Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
CF-RAY
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-Served-By
X-Xss-Protection
CF-Ray
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
P3p
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
Upgrade
X-CDN
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Template
X-Ws-Request-Id
X-Language
Feature-Policy
X-Age
X-Dns-Prefetch-Control
X-Backend
X-Cache-Group
X-Hacker
X-Server
X-Amz-Request-Id
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
X-UA-Device
EagleId
X-Proxy-Cache
Request-Context
X-Turbo-Charged-By
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Host-Header
Grace
X-Buckets
Report-To
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Cf-Railgun
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
X-Vhost
Cf-Bgj
X-WebKit-CSP
X-Host
X-Dispatcher
X-Backend-Server
NEL
X-Device
X-Node
Surrogate-Control
X-Ruxit-JS-Agent
X-Server-Id
Content-Location
X-Response-Time
X-Cache-Lookup
Request-Id
X-Origin-Cache
Accept-CH-Lifetime
X-Akam-SW-Version
X-Ac
EagleEye-TraceId
Accept-CH
X-ASPNET-VERSION
X-Country
X-HW
Rating
X-Mod-Pagespeed
X-Readtime
X-Cloud-Trace-Context
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Application-Context
Allow
Pinterest-Generated-By
Edge-Control
X-Country-Code
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-TtlSet
X-Vname
X-PC
X-DataDome
X-Url
X-Varnish-TTL
X-Cnection
X-Origin-Upstream-Status
X-MS-InvokeApp
X-GitHub-Request-Id
X-Content-Type
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Content-Source
X-D2id
X-Clacks-Overhead
X-Trace
X-Abt-Application-Version
Response
Display
X-Sol
Pagespeed
X-Middleton-Display
X-Middleton-Response
X-Pinterest-Rid
Pinterest-Version
X-Vcap-Request-Id
X-Px
X-Navigation-Version
X-FTR-Request-ID
X-Rack-Cache
X-Server-Name
Verso
X-ESI
Service-Worker-Allowed
X-DynaTrace
MS-Author-Via
X-Cached
X-B3-TraceId
X-Element-Page-Cache
X-Fastly-Request-ID
X-Client-IP
X-Webkit-CSP
Arr-Disable-Session-Affinity
X-Cache-TTL
X-TTL
X-Dw-Request-Base-Id
X-Powered-By-Plesk
X-CST
X-FastCGI-Cache
Content-MD5
X-Upstream
SPRequestGuid
X-SharePointHealthScore
AR-ATIME
Fastly-Restarts
AR-CACHE
AR-Request-ID
AR-PoweredBy
X-Version
Ar-Sid
X-NF-Request-ID
X-Forwarded-Proto
X-Debug
X-VARITI-CCR
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Goog-Hash
X-T
X-XRDS-Location
Accept-Ch
X-Jurisdiction
Access-Control-Request-Method
X-Powered-CMS
X-MSEdge-Ref
X-Release
TP-Cache
X-Content-Digest
TP-L2-Cache
SPIisLatency
X-Edge
SPRequestDuration
S
X-Amz-Rid
TCN
X-Pinterest-Direct
RTSS
X-Ttl
Cache-Tag
X-NWS-LOG-UUID
Public-Key-Pins
X-Ezoic-Cdn
X-Node-Name
X-Server-ID
Fastcgi-Cache
X-PressLabs-Stats
X-Yandex-Sdch-Disable
X-Request-Processing-Time
X-Request-Received
X-Mid
X-Cache-Key
X-MCACHE
Server-Node
Front-End-Https
X-Accel-Expires
X-Amzn-Trace-Id
X-Recruiting
X-Ser
X-Ratelimit-Remaining
X-Kinsta-Cache
X-Logged-In
X-Request-Handler-Origin-Region
X-Microsite
ServerID
X-Cache-Hit
X-Origin-Server
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Accept-Charset
X-Page-Id
X-Mg-S
Host
X-Amz-Server-Side-Encryption
X-Grace
X-ECACHE
Alternate-Protocol
X-Content-Security-Policy-Report-Only
X-Varnish-Age
X-B
X-DIS-Request-ID
X-Hostname
Nginx-Cache
X-Shield-Request-Id
X-Mobile-URL
Edge-Cache-Tag
Accept-Ch-Lifetime
X-Ratelimit-Limit
X-HP-Webp
X-Forwarded-For
X-FTR-Cache-Status
Realpath
X-FTR-DC
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Expires
X-Hits
X-Content-Options
X-LB-Cache
X-Git-Hash
X-F-Cache
X-Seen-By
X-FireWall-Port
X-Load-Cache
Filterid
X-Az
X-AppVersion
X-Activity-Id
X-Jobs
MicrosoftSharePointTeamServices
X-N
X-App-Environment
X-Request-Guid
X-Type
X-Varnish-Backend
Fastcgi-Useragent
Cache-Tags
Paypal-Debug-Id
X-Rid
X-TEC-API-VERSION
X-TEC-API-ROOT
X-WebKit-CSP-Report-Only
X-TEC-API-ORIGIN
X-Varnish-Grace
X-Upgrade-Enabled
X-Zen-Fury
Cleartype
X-Daa-Tunnel
DynaTrace
X-Cached-By
X-Kong-Proxy-Latency
Access-Control-Allow-Method
X-Proxy
X-Kong-Upstream-Latency
X-FB-Debug
X-Litespeed-Cache
Powered-By-ChinaCache
X-Akamai-Edgescape
X-Cache-Age
X-Amz-Meta-S3cmd-Attrs
X-App-Server
DC
X-Geo-Country
X-Id
X-Respond-Thread
X-Goog-Stored-Content-Length
X-Cache-Rule
X-Goog-Metageneration
X-Cache-Operation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-HS-Content-Id
X-GUploader-UploadID
X-HS-Hub-Id
X-Goog-Generation
X-Host-Name
X-HS-Cache-Config
X-HS-Combine-CSS
X-Content-Powered-By
X-B3-Sampled
X-IPLB-Instance
Content-Disposition
X-User-Agent
X-B-Cache
X-Signature
X-AOL-HN
X-Accel-Buffering
X-Whom
X-Debug-Info
MS-CV
Healthy
X-Response-Served-From
X-Correlation-ID
X-Original-Request-Id
X-Region
X-Wix-Request-Id
AMP-Access-Control-Allow-Source-Origin
X-Frontend
Akamai-Age-Ms
Payment
X-HTML-Minification-Powered-By
X-VCache
X-FW-Static
X-Rule
X-UUID
X-Mobile
X-FW-Server
X-FW-Type
X-FW-Serve
X-Distributor
X-Cacheable-TTL
X-FW-Hash
X-FW-Dynamic
X-Instance
X-Rendered-As
X-Is-Bot
X-Ua
X-Cache-Time
X-Endurance-Cache-Level
Refresh
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Datacenter
X-Amzn-RequestId
Surrogate-Key
X-Amz-Apigw-Id
NGB
Charset
Filters
Countrycode
X-Via-JSL
X-Acc-Debug-Context
X-Protected-By
S-Cnection
Viewport
Liferay-Portal
Arc-Version
X-Backend-Name
PB-RID
PB-PID
X-App-Version
X-Hyper-Cache
Nel
X-XRDS-LOCATION
X-Varnish-Server
X-Cache-Expired-At
X-Ah-Environment
X-Cache-Server
X-Oneagent-Js-Injection
X-Amz-Replication-Status
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
Section-Io-Cache
X-Cache-Action
X-NewRelic-App-Data
Retry-After
X-PHP-Backend
X-Azure-Ref
X-Source
X-Sucuri-ID
Referer-Policy
X-WA-Info
Version
X-EdgeConnect-Cache-Status
GEO-INFO
X-Proxy-Cache-Status
X-Cache-Control
X-Correlation-Id
X-Fastcgi-Cache
Eomportal-Instance
X-Framework
X-Real-IP
X-Environment-Context
X-ProcessESI
X-L-Path
X-RemovedCookies
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Time
Server-Name
X-RN-RSRV
X-Cache-Var-Map
X-Air-Hostname
X-Unique-Id
Meta-Geo
Frame-Options
X-RTag
Ms-Operation-Id
X-ES-SERVER
X-Cache-Var
X-Revision
X-Esi
X-GeoIP
X-From
X-Mode
Powered
X-Cache-TTL-Remaining
X-Xfnlog-Site
X-R9-Blue-Green-Version
X-BYPASS-REASON
X-Cache-Host
X-ProxyCache-Status
X-ProxyCache-Key
X-Time-Microsecs
X-Qloud-Router
X-OCL
X-LJ-Flow-ID
X-PCL
X-AWS-Id
X-PHP-Host
X-Loop
Ec-Rule-Version
X-TNCMS
X-Labrador-Cache-Channel
X-VWS-Id
Cache-Tv-Group
X-FW-Version
DB-Nickname
Uber-Trace-Id
X-Server-W
X-FB-TRIP-ID
X-Human
X-Cluster
X-Hosted-By
Mn-Server-Ip
Cross-Origin-Window-Policy
X-DynaTrace-JS-Agent
X-Drupal-Cache-Contexts
X-Proxy-Build
Property-Id
Selected-Fe
X-Proxied
TWC-Connection-Speed
X-Zipkin-Id
X-Redis-Cache
Webcakes-Region
X-Timing-Wait
TWC-Device-Class
X-Handled-By
X-Routing-Service
X-Site-Version
X-Origin-Hint
X-Amzn-Remapped-Content-Length
X-Debug-Cache
X-Detected-As
X-Hl-Ver
Webcakes-App-Version
X-Locale
Webcakes-App-Name
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-NYM-Debug-Backend
X-Status
TWC-Locale-Group
X-CSRF-Token
TWC-Privacy
X-Proto
X-Via-Fastly
X-Access
X-Be
X-ServerID
X-Format
X-Section
X-Sucuri-Cache
X-Cache-PHP
X-Ratelimit-Reset
X-Generated-By
X-BCube-Filmed-By
X-Device-Type
X-Hp-Webp
X-No-Session
X-Contextid
X-ATG-Version
X-Drupal-Cache-Tags
FSS-Cache
Cache
X-CDN-Forward
X-SaId
X-JoinUs
From-Origin
X-FTR-Cache-Host
X-Varnish-Cache-Hits
Webserver
CACHE
X-Adobe-Content
X-Adobe-Loc
X-NCache
X-NC
CF-Cached-On
X-URL
X-Origin
OT-Force-Account-Verify
X-NWS-UUID-VERIFY
X-AIR-PT
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Storage-Class
X-TT
X-GoCache-CacheStatus
Azure-RegionName
X-TA-CDN-Provider
Azure-InstanceId
Azure-SlotName
X-Tt-Trace-Host
X-Tt-Trace-Tag
Azure-Version
Azure-SiteName
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Akamai-Transformed
X-IPS-LoggedIn
X-IP
X-APP-VERSION
X-Cache-Enabled
X-EC-Lua
X-EIG-Tracking-Id
SD-X-WS
X-CCM
Access-Control-Request-Headers
X-Bc-Bl
X-Adobe-Source
X-Cache-2
X-Backend-Host
Upgrade-Insecure-Requests
X-TIME
X-Alternate-Cache-Key
X-Shopify-Stage
X-Storefront-Renderer-Rendered
X-Flags
X-Sorting-Hat-ShopId
X-Aspnet-Duration-Ms
X-Route-Name
X-Sorting-Hat-PodId
X-ShardId
X-ShopId
X-Providence-Cookie
X-Is-Crawler
X-ECache
X-Cache-Grace
X-Tumblr-Pixel-3
X-Forwarded-Host
X-Backend-TTL
X-ApacheServer
X-PERF
Node
X-Pubstack
X-Cache-Backend
X-Soup
X-Varnishpool
X-Web-Node
X-B3-Traceid
X-Say-Cacheable
X-Say-TTL
X-Ruxit-Js-Agent
Fastly-SSL
Cache-Status
X-Storage
Decoy-Debug-Key
Decoy-Debug-Status
X-Pinterest-Sli-Endpoint-Name
Decoy-Debug-TTL
X-SayCDN-TTL
X-Viewer-Country
X-Pinterest-Sli-Latency-Threshold
X-Pinterest-Sli-Response-Type
X-Cluster-Name
X-CF-Lambda-Fn
X-Destination
X-A-Dam
X-A-Ccd
X-Application
X-A-Dcw
X-Rojux
X-Vtex-Remote-Cache
X-CF-Lambda-Version
Machine
X-Worker
X-ARC
X-A
X-Cache-NE
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Rewrite-Enabled
Host-ID
X-G
X-RCS-CacheZone
Rendered-Blocks
X-External-Request-Id
Apple-News-Services-Handled
Xc-Version
X-D
X-Aed
Meta-Geo-Continent
X-Connection-Hash
Mobile-Detection-Method
Fastcgi-X-Cache-Version
X-Twitter-Response-Tags
X-Trv-Group
MD5-Digest
X-B-Cookie
X-PAYTM-SRV-ID
X-A-Wwc
X-Transaction
X-ScT
X-A-Dgt
X-VG-WebCache
X-Processor
X-S
X-VG-WebServer
X-PBS-Appsvrname
X-Vdms-Version
X-Vdms-Path
X-Request-UUID
DCR-Processing-Time-Ms
X-S-Cookie
DCR-Decision-By
X-Vtex-Processado-Em
X-LAGOON
X-Cache-Config
X-TX-ID
X-Vgn-Hpd-Cached
X-Cdn
X-Vgn-Hpd-Variations-Key
Fastly-SWR
X-Servername
Country
Fastly-SIE
CDN-Uid
CDN-RequestId
CloudFront-Viewer-Country
X-Ms-Version
Platform
X-Ms-Request-Id
X-Generation-Time
CDN-RequestCountryCode
X-Micro-Cache
X-WADP-Cache
X-Cache-Bucket
X-Fmm-Version
X-Fastly-Cache
CDN-Cache
X-Rebelmouse-Cache-Control
Is-Eu
X-Rebelmouse-Surrogate-Control
CDN-CachedAt
CDN-EdgeStorageId
X-VG-TLSProxy
X-DPWN-IS-SECURE
CDN-PullZone
X-Envoy-Decorator-Operation
X-Variation
Adler-Geo
X-Clara-WADP
X-Varnish-Beresp-Grace
X-UPSTREAM-Address
X-Varnish-Beresp-Ttl
Backend
X-Varnish-Beresp-Status
Surrogated-Key
Wxu-Next-Commit
X-Accel-Expires-Debug
Wxu-Next-Hostname
Wxu-Next-Region
NM-Fastcgi-Cache
Rt-Fastcgi-Cache
Origin
Country-Code
Akamai-GRN
X-Bip
X-Cache-Id
C-Via
X-Cache-NGX
X-Backend-State
X-Clientip
Gh-Request-Id
X-Auto-Login
X-Cms-Context
Fastly-Drupal-HTML
L
X-Hash
X-Li-Fabric
X-Li-Pop
X-LI-UUID
X-Method
X-Skip-Cache
X-Slack-Backend
X-HS-Content-Campaign-Id
X-Irp-Debug
X-SN
X-Microcachable
X-Minions-Version
X-Owner
X-Platform
X-Policy
X-Render-Time
X-OVcl-Cache
X-OVcl
X-Request-Start
X-Old-Content-Length
X-Request-Host
X-Varnish-Cacheable
X-Thanos
X-Dispatcher-Server
X-Platform-Server
X-Wikidot-Static-Cache
X-Date
X-CUA
X-Core-Mission
X-Core-Value
X-Wikidot-Backend
X-Esi-Check
X-Gzip
X-Webstats-RespID
X-Fastly-Backend
X-UA
X-CS
Time
X-NGENIX-Cache
X-Amz-Meta-Cb-Modifiedtime
X-Req
X-Reqid
X-Up
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-VarnishDD-TTL
L5d-Success-Class
X-DefElseHash
X-DefHash
PFcat
X-Varnish-CookieINHashed-On
X-Mvc-Supplant-Cachable
X-Gamma-Serve
X-Generated-On
HA-Ipaddr
CacheControlHeader
X-Cache-Tags
X-Eu-Site
X-Csrf-Jwt
X-CGP
X-Developers
AKAMAI
X-HN
X-Has-Esi
X-Level-Front-Cache
X-Is-Gdpr
X-Content-Age
X-JWT-State
Fastly-Backend-Name
Ha-Gx-Prefs
X-Cache-Date
X-Varnish-Ttl
Now
X-DC
X-Cdn-Srv
X-Aicache-OS
We-Hiring
X-Geo-Header
X-Wa
X-Location
X-Edge-Location
X-Cache-URL
Mail-Subject
Memcached
Group
UCS
Pagetype
Ufe-Result
X-CACHE-AGE
X-Proxy-Upstream
X-Refresh
X-Page-View
X-Cache-Debug
FSS-Proxy
X-Branch-Name
X-LB-ID
X-Session-Fingerprint
X-B3-Spanid
X-Via-Poph
X-Via-Popn
X-NODE
X-GEO
SRV
X-Agile-Age
X-PF-Uncompressing
X-Agile
X-Agile-Id
X-SERVER-NAME
X-Ftr-Cache-Host
X-BC
X-ZONE
X-Servedbyhost
X-RateLimit-Remaining
HostName
NGX
X-LI-Proto
X-Mvc-Supplant-OutputCached
X-Debug-Cache-Fetch
M-TraceId
X-Nginx-Cache
X-Debug-Cache-Store
Hostname
X-Via-CDN
Xserver
X-Datadome
X-Ua-Device
X-Dc
X-Instart-Request-ID
X-Request-Time
X-Varnish-Hostname
X-Check-Cacheable
Arc-Country
X-ID
X-SERVER
X-Sql-Duration-Ms
X-Sql-Count
X-Cdn-Forward
X-LLID
X-VCL-Version
X-SRV
Viewtype
X-FPC
X-NU-AKA-ACS-Version
VivaBuild
X-Edge-Server
Cdn-Request-Time
Cdn-Host
WebServer
X-Dynatrace-Js-Agent
X-RunCloud-Cache
X-Zone
X-Bc
X-LiteSpeed-Cache-Control
X-Via-Ucdn
X-Cache-Remote
X-Cluster-Node
Srv
X-COUNTRY
X-Action
X-CF-Powered-By
X-APP
X-Www-Served-By
X-Via-Popv
Memory
X-Via-SSL
X-Via-Edge
Edge-Copy-Time
SID
X-UnsetCookies
X-FORWARDED-FOR
WWW-Authenticate
Cache-Hits
X-Vgn-Hpd-Ssi
ServedBy
X-DW
ProcessTime
X-Svr
On-Server
X-HS-Status
X-RSL
X-DI
X-DSS
X-RPM
X-DB
X-RPS
X-MP-GENERATED-AT
X-Cs
NtCoent-Length
X-S-Maxage
X-NGINX-Cache
X-Presslabs-Stats
GeoIp-Country-Code
X-Oss-Cdn-Auth
Geoip-Latitude
X-CSRF-TOKEN
XServer
Actual-Object-TTL
X-ORACLE-APMCS-REQUEST-ID
X-Srv
Apigw-Requestid
X-Vcache
X-Geo
Server-Info
GeoIP-Latitude
GeoIP-Country-Code
X-We-Are-Hiring
T-Server
X-Unique-ID
X-Pass-Why
Ohc-File-Size
X-Hit
Geo-Info
User-Agent
X-MSEdge-Flight
X-MSEdge-Features
W
Processtime
Sid
X-Akamai-Request-ID2
Amp-Access-Control-Allow-Source-Origin
LB
X-Erf-Stays-Bingo-Pdp-Web
Server-Host
X-Tb
S-Rt
N-Cache
CF-IPCountry
X-Epic-Correlation-Id
Pics-Label
X-Varnish-Hits
X-HOST
Protected
Cdn
WZWS-RAY
X-Envoy-Upstream-Healthchecked-Cluster
X-SB
Magicmarker
X-VC
X-HITS
X-FC-Vary-Parameters
X-Fpc
X-Cache-Hfrom
X-Cache-Hm
Accept-Language
X-Info
X-Vcl-Version
X-Pjax-Url
X-Mobile-Rewrite
X-Erf-Bev-Bev-Is-Generated
X-Uri
X-Erf-Bev-Bev
X-Nc
Ohc-Cache-HIT
X-Webkit-CSP-Report-Only
X-Newrelic-Synthetics
X-Key
Cteonnt-Length
X-Acc-Rdl
CDN
A
X-Fastly-Country-Code
Esi-Enabled
X-CACHE-KEY
Tracecode
X-TT-LOGID
User-Cache-Control
Lb
Origin-Cache-Control
Origin-Edge-Control
X-Newrelic-App-Data
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
DSUID
Section-Origin-Responded
Odigeo-Trace-Id
X-Provided-By
Ssr
X-Via-NSCOPI
Proxy-Firewall
X-UA-Device-Type
X-Instart-Info
X-Amzn-Remapped-Date
X-Dispatch
X-Amzn-Remapped-Connection
Cache-Name
X-B3-SpanId
Powered-By
X-Li-Proto
Lfy
X-Magnolia-Registration
X-Origin-Date
X-Geo-Region
X-ServedByHost
X-StackifyID
X-Dynatrace
X-SVT-ORM-RULES
X-User
X-SVT-ORM-VERSION
X-TH-Server
X-SIPLIST1
Server-ID
X-Contensis-Viewer-Groups
Release
X-Developer
X-SRCache-Key
X-BBC-Edge-Cache-Status
Vix-Hermes-Req-Id
Web-Mar-Node
X-Scheme
X-Men
CDCHOST
FNAC-ModuleRouting
Locid
V-Age
IsBot
Instruction
X-Cc-Via
X-Cc-Req-Id
X-Block-Status
X-Cache-ASPX
X-Cache-Expires
X-Cache-Info
X-BBXSRF
X-Traceid
X-API-Version
Path
D-Cc-Upstream
True-Client-Country-4JS
X-Sigma
X-Response-By
X-Varnish-Url
X-Nyt-Route
Server-Hostname
Sever-Int
X-Nginx-Cache-Key
X-RAMCache
X-Node-Id
X-Origin-CC
X-Origin-Expires
HitType
X-Request-URI
X-Thinkindot-L3
MIME-Version
X-Origin-TTL
X-Origin-Time
Thinkindot-CacheControl
X-Varnish-Authentication
Thinkindot-Control
X-Matched-Rule
Server-Ext
X-Sigma-Backend
Thinkindot-CacheControl-Type
Server-Ttl
X-Served-From
SR-User-Adfree
X-Gdpr
X-Gen-Mode
X-Loc
X-VServer
X-Rocket-Build-Number
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hnp-Log
X-SD-PageType
X-Server-IP
X-GeoIP-City
Cache-Key
X-Akamai-Pragma-Client-IP
X-Cache-Tag
X-Parent-Response-Time
X-Sn-Servicetimems
X-Swa-Ws
X-Trace-Id
X-Var-Ttl
X-NodeID
X-Generated-In
X-Cdn-Origin
X-Device-Os
X-Fetched-On
X-Azure-Ref-OriginShield
X-Via-PopN
BehaviorPad-Version
X-Via-PopV
X-Generated
Cache-Provider
X-TrackingId
X-Lb-Id
Fastcgi-Cache-TTL
Kp-EeAlive
Pramga
X-Cache-Spec
Cache-Host
X-Via-PopH
CountryCode
X-No-Cache
X-RateLimit-Remaining-Second
X-App
X-ElasticPress-Query
Xet-Cookie
X-VC-Cache
Req-Svc-Chain
X-LiteSpeed-Tag
X-RateLimit-Limit-Second
X-Tt-Logid
X-Agile-Brick-Ok
X-Batcache
X-ServiceProvider
X-Pf-Uncompressing
X-WA
Tcn
Dnion-Transfer-Encoding
Cf-Device-Type
X-B3-Parentspanid
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-HostName
X-Planisys-CDN-TTL
X-RateLimit-Limit
Cf-Alt-Svc
X-PJAX-URL
Who
Inserted-Into-Cache-At
X-Yottaa-OS
X-Varnish-Beresp-TTL
X-Selected-Name
X-Path-Route
X-Selected-Scheme
X-Selected-Host-Header
X-Snapshot-Date
X-Apw-Access-Token
Source
X-Apw-Hits
X-Apw-Access-Object
X-Request-URL
X-BBC-Origin-Response-Status
PICS-Label
X-Dw-Trace-Id
Resin-Trace
Vha6-Origin
X-Proxy-Cachei7
X-MiniProfiler-Ids
Mime-Version
X-Vgn-Hpd-Reason
Pragrma
X-C
X-Apw-Access-Action