id
X-BBC-Origin-Response-Status
X-Apw-Access-Action
X-Apw-Access-Token
X-C
Resin-Trace
X-Apw-Hits
Mime-Version
Pragrma
Inserted-Into-Cache-At
Vha6-Origin
X-Apw-Access-Object
X-Vgn-Hpd-Reason