Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
CF-RAY
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-Served-By
X-Xss-Protection
CF-Ray
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
P3p
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
Upgrade
X-CDN
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Template
X-Ws-Request-Id
X-Language
Feature-Policy
X-Age
X-Dns-Prefetch-Control
X-Backend
X-Cache-Group
X-Hacker
X-Server
X-Amz-Request-Id
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
X-UA-Device
EagleId
X-Proxy-Cache
Request-Context
X-Turbo-Charged-By
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Host-Header
Grace
X-Buckets
Report-To
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Cf-Railgun
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-Vhost
Cf-Bgj
X-Host
X-WebKit-CSP
X-Dispatcher
X-Backend-Server
NEL
X-Device
X-Node
Surrogate-Control
X-Ruxit-JS-Agent
X-Server-Id
Content-Location
X-Response-Time
X-Cache-Lookup
Request-Id
X-Origin-Cache
Accept-CH-Lifetime
X-Akam-SW-Version
X-Ac
EagleEye-TraceId
Accept-CH
X-ASPNET-VERSION
X-Country
X-HW
X-Mod-Pagespeed
Rating
X-Readtime
X-Cloud-Trace-Context
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Application-Context
Allow
Pinterest-Generated-By
Edge-Control
X-Country-Code
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-PC
X-TtlSet
X-Vname
X-DataDome
X-Url
X-Varnish-TTL
X-Cnection
X-Origin-Upstream-Status
X-MS-InvokeApp
X-GitHub-Request-Id
X-Content-Type
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
X-D2id
X-Clacks-Overhead
X-Trace
X-Abt-Application-Version
X-Sol
Response
Pagespeed
X-Middleton-Display
X-Webkit-CSP
X-Middleton-Response
Display
Pinterest-Version
X-Server-Name
X-Pinterest-Rid
X-ESI
X-Vcap-Request-Id
X-Px
X-Navigation-Version
X-Rack-Cache
X-FTR-Request-ID
X-B3-TraceId
Verso
X-DynaTrace
Service-Worker-Allowed
MS-Author-Via
X-Cached
X-Fastly-Request-ID
X-Element-Page-Cache
X-Client-IP
Arr-Disable-Session-Affinity
X-Cache-TTL
X-Dw-Request-Base-Id
X-Powered-By-Plesk
X-CST
Content-MD5
X-Upstream
X-SharePointHealthScore
SPRequestGuid
AR-CACHE
AR-ATIME
AR-PoweredBy
X-Version
AR-Request-ID
X-TTL
Fastly-Restarts
X-NF-Request-ID
Ar-Sid
X-Forwarded-Proto
X-VARITI-CCR
X-Debug
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Revision
X-Exp-Variant
X-Use-Magma
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Goog-Hash
X-FastCGI-Cache
X-T
X-XRDS-Location
Accept-Ch
Access-Control-Request-Method
X-Jurisdiction
X-Powered-CMS
X-MSEdge-Ref
X-Release
X-Ttl
TP-Cache
TP-L2-Cache
X-Content-Digest
SPRequestDuration
SPIisLatency
X-Edge
S
X-Amz-Rid
TCN
X-Pinterest-Direct
RTSS
Cache-Tag
Public-Key-Pins
X-NWS-LOG-UUID
X-Ezoic-Cdn
X-Node-Name
X-Server-ID
Fastcgi-Cache
X-Yandex-Sdch-Disable
X-Request-Received
X-Request-Processing-Time
X-Cache-Key
X-Mid
X-MCACHE
Server-Node
X-PressLabs-Stats
Front-End-Https
X-Accel-Expires
X-Amzn-Trace-Id
X-Recruiting
X-Kinsta-Cache
X-Logged-In
X-Ratelimit-Remaining
X-Ser
X-Microsite
X-Request-Handler-Origin-Region
X-Cache-Hit
ServerID
Mrf-Cache-Status
MRF-Tech
X-Origin-Server
X-B3-TraceId-Primal
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Accept-Charset
X-Page-Id
X-Mg-S
Host
X-Amz-Server-Side-Encryption
X-Grace
X-Varnish-Age
X-ECACHE
X-B
Alternate-Protocol
X-Content-Security-Policy-Report-Only
X-DIS-Request-ID
X-Shield-Request-Id
Nginx-Cache
X-Hostname
X-Mobile-URL
Edge-Cache-Tag
Accept-Ch-Lifetime
X-Ratelimit-Limit
X-HP-Webp
X-Forwarded-For
X-FTR-Realm
X-FTR-Backend
X-FTR-Backend-Server
Realpath
X-FTR-Balancer
X-FTR-DC
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Expires
X-Hits
X-Content-Options
X-FireWall-Port
X-Seen-By
X-LB-Cache
X-F-Cache
X-Git-Hash
Filterid
X-Load-Cache
X-AppVersion
X-Activity-Id
X-Az
MicrosoftSharePointTeamServices
X-Jobs
X-N
X-Request-Guid
X-App-Environment
X-Type
X-Varnish-Backend
Cache-Tags
Paypal-Debug-Id
X-Rid
Fastcgi-Useragent
X-TEC-API-VERSION
X-WebKit-CSP-Report-Only
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Varnish-Grace
Cleartype
X-Upgrade-Enabled
X-Zen-Fury
DynaTrace
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Proxy
Access-Control-Allow-Method
X-Daa-Tunnel
X-Cached-By
X-Id
X-FB-Debug
X-Cache-Age
X-Akamai-Edgescape
Powered-By-ChinaCache
X-Litespeed-Cache
X-Amz-Meta-S3cmd-Attrs
X-App-Server
DC
X-Geo-Country
X-GUploader-UploadID
X-Goog-Generation
X-HS-Content-Id
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-HS-Cache-Config
X-HS-Hub-Id
X-Cache-Rule
X-Respond-Thread
X-Cache-Operation
X-HS-Combine-CSS
X-Host-Name
X-Content-Powered-By
X-B3-Sampled
X-IPLB-Instance
Content-Disposition
X-User-Agent
X-AOL-HN
X-Signature
X-B-Cache
X-Whom
X-Debug-Info
MS-CV
X-Accel-Buffering
X-Response-Served-From
Healthy
X-Original-Request-Id
X-Correlation-ID
X-Wix-Request-Id
X-Region
AMP-Access-Control-Allow-Source-Origin
X-Frontend
Payment
Akamai-Age-Ms
X-HTML-Minification-Powered-By
X-FW-Static
X-FW-Type
X-FW-Server
X-VCache
X-UUID
X-Rule
X-FW-Serve
X-FW-Hash
X-Cacheable-TTL
X-Distributor
X-Mobile
X-FW-Dynamic
X-Instance
X-Rendered-As
X-Ua
X-Is-Bot
X-Cache-Time
X-Endurance-Cache-Level
X-Tumblr-Pixel-2
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Tumblr-Pixel-0
Refresh
Datacenter
X-Amzn-RequestId
Surrogate-Key
X-Amz-Apigw-Id
NGB
Filters
X-Fastcgi-Cache
Charset
X-App-Version
X-Acc-Debug-Context
X-Via-JSL
Countrycode
X-Protected-By
Liferay-Portal
S-Cnection
Viewport
PB-PID
X-Backend-Name
PB-RID
Arc-Version
Nel
X-Hyper-Cache
X-XRDS-LOCATION
X-Varnish-Server
X-Cache-Expired-At
X-Cache-Server
X-Ah-Environment
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Oneagent-Js-Injection
X-Amz-Replication-Status
Section-Io-Cache
Retry-After
X-PHP-Backend
X-Cache-Action
X-NewRelic-App-Data
X-Azure-Ref
X-Source
X-Sucuri-ID
Referer-Policy
Version
X-EdgeConnect-Cache-Status
GEO-INFO
X-WA-Info
X-Cache-Control
X-Correlation-Id
X-Proxy-Cache-Status
Eomportal-Instance
X-Framework
X-ProcessESI
X-RemovedCookies
X-Real-IP
X-L-Path
X-Environment-Context
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Time
X-RN-RSRV
X-Cache-Var
Server-Name
X-ES-SERVER
X-Revision
X-Air-Hostname
Meta-Geo
Ms-Operation-Id
Frame-Options
X-Unique-Id
X-Cache-Var-Map
X-RTag
X-GeoIP
Powered
X-Mode
X-From
X-Time-Microsecs
X-Cache-Host
X-Xfnlog-Site
X-Cache-TTL-Remaining
X-ProxyCache-Status
X-ProxyCache-Key
X-Qloud-Router
X-R9-Blue-Green-Version
X-BYPASS-REASON
X-VWS-Id
X-Server-W
X-Cluster
X-AWS-Id
Mn-Server-Ip
X-FB-TRIP-ID
X-Human
X-Labrador-Cache-Channel
X-TNCMS
X-Hosted-By
Cross-Origin-Window-Policy
X-FW-Version
Cache-Tv-Group
X-LJ-Flow-ID
Uber-Trace-Id
X-Loop
X-PCL
DB-Nickname
X-DynaTrace-JS-Agent
X-OCL
Ec-Rule-Version
X-PHP-Host
X-Drupal-Cache-Contexts
Selected-Fe
X-Status
X-Zipkin-Id
Property-Id
X-Amzn-Remapped-Content-Length
Webcakes-App-Name
X-Origin-Hint
TWC-Privacy
X-CSRF-Token
X-NYM-Debug-Backend
X-Locale
X-Handled-By
X-Hl-Ver
Webcakes-Region
Webcakes-App-Version
X-Timing-Wait
X-Proxied
TWC-GeoIP-Country
X-Debug-Cache
TWC-Device-Class
TWC-Connection-Speed
X-Site-Version
X-Proxy-Build
X-Detected-As
TWC-Locale-Group
X-Redis-Cache
X-Routing-Service
TWC-GeoIP-LatLong
X-Be
X-Sucuri-Cache
X-ServerID
X-Format
X-Proto
X-Section
X-Via-Fastly
X-Access
X-Ratelimit-Reset
X-Generated-By
X-Cache-PHP
X-BCube-Filmed-By
X-Hp-Webp
X-Device-Type
X-No-Session
X-Drupal-Cache-Tags
X-ATG-Version
X-Contextid
Cache
FSS-Cache
From-Origin
X-CDN-Forward
X-SaId
X-JoinUs
X-Varnish-Cache-Hits
X-FTR-Cache-Host
Webserver
CACHE
X-Esi
X-NCache
X-Adobe-Content
X-Adobe-Loc
X-URL
X-Origin
CF-Cached-On
X-NC
OT-Force-Account-Verify
X-AIR-PT
X-NWS-UUID-VERIFY
X-Oss-Request-Id
X-TT
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Storage-Class
Azure-Version
X-GoCache-CacheStatus
VIX-Pulpo-Upstream-Status
Azure-SiteName
VIX-Pulpo-Node
Azure-SlotName
Azure-InstanceId
Azure-RegionName
X-TA-CDN-Provider
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-IPS-LoggedIn
X-Akamai-Transformed
X-IP
X-EIG-Tracking-Id
X-Cache-Enabled
X-EC-Lua
X-Adobe-Source
Access-Control-Request-Headers
X-CCM
SD-X-WS
X-Bc-Bl
X-Backend-Host
Upgrade-Insecure-Requests
X-Cache-2
X-TIME
X-ShardId
X-Shopify-Stage
X-ShopId
X-Providence-Cookie
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-Is-Crawler
X-Route-Name
X-Flags
X-Aspnet-Duration-Ms
X-PERF
X-Tumblr-Pixel-3
X-Soup
Node
X-Backend-TTL
X-Cache-Backend
X-APP-VERSION
X-Forwarded-Host
X-Pubstack
X-ECache
X-ApacheServer
X-Cache-Grace
X-Pinterest-Sli-Endpoint-Name
X-Web-Node
X-Pinterest-Sli-Response-Type
X-Pinterest-Sli-Latency-Threshold
Fastly-SSL
X-Say-Cacheable
X-SayCDN-TTL
X-Say-TTL
Decoy-Debug-Key
Cache-Status
X-Varnishpool
X-Storage
Decoy-Debug-TTL
Decoy-Debug-Status
X-Viewer-Country
X-Ruxit-Js-Agent
X-Cluster-Name
X-D
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
X-Connection-Hash
Apple-News-Services-Request-Url
Apple-News-Services-Host
X-Destination
Fastcgi-X-Cache-Version
DCR-Decision-By
DCR-Processing-Time-Ms
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-G
X-Processor
X-RCS-CacheZone
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-A-Dam
X-A-Ccd
X-Trv-Group
X-Transaction
X-A
X-Aed
X-Request-UUID
X-ScT
X-Application
X-ARC
X-B-Cookie
X-S-Cookie
X-Rewrite-Enabled
X-Rojux
X-S
X-Twitter-Response-Tags
X-Vdms-Path
X-Vtex-Remote-Cache
Machine
X-Vtex-Processado-Em
X-CF-Lambda-Fn
Host-ID
X-Worker
Xc-Version
X-CF-Lambda-Version
MD5-Digest
Meta-Geo-Continent
Rendered-Blocks
X-VG-WebCache
X-Vdms-Version
X-VG-WebServer
X-Cache-NE
X-External-Request-Id
Mobile-Detection-Method
X-TX-ID
X-LAGOON
X-Cache-Config
X-Vgn-Hpd-Cached
X-Cdn
X-Vgn-Hpd-Variations-Key
X-Fastly-Cache
X-Clara-WADP
Fastly-SWR
X-Fmm-Version
Country
X-WADP-Cache
CDN-CachedAt
X-DPWN-IS-SECURE
X-Rebelmouse-Cache-Control
X-Variation
X-Envoy-Decorator-Operation
X-Servername
X-Cache-Bucket
X-VG-TLSProxy
CloudFront-Viewer-Country
Platform
X-Rebelmouse-Surrogate-Control
Is-Eu
Fastly-SIE
X-Generation-Time
CDN-RequestCountryCode
CDN-RequestId
Adler-Geo
X-Ms-Request-Id
CDN-PullZone
CDN-EdgeStorageId
CDN-Cache
X-Micro-Cache
CDN-Uid
X-Ms-Version
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Backend
X-UPSTREAM-Address
X-Varnish-Beresp-Ttl
Surrogated-Key
C-Via
X-Bip
X-Core-Mission
Wxu-Next-Commit
X-Accel-Expires-Debug
Wxu-Next-Region
Wxu-Next-Hostname
Rt-Fastcgi-Cache
X-Backend-State
X-Cache-Id
Gh-Request-Id
X-Clientip
Fastly-Drupal-HTML
X-CUA
X-Dispatcher-Server
Akamai-GRN
L
X-Cms-Context
X-Cache-NGX
X-Date
Country-Code
Origin
NM-Fastcgi-Cache
X-Core-Value
X-Li-Pop
X-Owner
X-Platform
X-Webstats-RespID
X-Policy
X-OVcl-Cache
X-OVcl
X-Method
X-Microcachable
X-Minions-Version
X-Old-Content-Length
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-SN
X-Request-Start
X-Slack-Backend
X-Skip-Cache
X-Thanos
X-Request-Host
X-Auto-Login
X-Varnish-Cacheable
X-Render-Time
X-LI-UUID
X-Platform-Server
X-Li-Fabric
X-Hash
X-HS-Content-Campaign-Id
X-Fastly-Backend
X-Irp-Debug
X-Esi-Check
X-Gzip
X-UA
X-NGENIX-Cache
X-CS
Time
PFcat
X-Varnish-CookieINHashed-On
X-DefHash
L5d-Success-Class
X-Varnish-CookieHashed-On
X-Cache-Tags
X-Varnish-Remaining-TTL
X-Up
X-Developers
X-Eu-Site
X-Amz-Meta-Cb-Modifiedtime
X-Gamma-Serve
X-Reqid
X-VarnishDD-TTL
X-Generated-On
X-Req
X-Cache-Date
X-Varnish-Ttl
X-DefElseHash
X-Is-Gdpr
Fastly-Backend-Name
AKAMAI
X-Has-Esi
X-JWT-State
X-Csrf-Jwt
CacheControlHeader
X-Content-Age
X-Level-Front-Cache
X-Mvc-Supplant-Cachable
X-CGP
X-HN
Ha-Gx-Prefs
HA-Ipaddr
X-DC
Now
X-Aicache-OS
X-Edge-Location
X-Cdn-Srv
X-Geo-Header
We-Hiring
Mail-Subject
UCS
Memcached
Ufe-Result
X-Wa
Group
Pagetype
X-Location
X-Cache-URL
X-CACHE-AGE
X-LB-ID
X-Page-View
FSS-Proxy
X-Proxy-Upstream
X-Refresh
X-Session-Fingerprint
X-Cache-Debug
X-Branch-Name
X-PF-Uncompressing
X-Via-Popn
X-Via-Poph
X-NODE
SRV
X-GEO
X-Agile-Age
X-Agile-Id
X-Agile
X-BC
X-ZONE
X-Ftr-Cache-Host
X-B3-Traceid
X-Mvc-Supplant-OutputCached
HostName
X-RateLimit-Remaining
NGX
X-B3-Spanid
X-Servedbyhost
X-LI-Proto
X-Debug-Cache-Store
X-Nginx-Cache
Hostname
X-Debug-Cache-Fetch
X-Via-CDN
M-TraceId
Xserver
X-Datadome
X-Ua-Device
X-Dc
X-Instart-Request-ID
X-Check-Cacheable
X-Request-Time
Arc-Country
X-Varnish-Hostname
X-Sql-Duration-Ms
X-Sql-Count
X-Cdn-Forward
X-LLID
X-SERVER
WebServer
X-SRV
X-VCL-Version
Cdn-Host
Viewtype
VivaBuild
X-NU-AKA-ACS-Version
Cdn-Request-Time
X-Presslabs-Stats
X-Edge-Server
X-Bc
X-Zone
X-LiteSpeed-Cache-Control
X-Via-Ucdn
X-FPC
X-SERVER-NAME
X-Cluster-Node
X-Dynatrace-Js-Agent
X-Cache-Remote
X-RunCloud-Cache
Srv
X-COUNTRY
X-Via-Popv
X-Via-SSL
X-Via-Edge
Edge-Copy-Time
X-Action
X-CF-Powered-By
X-APP
X-Www-Served-By
Memory
SID
X-FORWARDED-FOR
X-UnsetCookies
NtCoent-Length
X-RPS
X-RPM
X-RSL
X-DW
Cache-Hits
X-Svr
On-Server
X-HS-Status
X-DSS
ServedBy
X-Cs
X-MP-GENERATED-AT
X-ID
X-DB
X-Vgn-Hpd-Ssi
WWW-Authenticate
X-S-Maxage
X-DI
ProcessTime
X-NGINX-Cache
Apigw-Requestid
X-Srv
X-ORACLE-APMCS-REQUEST-ID
Geoip-Latitude
GeoIp-Country-Code
X-Oss-Cdn-Auth
X-CSRF-TOKEN
Actual-Object-TTL
XServer
X-Vcache
X-Geo
T-Server
GeoIP-Country-Code
X-We-Are-Hiring
GeoIP-Latitude
Server-Info
Geo-Info
Ohc-File-Size
X-Pass-Why
User-Agent
X-Hit
X-Unique-ID
Sid
X-MSEdge-Features
X-MSEdge-Flight
Amp-Access-Control-Allow-Source-Origin
Processtime
W
X-Akamai-Request-ID2
LB
Server-Host
Pics-Label
X-Erf-Stays-Bingo-Pdp-Web
S-Rt
CF-IPCountry
X-Tb
X-Epic-Correlation-Id
N-Cache
X-HOST
X-Varnish-Hits
Protected
WZWS-RAY
Cdn
X-SB
X-VC
X-Fpc
Magicmarker
X-Envoy-Upstream-Healthchecked-Cluster
X-HITS
X-FC-Vary-Parameters
X-Cache-Hm
X-Info
X-Pjax-Url
X-Vcl-Version
Accept-Language
X-Cache-Hfrom
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Mobile-Rewrite
X-Uri
X-Webkit-CSP-Report-Only
X-Nc
Ohc-Cache-HIT
X-Key
X-Fastly-Country-Code
X-Acc-Rdl
CDN
X-Newrelic-Synthetics
A
Esi-Enabled
Cteonnt-Length
X-CACHE-KEY
X-B3-SpanId
User-Cache-Control
Tracecode
Origin-Cache-Control
Lb
X-TT-LOGID
X-Newrelic-App-Data
Origin-Edge-Control
Section-Origin-Responded
Section-Io-Origin-Status
Odigeo-Trace-Id
Section-Io-Origin-Time-Seconds
DSUID
Section-Io-Id
X-Provided-By
Ssr
X-Instart-Info
X-Via-NSCOPI
X-Dispatch
X-Amzn-Remapped-Date
Proxy-Firewall
Cache-Name
X-Amzn-Remapped-Connection
X-UA-Device-Type
X-Origin-Date
X-ServedByHost
X-Magnolia-Registration
X-Li-Proto
X-Geo-Region
Lfy
Powered-By
X-StackifyID
X-Cache-Tag
X-Dynatrace
SR-User-Adfree
X-Men
Sever-Int
X-Cc-Via
X-Cc-Req-Id
Thinkindot-Control
D-Cc-Upstream
Thinkindot-CacheControl-Type
X-Scheme
Thinkindot-CacheControl
FNAC-ModuleRouting
Locid
X-SVT-ORM-VERSION
True-Client-Country-4JS
MIME-Version
Path
Server-Ext
Server-Hostname
Release
Server-ID
Instruction
IsBot
CDCHOST
X-Cache-Expires
X-Nyt-Route
X-Origin-CC
X-Node-Id
X-Nginx-Cache-Key
X-Loc
X-Matched-Rule
X-Origin-Expires
X-Origin-Time
X-SD-PageType
X-Server-IP
X-Rocket-Build-Number
X-Response-By
X-Origin-TTL
X-Request-URI
X-Hnp-Log
X-Goog-Meta-Goog-Reserved-File-Mtime
X-BBXSRF
X-Block-Status
X-BBC-Edge-Cache-Status
X-API-Version
Vix-Hermes-Req-Id
Web-Mar-Node
X-Cache-ASPX
X-Cache-Info
X-Gen-Mode
X-GeoIP-City
X-Gdpr
X-Developer
X-Contensis-Viewer-Groups
V-Age
X-SIPLIST1
X-Served-From
Server-Ttl
X-TH-Server
X-Varnish-Authentication
X-SVT-ORM-RULES
X-Varnish-Url
X-RAMCache
X-SRCache-Key
HitType
X-VServer
X-Thinkindot-L3
Cache-Key
X-Sigma
X-Akamai-Pragma-Client-IP
X-User
X-Traceid
X-Sigma-Backend
X-Via-PopV
X-Cdn-Origin
X-Generated
X-Azure-Ref-OriginShield
X-Cache-Spec
X-Via-PopH
X-Device-Os
X-TrackingId
X-Parent-Response-Time
BehaviorPad-Version
Fastcgi-Cache-TTL
X-NodeID
X-Fetched-On
X-Lb-Id
X-Generated-In
X-Trace-Id
X-Via-PopN
X-Var-Ttl
Pramga
Cache-Host
Cache-Provider
X-Swa-Ws
Kp-EeAlive
X-Sn-Servicetimems
CountryCode
X-No-Cache
X-App
X-ServiceProvider
X-Agile-Brick-Ok
X-RateLimit-Remaining-Second
X-Tt-Logid
X-RateLimit-Limit-Second
X-LiteSpeed-Tag
X-Batcache
X-ElasticPress-Query
Xet-Cookie
Req-Svc-Chain
X-VC-Cache
X-WA
Tcn
X-PJAX-URL
Source
X-B3-Parentspanid
Dnion-Transfer-Encoding
Who
X-Yottaa-OS
X-RateLimit-Limit
Cf-Alt-Svc
X-Varnish-Beresp-TTL
X-Planisys-CDN-Rules
X-Pf-Uncompressing
Cf-Device-Type
X-HostName
Inserted-Into-Cache-At
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Selected-Scheme
X-Path-Route
X-Selected-Host-Header
X-Selected-Name
X-BBC-Origin-Response-Status
X-Apw-Access-Object
Mime-Version
X-C
X-MiniProfiler-Ids
X-Dw-Trace-Id
X-Proxy-Cachei7
Vha6-Origin
Pragrma
PICS-Label
X-Request-URL
X-Snapshot-Date
X-Apw-Hits
X-Apw-Access-Token
X-Vgn-Hpd-Reason
X-Apw-Access-Action
Resin-Trace