Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
CF-RAY
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
X-Xss-Protection
Alt-Svc
X-Served-By
CF-Ray
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
P3p
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Dns-Prefetch-Control
X-Template
X-Language
X-Backend
X-Cache-Group
X-Hacker
X-Amz-Request-Id
X-Server
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
X-UA-Device
EagleId
X-Proxy-Cache
Request-Context
X-Turbo-Charged-By
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Grace
Host-Header
Report-To
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Buckets
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-Vhost
X-Host
X-WebKit-CSP
X-Backend-Server
NEL
X-Dispatcher
X-Device
X-Server-Id
X-Node
Surrogate-Control
X-Ruxit-JS-Agent
Content-Location
Request-Id
X-Response-Time
Accept-CH-Lifetime
X-Cache-Lookup
X-Akam-SW-Version
X-Origin-Cache
EagleEye-TraceId
Accept-CH
X-Ac
Cf-Bgj
X-ASPNET-VERSION
X-Readtime
Rating
X-HW
X-Mod-Pagespeed
Allow
X-Country
X-Cloud-Trace-Context
X-Application-Context
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Edge-Control
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DataDome
X-Country-Code
X-PC
X-TtlSet
X-Vname
X-Cnection
X-Varnish-TTL
X-MS-InvokeApp
X-Content-Type
X-Origin-Upstream-Status
X-GitHub-Request-Id
X-Url
X-Clacks-Overhead
X-D2id
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Component-Id
X-Trace
Display
X-Middleton-Response
Response
X-Sol
X-Middleton-Display
Pagespeed
Pinterest-Version
X-Pinterest-Rid
X-Server-Name
X-Abt-Application-Version
X-Webkit-CSP
X-Vcap-Request-Id
X-B3-TraceId
X-Px
X-CST
X-Rack-Cache
X-Navigation-Version
MS-Author-Via
Verso
Service-Worker-Allowed
X-DynaTrace
X-FTR-Request-ID
X-FastCGI-Cache
X-Cached
X-Fastly-Request-ID
X-Element-Page-Cache
X-Client-IP
X-ESI
Arr-Disable-Session-Affinity
X-TTL
X-Cache-TTL
X-Dw-Request-Base-Id
X-Powered-By-Plesk
SPRequestGuid
X-SharePointHealthScore
X-Upstream
X-VARITI-CCR
Fastly-Restarts
X-GoogleNews-Bot
X-Goog-Hash
X-Exp-Id
X-Kinja
X-Cdn-Fetch
X-Exp-Variant
AR-PoweredBy
AR-Request-ID
X-NF-Request-ID
AR-CACHE
AR-ATIME
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
Ar-Sid
Content-MD5
X-Debug
X-Version
X-Forwarded-Proto
X-MSEdge-Ref
X-T
X-Powered-CMS
X-XRDS-Location
Access-Control-Request-Method
X-Jurisdiction
X-Pinterest-Direct
SPRequestDuration
SPIisLatency
X-Release
X-Amz-Rid
S
X-Content-Digest
X-Edge
Accept-Ch
TP-L2-Cache
TP-Cache
TCN
RTSS
Cache-Tag
X-Ttl
Public-Key-Pins
X-Ezoic-Cdn
X-Litespeed-Cache
X-Node-Name
X-Cache-Key
X-Yandex-Sdch-Disable
X-MCACHE
X-Mid
Fastcgi-Cache
X-Request-Received
X-Request-Processing-Time
Server-Node
Front-End-Https
X-NWS-LOG-UUID
X-Accel-Expires
X-Amzn-Trace-Id
X-PressLabs-Stats
X-Recruiting
X-Ser
X-Kinsta-Cache
X-Mg-S
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Request-Handler-Origin-Region
X-Microsite
X-Amz-Server-Side-Encryption
X-Logged-In
ServerID
X-Origin-Server
X-Grace
X-Ratelimit-Remaining
Accept-Charset
X-Cache-Hit
X-Page-Id
X-HP-Webp
X-Varnish-Age
Host
X-DIS-Request-ID
X-Content-Security-Policy-Report-Only
X-ECACHE
Nginx-Cache
X-B
Edge-Cache-Tag
X-Shield-Request-Id
X-Hostname
MicrosoftSharePointTeamServices
X-Mobile-URL
Alternate-Protocol
X-Hits
X-Server-ID
X-Ratelimit-Limit
Realpath
X-F-Cache
X-LB-Cache
X-Content-Options
X-Git-Hash
X-AppVersion
X-Activity-Id
X-Az
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Backend
X-FTR-DC
Cache-Tags
X-FTR-Realm
X-Country-Code-Real
X-FTR-Cache-Status
X-N
X-FTR-Expires
X-Load-Cache
X-Seen-By
Accept-Ch-Lifetime
X-Type
Paypal-Debug-Id
X-App-Environment
X-Jobs
X-Correlation-ID
X-Request-Guid
X-Cache-Age
DynaTrace
X-Varnish-Backend
X-Rid
Cleartype
X-Cached-By
Powered-By-ChinaCache
X-FireWall-Port
X-Forwarded-For
Fastcgi-Useragent
X-Kong-Proxy-Latency
X-Upgrade-Enabled
X-Kong-Upstream-Latency
Filterid
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Access-Control-Allow-Method
X-Amz-Meta-S3cmd-Attrs
X-Proxy
X-Respond-Thread
X-Zen-Fury
X-Varnish-Grace
X-WebKit-CSP-Report-Only
X-Akamai-Edgescape
X-FB-Debug
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Daa-Tunnel
X-Goog-Generation
X-Goog-Metageneration
X-GUploader-UploadID
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-B3-Sampled
X-App-Server
DC
X-IPLB-Instance
X-Signature
X-Id
X-B-Cache
X-Host-Name
X-Cache-Operation
X-AOL-HN
X-Debug-Info
X-Cache-Rule
X-Geo-Country
X-User-Agent
X-Whom
X-Region
MS-CV
Healthy
X-Original-Request-Id
X-Mobile
Charset
X-Response-Served-From
X-Accel-Buffering
X-Content-Powered-By
AMP-Access-Control-Allow-Source-Origin
X-Frontend
X-VCache
Payment
Filters
X-HTML-Minification-Powered-By
Content-Disposition
X-Instance
X-FW-Serve
X-FW-Server
X-Cache-Time
X-FW-Static
X-FW-Dynamic
X-FW-Hash
X-Cacheable-TTL
X-Rule
X-UUID
X-Distributor
X-FW-Type
X-Tumblr-Pixel-0
X-Tumblr-User
X-Wix-Request-Id
X-Tumblr-Pixel
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
Refresh
Surrogate-Key
Liferay-Portal
X-Is-Bot
X-Rendered-As
Viewport
X-Acc-Debug-Context
X-Protected-By
Akamai-Age-Ms
X-Via-JSL
X-Amzn-RequestId
S-Cnection
X-Amz-Apigw-Id
X-Ua
X-Endurance-Cache-Level
Datacenter
X-App-Version
X-Backend-Name
X-Amz-Replication-Status
X-Hyper-Cache
X-Cache-Expired-At
GEO-INFO
Arc-Version
PB-PID
PB-RID
X-Esi
Nel
X-XRDS-LOCATION
NGB
Section-Io-Cache
X-URL
X-Cache-Server
X-Cache-Action
Countrycode
Version
X-Ah-Environment
X-Sucuri-ID
X-Tec-Api-Root
X-Oneagent-Js-Injection
Retry-After
X-Tec-Api-Origin
X-Varnish-Server
X-Tec-Api-Version
X-Source
X-EdgeConnect-Cache-Status
Referer-Policy
X-Air-Hostname
Server-Name
Eomportal-Instance
X-L-Path
X-Real-IP
X-ProcessESI
X-Framework
X-Unique-Id
X-RemovedCookies
X-Environment-Context
X-Azure-Ref
X-Yottaa-Optimizations
Frame-Options
X-Cache-Control
X-Revision
X-WA-Info
X-Yottaa-Metrics
X-Proxy-Cache-Status
Ms-Operation-Id
X-RTag
X-GeoIP
X-Cache-Var-Map
Meta-Geo
X-ES-SERVER
X-RN-RSRV
X-PHP-Backend
X-Cache-Var
X-NewRelic-App-Data
X-Drupal-Cache-Contexts
X-Mode
X-From
X-Sucuri-Cache
X-ProxyCache-Key
Cache-Tv-Group
X-Qloud-Router
X-ProxyCache-Status
X-R9-Blue-Green-Version
X-Time-Microsecs
X-Cache-Host
DB-Nickname
X-DynaTrace-JS-Agent
X-Xfnlog-Site
X-Cache-TTL-Remaining
X-BYPASS-REASON
Cross-Origin-Window-Policy
X-FW-Version
X-Handled-By
X-Server-W
X-Hosted-By
Mn-Server-Ip
X-LJ-Flow-ID
X-AWS-Id
X-Loop
TWC-GeoIP-Country
TWC-Device-Class
X-Human
X-Amzn-Remapped-Content-Length
Webcakes-App-Name
TWC-Privacy
Webcakes-App-Version
Webcakes-Region
TWC-GeoIP-LatLong
X-VWS-Id
TWC-Connection-Speed
Property-Id
X-PCL
TWC-Locale-Group
X-PHP-Host
X-Status
X-Labrador-Cache-Channel
X-Origin-Hint
X-TNCMS
X-Cluster
X-NYM-Debug-Backend
X-OCL
Ec-Rule-Version
X-Redis-Cache
X-Format
X-Routing-Service
X-Section
X-Proxy-Build
X-Proxied
X-Locale
X-Proto
X-FB-TRIP-ID
X-ServerID
X-Hl-Ver
X-Access
Selected-Fe
X-Zipkin-Id
X-Detected-As
X-Site-Version
X-Timing-Wait
X-Drupal-Cache-Tags
X-Be
X-Via-Fastly
Uber-Trace-Id
X-No-Session
CACHE
X-Contextid
X-CDN-Forward
X-Debug-Cache
X-Pinterest-Sli-Endpoint-Name
X-Pinterest-Sli-Latency-Threshold
X-Pinterest-Sli-Response-Type
X-Cache-PHP
X-Device-Type
Webserver
X-Generated-By
X-ATG-Version
X-BCube-Filmed-By
X-Ratelimit-Reset
Cache
FSS-Cache
X-Time
Powered
X-Adobe-Loc
X-Adobe-Content
X-Varnish-Cache-Hits
X-CSRF-Token
From-Origin
X-AIR-PT
X-NC
X-FTR-Cache-Host
X-Fastcgi-Cache
X-SaId
X-JoinUs
Azure-SlotName
X-NCache
VIX-Pulpo-Node
Azure-SiteName
Azure-Version
Azure-RegionName
X-TIME
VIX-Pulpo-Upstream-Status
CF-Cached-On
Azure-InstanceId
X-TT
OT-Force-Account-Verify
X-Aspnet-Duration-Ms
X-Oss-Request-Id
X-Origin
X-Flags
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Server-Time
X-Tt-Trace-Tag
X-Is-Crawler
X-Oss-Storage-Class
X-Route-Name
X-Providence-Cookie
X-Tt-Trace-Host
X-Correlation-Id
X-GoCache-CacheStatus
Access-Control-Request-Headers
Upgrade-Insecure-Requests
X-Akamai-Transformed
X-COUNTRY
X-Hp-Webp
X-Cache-2
SD-X-WS
X-NWS-UUID-VERIFY
X-CCM
X-Adobe-Source
X-Backend-Host
X-IP
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShopId
X-IPS-LoggedIn
X-ShardId
X-LAGOON
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-Soup
X-Pubstack
X-Cache-Grace
X-Forwarded-Host
X-PERF
X-Cache-Enabled
X-ApacheServer
X-Backend-TTL
X-TA-CDN-Provider
X-Web-Node
X-Varnishpool
Fastly-SSL
X-Cluster-Name
Decoy-Debug-Status
X-SayCDN-TTL
X-Say-Cacheable
X-Say-TTL
X-UPSTREAM-Address
X-EC-Lua
Cache-Status
Decoy-Debug-TTL
X-Storage
Decoy-Debug-Key
Country
Node
X-Tumblr-Pixel-3
X-APP-VERSION
X-ECache
X-TX-ID
X-Ruxit-Js-Agent
X-Bc-Bl
X-Viewer-Country
X-G
X-S-Cookie
X-ScT
X-Aed
X-A-Dam
X-A-Ccd
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-Application
X-B-Cookie
X-Rewrite-Enabled
X-Connection-Hash
X-Request-UUID
X-EIG-Tracking-Id
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Trv-Group
X-S
X-Cache-NE
X-Rojux
X-ARC
X-VG-WebCache
Apple-News-Services-Handled
Host-ID
Machine
MD5-Digest
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
DCR-Decision-By
DCR-Processing-Time-Ms
Fastcgi-X-Cache-Version
Apple-News-Services-Request-Url
Meta-Geo-Continent
Mobile-Detection-Method
X-VG-WebServer
X-D
X-Vdms-Version
X-A
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Rendered-Blocks
Xc-Version
X-Worker
X-Vdms-Path
X-Cache-Backend
X-External-Request-Id
X-RCS-CacheZone
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-Destination
X-Processor
X-Cdn
X-Cache-Config
Platform
X-VG-TLSProxy
X-Page-View
X-WADP-Cache
X-CUA
X-Platform-Server
X-Varnish-Remaining-TTL
X-Twitter-Response-Tags
X-Transaction
X-Variation
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
Adler-Geo
Is-Eu
CDN-EdgeStorageId
CDN-CachedAt
CDN-PullZone
CDN-RequestCountryCode
CDN-Uid
CDN-RequestId
CDN-Cache
X-Ms-Version
Gh-Request-Id
X-Micro-Cache
X-Ms-Request-Id
Fastly-SWR
Fastly-SIE
X-Generation-Time
CloudFront-Viewer-Country
X-Rebelmouse-Cache-Control
X-DPWN-IS-SECURE
X-Servername
X-Varnish-Beresp-Grace
X-Envoy-Decorator-Operation
X-DefElseHash
X-Cache-Bucket
X-Rebelmouse-Surrogate-Control
X-Auto-Login
X-Fastly-Cache
X-Clara-WADP
X-Cms-Context
X-Varnish-Beresp-Status
X-DefHash
X-Fmm-Version
X-Varnish-Beresp-Ttl
Backend
X-Render-Time
X-Li-Fabric
X-Bip
X-Backend-State
X-Method
L
X-LI-UUID
X-Li-Pop
Fastly-Backend-Name
X-Clientip
X-Old-Content-Length
X-OVcl
X-Developers
Country-Code
X-Dispatcher-Server
X-Request-Host
X-Owner
X-Cache-Id
X-Esi-Check
Fastly-Drupal-HTML
X-Minions-Version
X-Is-Gdpr
X-Microcachable
X-Hash
X-Request-Start
X-Core-Mission
X-HS-Content-Campaign-Id
X-OVcl-Cache
X-Skip-Cache
X-Slack-Backend
X-Thanos
X-Gzip
X-Has-Esi
X-SN
X-Varnish-Cacheable
X-Policy
X-Fastly-Backend
X-Platform
X-Irp-Debug
Rt-Fastcgi-Cache
Origin
X-JWT-State
Wxu-Next-Commit
Wxu-Next-Hostname
X-Wikidot-Backend
X-Webstats-RespID
X-Wikidot-Static-Cache
X-Core-Value
Wxu-Next-Region
NM-Fastcgi-Cache
X-Cache-NGX
C-Via
Akamai-GRN
AKAMAI
CacheControlHeader
X-CS
X-UA
X-LLID
X-CGP
X-Reqid
X-Generated-On
X-Amz-Meta-Cb-Modifiedtime
X-Cache-Date
X-Gamma-Serve
PFcat
X-Mvc-Supplant-Cachable
X-Cache-Tags
X-Varnish-Ttl
L5d-Success-Class
X-Branch-Name
X-Geo-Header
X-Session-Fingerprint
X-Location
X-VarnishDD-TTL
X-Cache-Debug
X-Eu-Site
SRV
X-HN
X-Level-Front-Cache
X-Content-Age
X-Csrf-Jwt
HA-Ipaddr
Ha-Gx-Prefs
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
Surrogated-Key
UCS
X-Accel-Expires-Debug
X-GEO
X-Wa
X-Date
Pagetype
X-DC
X-NGENIX-Cache
X-LB-ID
FSS-Proxy
X-Req
X-Refresh
X-Edge-Location
X-B3-Spanid
X-Via-CDN
X-Up
Time
X-Via-Popn
Memcached
X-Via-Poph
X-PF-Uncompressing
X-Cdn-Srv
X-Cache-URL
Mail-Subject
We-Hiring
Now
Ufe-Result
Group
X-FORWARDED-FOR
X-NODE
X-ID
X-Proxy-Upstream
X-Mvc-Supplant-OutputCached
X-Aicache-OS
Hostname
X-LI-Proto
NGX
X-Nginx-Cache
X-Ftr-Cache-Host
X-Servedbyhost
X-RateLimit-Remaining
X-Presslabs-Stats
X-B3-Traceid
X-Sql-Duration-Ms
X-Sql-Count
X-Dc
X-ZONE
X-Cache-Remote
X-Debug-Cache-Store
HostName
X-Agile-Id
X-Debug-Cache-Fetch
X-Cache-Spec
X-BC
X-Agile-Age
X-Agile
X-Datadome
X-NU-AKA-ACS-Version
X-Varnish-Hostname
X-Ua-Device
X-CACHE-AGE
X-Check-Cacheable
X-FPC
X-Request-Time
X-SRV
M-TraceId
X-Www-Served-By
X-SERVER
Xserver
XServer
X-S-Maxage
Edge-Copy-Time
Cache-Hits
X-Via-SSL
X-Via-Edge
X-VCL-Version
X-CSRF-TOKEN
X-LiteSpeed-Cache-Control
X-SERVER-NAME
X-Erf-Stays-Bingo-Pdp-Web
ServedBy
X-Cdn-Forward
Arc-Country
X-Cluster-Node
On-Server
X-Svr
SID
GeoIp-Country-Code
Cdn-Host
X-MP-GENERATED-AT
Geoip-Latitude
WebServer
X-APP
X-Via-Popv
X-CF-Powered-By
Viewtype
X-Srv
Cdn-Request-Time
VivaBuild
X-Bc
X-Edge-Server
X-Zone
NtCoent-Length
X-UnsetCookies
Protected
X-Cs
X-RunCloud-Cache
X-Via-Ucdn
X-Action
ProcessTime
X-Pass-Why
X-Dynatrace-Js-Agent
X-HS-Status
T-Server
Srv
Ohc-File-Size
X-NGINX-Cache
WWW-Authenticate
Apigw-Requestid
X-RPS
X-DB
X-DI
X-RSL
X-RPM
X-DW
X-DSS
Memory
X-Oss-Cdn-Auth
Server-Host
X-Vgn-Hpd-Ssi
N-Cache
Pics-Label
X-We-Are-Hiring
X-Acc-Rdl
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
User-Agent
Server-Info
X-Varnish-Hits
X-Uri
X-SB
X-VC
WZWS-RAY
X-MSEdge-Features
Magicmarker
X-MSEdge-Flight
Processtime
X-Instart-Request-ID
W
Sid
LB
X-Geo
Amp-Access-Control-Allow-Source-Origin
X-Webkit-CSP-Report-Only
GeoIP-Country-Code
X-Unique-ID
GeoIP-Latitude
CF-IPCountry
X-Tb
S-Rt
X-Info
Ohc-Cache-HIT
X-Vcache
X-HOST
X-Hit
X-Newrelic-App-Data
X-TT-LOGID
CDN
X-Vcl-Version
Cteonnt-Length
X-Akamai-Request-ID2
Section-Origin-Responded
Actual-Object-TTL
X-ORACLE-APMCS-REQUEST-ID
X-Newrelic-Synthetics
X-HITS
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
DSUID
Section-Io-Id
Odigeo-Trace-Id
X-Envoy-Upstream-Healthchecked-Cluster
X-Cache-Hfrom
X-Epic-Correlation-Id
User-Cache-Control
X-Cache-Hm
Geo-Info
Tracecode
Cache-Name
X-UA-Device-Type
X-Pjax-Url
Ssr
X-Origin-Date
A
X-Fastly-Country-Code
X-Fpc
X-FC-Vary-Parameters
Accept-Language
X-CACHE-KEY
X-Nc
Esi-Enabled
Cdn
X-Magnolia-Registration
Lfy
Lb
X-Provided-By
X-Mobile-Rewrite
CountryCode
Locid
Path
X-BBC-Edge-Cache-Status
MIME-Version
Release
D-Cc-Upstream
X-API-Version
Server-Ext
Server-ID
X-Scheme
X-Cc-Via
IsBot
Sever-Int
SR-User-Adfree
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
X-BBXSRF
Vix-Hermes-Req-Id
Instruction
CDCHOST
V-Age
Server-Hostname
True-Client-Country-4JS
X-Cc-Req-Id
Web-Mar-Node
X-Origin-TTL
FNAC-ModuleRouting
X-Request-URI
X-Response-By
X-SD-PageType
X-Origin-Time
X-Origin-Expires
X-Amzn-Remapped-Connection
X-Block-Status
X-Origin-CC
X-Server-IP
X-SIPLIST1
X-User
X-Varnish-Authentication
X-Varnish-Url
X-VServer
X-Key
X-Thinkindot-L3
X-SRCache-Key
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Amzn-Remapped-Date
X-Nyt-Route
X-Node-Id
X-Gdpr
X-Via-NSCOPI
X-Developer
X-Contensis-Viewer-Groups
X-Cache-Info
X-Cache-Expires
X-Gen-Mode
X-Loc
X-Matched-Rule
X-Nginx-Cache-Key
X-Cache-ASPX
X-GeoIP-City
X-Hnp-Log
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Traceid
X-Cdn-Origin
X-Azure-Ref-OriginShield
X-Var-Ttl
Kp-EeAlive
X-Device-Os
X-Generated-In
X-NodeID
X-Fetched-On
X-Sn-Servicetimems
X-Swa-Ws
Pramga
X-Trace-Id
X-Li-Proto
X-StackifyID
X-Men
X-ServedByHost
Cache-Host
X-B3-SpanId
X-Cache-Tag
X-Dynatrace
X-Instart-Info
X-Geo-Region
X-Served-From
Server-Ttl
X-Akamai-Pragma-Client-IP
Cache-Key
X-Sigma-Backend
X-TH-Server
X-Sigma
X-Rocket-Build-Number
Proxy-Firewall
Origin-Edge-Control
X-Dispatch
Origin-Cache-Control
X-Via-PopN
X-Via-PopV
X-Parent-Response-Time
Powered-By
X-RAMCache
X-Via-PopH
X-Lb-Id
Cache-Provider
Cf-Device-Type
Source
X-No-Cache
X-RateLimit-Limit-Second
X-VC-Cache
X-Apw-Access-Token
X-RateLimit-Remaining-Second
HitType
X-ServiceProvider
X-Agile-Brick-Ok
X-LiteSpeed-Tag
X-Tt-Logid
X-Apw-Access-Action
X-Apw-Hits
X-Apw-Access-Object
X-Batcache
X-ElasticPress-Query
X-WA
Fastcgi-Cache-TTL
Tcn
X-Generated
X-Varnish-Beresp-TTL
X-TrackingId
X-Request-URL
X-Yottaa-OS
Req-Svc-Chain
X-Origin-Response-Time
X-MiniProfiler-Ids
Expiry
Cf-Alt-Svc
X-Pf-Uncompressing
Content-Style-Type
Vha6-Origin
Xet-Cookie
Who
X-HostName
X-RateLimit-Limit
X-PJAX-URL
Content-Script-Type
BehaviorPad-Version
X-Selected-Host-Header
X-BACKEND-TTL
X-Selected-Name
X-Selected-Scheme
X-Vgn-Hpd-Reason
PICS-Label
Resin-Trace
X-Snapshot-Date
X-TraceId
Cf-Ipcountry
X-B3-Parentspanid
X-BBC-Origin-Response-Status
X-Dw-Trace-Id
Dnion-Transfer-Encoding
Mime-Version
X-C
Inserted-Into-Cache-At
Pragrma