Threat Level: green Handler on Duty: Remco Verhoef

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
CF-RAY
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-UA-Compatible
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-Served-By
CF-Ray
X-Xss-Protection
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
P3p
Status
Content-Encoding
X-AspNetMvc-Version
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Cache-Group
X-Server
X-Backend
X-Amz-Request-Id
X-Hacker
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
X-UA-Device
Request-Context
X-Proxy-Cache
EagleId
X-Turbo-Charged-By
X-Server-Powered-By
Server-Timing
X-Template
X-Nginx-Cache-Status
Grace
X-Dns-Prefetch-Control
Host-Header
X-Language
Report-To
X-Rq
X-Page-Speed
Xkey
X-Varnish-Cache
X-OneAgent-JS-Injection
X-Ua-Compatible
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
X-Buckets
X-Vhost
X-Host
X-WebKit-CSP
X-Backend-Server
NEL
X-Server-Id
X-Dispatcher
X-Device
Accept-CH-Lifetime
Surrogate-Control
X-Node
X-Ruxit-JS-Agent
Request-Id
Accept-CH
Content-Location
X-Response-Time
EagleEye-TraceId
X-Akam-SW-Version
X-Cache-Lookup
X-Origin-Cache
X-Ac
Allow
X-Readtime
X-Mod-Pagespeed
Rating
X-HW
X-Country
X-Application-Context
X-Cloud-Trace-Context
X-ORACLE-DMS-ECID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-ORACLE-DMS-RID
Edge-Control
Pinterest-Generated-By
X-MS-InvokeApp
X-PC
X-TtlSet
X-Vname
X-Cnection
X-Country-Code
X-Varnish-TTL
X-CST
X-DataDome
X-Content-Type
X-GitHub-Request-Id
X-ASPNET-VERSION
X-D2id
X-Clacks-Overhead
X-Trace
Response
X-Middleton-Display
X-Middleton-Response
X-Sol
Display
Pagespeed
MS-Author-Via
X-FastCGI-Cache
X-Origin-Upstream-Status
Pinterest-Version
X-Pinterest-Rid
X-Server-Name
X-TTL
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Fusion-Deployment-Id
X-Vcap-Request-Id
X-Px
X-Rack-Cache
X-Abt-Application-Version
X-Navigation-Version
Service-Worker-Allowed
X-Url
Verso
X-B3-TraceId
X-ESI
Arr-Disable-Session-Affinity
X-Client-IP
X-Element-Page-Cache
X-Cache-TTL
X-Cached
X-DynaTrace
X-Fastly-Request-ID
X-FTR-Request-ID
X-Webkit-CSP
X-Dw-Request-Base-Id
X-VARITI-CCR
SPRequestGuid
X-SharePointHealthScore
X-Kinja-Server
X-Use-Magma
X-Cdn-Fetch
X-Kinja-Revision
X-Exp-Variant
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja
X-Exp-Id
X-Goog-Hash
X-Powered-By-Plesk
X-NF-Request-ID
X-Upstream
Fastly-Restarts
AR-PoweredBy
AR-Request-ID
X-Debug
AR-CACHE
AR-ATIME
Ar-Sid
Content-MD5
X-Pinterest-Direct
X-MSEdge-Ref
SPRequestDuration
SPIisLatency
X-Forwarded-Proto
X-Powered-CMS
X-Version
Access-Control-Request-Method
X-Release
X-Amz-Rid
X-XRDS-Location
X-T
X-Jurisdiction
S
X-Content-Digest
X-Edge
TCN
RTSS
TP-Cache
TP-L2-Cache
Public-Key-Pins
Cache-Tag
X-Ezoic-Cdn
X-Cache-Key
X-Litespeed-Cache
Front-End-Https
X-MCACHE
X-Mid
X-Node-Name
X-Yandex-Sdch-Disable
Server-Node
X-Mg-S
X-Amz-Server-Side-Encryption
X-Request-Processing-Time
X-Request-Received
Fastcgi-Cache
X-Recruiting
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-HP-Webp
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Amzn-Trace-Id
X-Accel-Expires
X-Ser
X-Kinsta-Cache
X-PressLabs-Stats
X-Grace
X-Ttl
X-NWS-LOG-UUID
X-Request-Handler-Origin-Region
X-Microsite
Accept-Ch
X-Origin-Server
Accept-Charset
X-Varnish-Age
MicrosoftSharePointTeamServices
ServerID
X-DIS-Request-ID
X-Logged-In
X-Page-Id
Cf-Bgj
X-Ratelimit-Remaining
Nginx-Cache
Edge-Cache-Tag
X-Content-Security-Policy-Report-Only
X-ECACHE
Host
X-Shield-Request-Id
X-Cache-Hit
X-Hits
Powered-By-ChinaCache
Cache-Tags
X-B
X-Hostname
X-Forwarded-For
X-F-Cache
X-Mobile-URL
X-Server-ID
X-LB-Cache
Cleartype
X-Respond-Thread
X-Activity-Id
X-AppVersion
Realpath
X-Az
X-Git-Hash
X-Upgrade-Enabled
X-Cached-By
X-N
X-Cache-Age
X-Ratelimit-Limit
Alternate-Protocol
X-Amz-Meta-S3cmd-Attrs
X-Kong-Upstream-Latency
X-Content-Options
DynaTrace
X-Kong-Proxy-Latency
X-Rid
X-Type
X-Request-Guid
Paypal-Debug-Id
X-App-Environment
X-Varnish-Backend
X-Load-Cache
X-Jobs
Fastcgi-Useragent
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend
Access-Control-Allow-Method
X-Country-Code-Real
X-FTR-Realm
X-FTR-Backend-Server
X-Seen-By
X-FTR-Expires
X-WebKit-CSP-Report-Only
X-Proxy
Charset
X-Goog-Metageneration
X-HS-Cache-Config
X-HS-Content-Id
X-Zen-Fury
X-HS-Hub-Id
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-HS-Combine-CSS
X-B3-Sampled
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-URL
X-Akamai-Edgescape
X-FireWall-Port
X-VCache
Filters
X-FB-Debug
X-Signature
X-B-Cache
X-Daa-Tunnel
X-IPLB-Instance
Filterid
X-Varnish-Grace
X-Mobile
X-AOL-HN
X-Debug-Info
X-Host-Name
X-Whom
MS-CV
Healthy
DC
Viewport
X-Correlation-ID
X-Geo-Country
X-Region
X-User-Agent
Payment
X-Accel-Buffering
X-App-Server
X-Cache-Rule
X-Cache-Operation
X-Frontend
Liferay-Portal
X-Response-Served-From
X-Original-Request-Id
AMP-Access-Control-Allow-Source-Origin
X-Instance
X-Distributor
X-UUID
Surrogate-Key
X-Cacheable-TTL
X-Amz-Replication-Status
X-FW-Type
X-HTML-Minification-Powered-By
X-Rule
X-Tumblr-Pixel-2
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-1
X-FW-Server
X-FW-Serve
X-Tumblr-Pixel-0
X-FW-Hash
X-FW-Dynamic
X-FW-Static
Refresh
X-Protected-By
X-Cache-Time
Accept-Ch-Lifetime
X-Content-Powered-By
CACHE
Section-Io-Cache
S-Cnection
X-Via-JSL
X-Acc-Debug-Context
X-Cache-Expired-At
X-Id
X-Wix-Request-Id
X-Rendered-As
X-Is-Bot
Version
Content-Disposition
X-Cache-Action
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Hyper-Cache
X-Backend-Name
GEO-INFO
Server-Name
X-Amzn-RequestId
X-Sucuri-ID
X-Amz-Apigw-Id
X-XRDS-LOCATION
Nel
X-Endurance-Cache-Level
Retry-After
PB-PID
PB-RID
Arc-Version
X-Air-Hostname
X-Cache-Server
X-Ah-Environment
X-Ua
Datacenter
X-Oneagent-Js-Injection
X-Source
X-App-Version
Eomportal-Instance
X-Unique-Id
X-Real-IP
X-EdgeConnect-Cache-Status
X-RemovedCookies
X-L-Path
X-Environment-Context
X-ProcessESI
X-Framework
Frame-Options
X-Pinterest-Sli-Latency-Threshold
X-Correlation-Id
Referer-Policy
X-Pinterest-Sli-Response-Type
X-Pinterest-Sli-Endpoint-Name
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Sucuri-Cache
Ms-Operation-Id
X-Drupal-Cache-Contexts
X-RTag
X-Revision
X-Varnish-Server
Countrycode
NGB
X-Cache-Control
X-Esi
X-Drupal-Cache-Tags
X-Cache-Spec
X-ES-SERVER
Meta-Geo
X-WA-Info
X-Cache-Var-Map
Webserver
X-Cache-Var
X-RN-RSRV
X-Mode
Akamai-Age-Ms
X-Proxy-Cache-Status
X-TIME
X-CDN-Forward
X-ProxyCache-Status
DB-Nickname
X-Xfnlog-Site
X-Cache-TTL-Remaining
X-Cache-Host
X-Time-Microsecs
X-BYPASS-REASON
Cache-Tv-Group
X-ProxyCache-Key
X-Azure-Ref
X-Contextid
X-Is-Crawler
X-Flags
X-OCL
X-Amzn-Remapped-Content-Length
X-Providence-Cookie
X-Status
X-Route-Name
X-NYM-Debug-Backend
X-Aspnet-Duration-Ms
X-Labrador-Cache-Channel
X-Qloud-Router
X-R9-Blue-Green-Version
X-Redis-Cache
X-Cluster
X-FW-Version
X-PHP-Host
X-PCL
Ec-Rule-Version
X-Hl-Ver
Cross-Origin-Window-Policy
X-Site-Version
X-Routing-Service
X-Section
X-Server-W
X-Proxied
X-Origin-Hint
X-Locale
X-Loop
X-TNCMS
X-Via-Fastly
X-Proto
X-ServerID
X-No-Session
X-Be
X-VWS-Id
X-Zipkin-Id
X-LJ-Flow-ID
X-Human
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-GeoIP-Country
TWC-Device-Class
Property-Id
TWC-Connection-Speed
TWC-Privacy
Webcakes-App-Name
X-Handled-By
X-Hosted-By
X-Format
X-AWS-Id
Webcakes-App-Version
Webcakes-Region
Mn-Server-Ip
X-Access
X-GeoIP
X-From
Selected-Fe
X-NewRelic-App-Data
X-Proxy-Build
X-Detected-As
X-Timing-Wait
X-Adobe-Loc
X-Adobe-Content
X-TT
X-FB-TRIP-ID
Uber-Trace-Id
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Cache-PHP
FSS-Cache
X-Debug-Cache
X-DynaTrace-JS-Agent
X-Device-Type
X-Generated-By
X-ATG-Version
X-BCube-Filmed-By
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-AIR-PT
X-NC
X-Ratelimit-Reset
Upgrade-Insecure-Requests
X-PHP-Backend
X-LLID
Azure-Version
Azure-InstanceId
Azure-SlotName
Azure-SiteName
Azure-RegionName
X-Varnish-Cache-Hits
Access-Control-Request-Headers
X-Aspnetmvc-Version
X-CSRF-Token
OT-Force-Account-Verify
X-ID
From-Origin
X-UPSTREAM-Address
X-B3-Traceid
X-NCache
Cache-Status
X-GoCache-CacheStatus
X-CCM
X-Adobe-Source
X-Oss-Storage-Class
SD-X-WS
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Origin
X-Oss-Hash-Crc64ecma
X-Akamai-Transformed
CF-Cached-On
X-Page-View
X-Cache-2
X-COUNTRY
X-G
X-Backend-TTL
X-LAGOON
X-Forwarded-Host
X-Alternate-Cache-Key
X-Cache-Grace
X-ShardId
X-Sorting-Hat-PodId
X-PERF
X-ApacheServer
Country
X-Shopify-Stage
X-Storefront-Renderer-Rendered
X-Varnishpool
X-ShopId
X-Pubstack
X-Sorting-Hat-ShopId
X-Soup
X-SaId
X-SayCDN-TTL
Decoy-Debug-TTL
X-Say-TTL
X-Say-Cacheable
Decoy-Debug-Status
X-Web-Node
Decoy-Debug-Key
Fastly-SSL
X-Storage
X-JoinUs
Powered
X-Cluster-Name
X-APP-VERSION
SRV
Node
X-FTR-Cache-Host
X-Backend-Host
X-Time
X-IP
Cache
X-ECache
X-Erf-Bev-Bev
X-GEO
X-EC-Lua
X-TX-ID
X-Via-CDN
X-Ruxit-Js-Agent
X-Erf-Bev-Bev-Is-Generated
X-Viewer-Country
X-Worker
DCR-Decision-By
Apple-News-Services-Host
X-Application
X-Request-UUID
X-Cache-NE
X-S-Cookie
Apple-News-Services-Handled
Mobile-Detection-Method
X-External-Request-Id
X-Aed
Xc-Version
X-VG-WebCache
X-Rojux
X-CF-Lambda-Version
X-A-Wwc
X-B-Cookie
X-Connection-Hash
Rendered-Blocks
X-CF-Lambda-Fn
X-D
X-Destination
X-Vdms-Path
X-ARC
X-Vdms-Version
X-Rewrite-Enabled
MD5-Digest
DCR-Processing-Time-Ms
X-A
Fastcgi-X-Cache-Version
X-S
X-A-Dgt
X-VG-WebServer
X-PBS-Appsvrname
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Trv-Group
X-PAYTM-SRV-ID
X-Vtex-Processado-Em
X-Tumblr-Pixel-3
X-A-Ccd
Machine
X-Vtex-Remote-Cache
X-A-Dcw
X-Session-Fingerprint
Meta-Geo-Continent
X-RCS-CacheZone
X-ScT
X-Processor
X-A-Dam
Host-ID
X-IPS-LoggedIn
X-Cdn
X-Cache-Config
X-NWS-UUID-VERIFY
X-Cache-Enabled
X-B3-Spanid
X-Auto-Login
X-Cache-Bucket
Platform
X-Micro-Cache
X-Ms-Version
X-Platform-Server
CloudFront-Viewer-Country
X-Ms-Request-Id
X-Microcachable
CDN-RequestCountryCode
X-Cache-Debug
Adler-Geo
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Varnish-Remaining-TTL
CDN-RequestId
X-VG-TLSProxy
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Servername
X-Variation
CDN-Uid
X-WADP-Cache
Fastly-SIE
X-DefHash
X-DPWN-IS-SECURE
X-Envoy-Decorator-Operation
X-DefElseHash
X-Core-Value
CDN-CachedAt
X-Clara-WADP
X-Cms-Context
Fastly-SWR
CDN-Cache
CDN-PullZone
Is-Eu
Gh-Request-Id
CDN-EdgeStorageId
X-Generation-Time
X-Fastly-Cache
X-Fmm-Version
X-Cache-Backend
Backend
Fastly-Backend-Name
PFcat
Origin
L
Fastly-Drupal-HTML
X-Has-Esi
X-Owner
X-Policy
X-Request-Host
X-Old-Content-Length
X-Method
X-Li-Pop
X-LI-UUID
X-Location
X-Request-Start
X-Skip-Cache
X-Wikidot-Static-Cache
X-Irp-Debug
X-Platform
X-Wikidot-Backend
X-VarnishDD-TTL
X-Thanos
X-Varnish-Cacheable
X-Li-Fabric
X-Level-Front-Cache
X-CUA
X-Developers
X-Esi-Check
X-Clientip
X-Cache-Id
X-Backend-State
X-Bip
X-Cache-Date
X-Fastly-Backend
X-Gamma-Serve
X-HS-Content-Campaign-Id
X-Is-Gdpr
X-JWT-State
X-HN
X-Gzip
X-Generated-On
X-Geo-Header
Rt-Fastcgi-Cache
X-Cache-NGX
AKAMAI
X-Varnish-Beresp-Status
X-Fastcgi-Cache
X-Varnish-Beresp-Ttl
Akamai-GRN
X-Varnish-Beresp-Grace
C-Via
X-Bc-Bl
X-UA
X-Webstats-RespID
NM-Fastcgi-Cache
X-Reqid
Wxu-Next-Region
X-Dispatcher-Server
X-OVcl
X-Slack-Backend
Wxu-Next-Commit
Wxu-Next-Hostname
X-OVcl-Cache
X-Render-Time
X-Branch-Name
X-Content-Age
X-SN
CacheControlHeader
X-Csrf-Jwt
X-Varnish-Ttl
X-Eu-Site
X-DC
X-Core-Mission
X-Mvc-Supplant-Cachable
X-Cache-Tags
X-CGP
Ha-Gx-Prefs
L5d-Success-Class
X-Cache-Remote
HA-Ipaddr
Pagetype
X-CS
X-PF-Uncompressing
X-Sql-Duration-Ms
X-Refresh
X-Transaction
X-Hash
X-Wa
X-Sql-Count
X-Twitter-Response-Tags
X-EIG-Tracking-Id
FSS-Proxy
X-Minions-Version
X-TA-CDN-Provider
UCS
X-Aicache-OS
X-Amz-Meta-Cb-Modifiedtime
Country-Code
X-Ftr-Cache-Host
X-SRV
XServer
X-NODE
X-Www-Served-By
Hostname
X-Via-Poph
X-Via-Popn
X-NU-AKA-ACS-Version
X-Accel-Expires-Debug
NGX
Surrogated-Key
X-Date
X-S-Maxage
X-Hp-Webp
Cache-Hits
X-NGENIX-Cache
Protected
X-Presslabs-Stats
X-Req
X-Servedbyhost
X-Mvc-Supplant-OutputCached
X-RateLimit-Remaining
X-LI-Proto
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-LB-ID
X-Edge-Location
X-Up
X-Check-Cacheable
Memcached
X-Debug-Cache-Store
Mail-Subject
X-Dc
X-Nginx-Cache
X-Debug-Cache-Fetch
We-Hiring
X-Cdn-Srv
Ufe-Result
X-FPC
X-Cache-URL
Group
Time
X-Via-Edge
Edge-Copy-Time
X-Svr
X-Ua-Device
X-Varnish-Hostname
On-Server
X-Via-SSL
X-Proxy-Upstream
Now
X-CACHE-AGE
HostName
GeoIp-Country-Code
Geoip-Latitude
ServedBy
X-Dynatrace-Js-Agent
X-ZONE
X-BC
X-Agile-Age
X-Agile
X-Agile-Id
X-Webkit-Csp
X-Request-Time
X-VCL-Version
X-Pass-Why
T-Server
X-Cluster-Node
X-CSRF-TOKEN
X-Cs
SID
X-Uri
X-FORWARDED-FOR
WZWS-RAY
Pics-Label
Section-Io-Origin-Time-Seconds
X-MP-GENERATED-AT
Section-Origin-Responded
Section-Io-Id
Server-Host
Section-Io-Origin-Status
X-NGINX-Cache
X-Acc-Rdl
M-TraceId
X-UnsetCookies
X-Varnish-Hits
X-VC
X-SB
X-Via-Popv
X-Cdn-Forward
Xserver
X-LiteSpeed-Cache-Control
Magicmarker
N-Cache
ProcessTime
X-Datadome
X-Bc
X-Zone
Ohc-File-Size
X-TT-LOGID
X-Erf-Stays-Bingo-Pdp-Web
X-APP
X-CF-Powered-By
X-Info
X-Srv
Apigw-Requestid
DSUID
Arc-Country
X-HS-Status
Ohc-Cache-HIT
Cache-Name
NtCoent-Length
Cdn-Host
Cdn-Request-Time
Viewtype
X-We-Are-Hiring
X-Edge-Server
VivaBuild
X-UA-Device-Type
Odigeo-Trace-Id
User-Agent
Cteonnt-Length
User-Cache-Control
X-Origin-Date
Memory
X-MSEdge-Features
X-MSEdge-Flight
W
Processtime
X-RunCloud-Cache
WebServer
Tracecode
CF-IPCountry
X-Action
X-Via-Ucdn
Srv
LB
Server-Info
Ssr
S-Rt
Sid
X-Magnolia-Registration
X-Tb
Amp-Access-Control-Allow-Source-Origin
X-RPM
X-DB
X-RPS
X-DI
X-DSS
X-Oss-Cdn-Auth
X-RSL
WWW-Authenticate
X-DW
X-HOST
X-Newrelic-App-Data
CountryCode
X-Vgn-Hpd-Ssi
CDN
Lfy
X-HITS
X-Dynatrace
V-Age
Vix-Hermes-Req-Id
Thinkindot-CacheControl
X-Vcl-Version
True-Client-Country-4JS
Thinkindot-CacheControl-Type
Thinkindot-Control
Web-Mar-Node
X-Cache-Hfrom
X-BBC-Edge-Cache-Status
X-Block-Status
X-Cache-Hm
X-VServer
SR-User-Adfree
X-API-Version
X-Scheme
X-SVT-ORM-VERSION
X-User
CDCHOST
X-SRCache-Key
Instruction
X-Pjax-Url
Path
Locid
IsBot
Server-Ext
X-Thinkindot-L3
Server-ID
Sever-Int
MIME-Version
X-Varnish-Url
Server-Hostname
X-Cache-ASPX
X-Varnish-Authentication
X-SVT-ORM-RULES
X-BBXSRF
X-Node-Id
X-Nyt-Route
X-Origin-CC
X-Cache-Expires
X-Nginx-Cache-Key
X-Loc
X-Matched-Rule
X-Origin-Expires
X-Unique-ID
X-Request-URI
X-Response-By
X-Origin-TTL
Geo-Info
X-Origin-Time
X-SD-PageType
X-Browser-Type
X-Hnp-Log
X-Gdpr
X-Server-IP
X-SIPLIST1
X-Developer
X-Gen-Mode
X-Contensis-Viewer-Groups
X-Cache-Info
X-Geo
X-Webkit-CSP-Report-Only
X-Hit
X-SERVER-NAME
X-Newrelic-Synthetics
X-Azure-Ref-OriginShield
X-Traceid
D-Cc-Upstream
X-Cdn-Origin
X-Cc-Req-Id
Release
X-Trace-Id
X-Fastly-Country-Code
X-Goog-Meta-Goog-Reserved-File-Mtime
X-GeoIP-City
A
X-Sn-Servicetimems
X-Cc-Via
X-Generated-In
X-FC-Vary-Parameters
X-NodeID
X-CACHE-KEY
X-Swa-Ws
Cache-Host
X-Var-Ttl
X-Oracle-Dms-Rid
X-Akamai-Request-ID2
X-Device-Os
Lb
X-Fetched-On
Pramga
GeoIP-Latitude
GeoIP-Country-Code
X-Provided-By
X-Nc
X-Lb-Id
Cdn
X-Via-NSCOPI
X-Envoy-Upstream-Healthchecked-Cluster
X-Epic-Correlation-Id
Cf-Device-Type
X-Fpc
X-Cache-Tag
X-Origin-Response-Time
X-Men
Source
X-ServedByHost
X-Li-Proto
FNAC-ModuleRouting
Accept-Language
X-Fastly-Request-Id
X-Sigma
Cache-Key
X-Akamai-Pragma-Client-IP
X-Sigma-Backend
X-Via-PopV
X-Amzn-Remapped-Connection
Esi-Enabled
X-Via-PopH
X-StackifyID
X-Rocket-Build-Number
X-Via-PopN
X-Served-From
Kp-EeAlive
X-TH-Server
X-Amzn-Remapped-Date
Server-Ttl
Expiry
X-ORACLE-APMCS-REQUEST-ID
Actual-Object-TTL
X-Key
X-Parent-Response-Time
Url
X-Instart-Request-ID
Cache-Provider
Content-Style-Type
Content-Script-Type
X-Vgn-Hpd-Reason
X-No-Cache
X-Akamai-Request-ID
X-Proxy-Cachei7
Xkeyi7
X-ServiceProvider
X-B3-SpanId
Content-Secure-Policy
X-Tt-Logid
X-RateLimit-Remaining-Second
X-Request-URL
X-RateLimit-Limit-Second
X-Mobile-Rewrite
X-MiniProfiler-Ids
X-WA
Location
Req-Svc-Chain
X-VC-Cache
X-Yottaa-OS
X-Batcache
X-ElasticPress-Query
X-Agile-Brick-Ok
X-Vcache
Tcn
EpKe-Alive
BehaviorPad-Version
X-BBC-Origin-Response-Status
X-ND-Cache
X-B3-Parentspanid
URI
X-HostName
Origin-Cache-Control
X-RateLimit-Limit
X-PJAX-URL
X-Instart-Info
Origin-Edge-Control
Proxy-Firewall
X-Dispatch
Who
Inserted-Into-Cache-At
X-Apw-Access-Token
X-Apw-Access-Action
X-Apw-Hits
X-Varnish-Beresp-TTL
X-Apw-Access-Object
X-Selected-Name
X-Selected-Host-Header
X-Geo-Region
X-Selected-Scheme
X-TrackingId
X-TraceId
Cf-Alt-Svc
Powered-By
DataCenter
X-Pf-Uncompressing
HitType
X-RAMCache
Pragrma
Xet-Cookie
PICS-Label
X-Snapshot-Date
X-C
Mime-Version
NnCoection
X-Dw-Trace-Id
Resin-Trace
Vha6-Origin