Threat Level: green Handler on Duty: Remco Verhoef

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
CF-RAY
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-UA-Compatible
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-Served-By
CF-Ray
X-Xss-Protection
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
P3p
Status
Content-Encoding
X-AspNetMvc-Version
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Cache-Group
X-Server
X-Backend
X-Amz-Request-Id
X-Hacker
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
X-UA-Device
Request-Context
X-Proxy-Cache
EagleId
X-Turbo-Charged-By
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
X-Template
Grace
X-Dns-Prefetch-Control
Host-Header
X-Language
Report-To
X-Rq
X-Page-Speed
Xkey
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Ua-Compatible
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
X-Buckets
X-Vhost
X-Host
X-WebKit-CSP
NEL
X-Backend-Server
X-Server-Id
X-Dispatcher
X-Device
Surrogate-Control
Accept-CH-Lifetime
X-Node
X-Ruxit-JS-Agent
Request-Id
Accept-CH
Content-Location
X-Response-Time
EagleEye-TraceId
X-Akam-SW-Version
X-Cache-Lookup
X-Origin-Cache
X-Ac
Allow
X-Readtime
X-Mod-Pagespeed
Rating
X-HW
X-Country
X-Application-Context
X-Cloud-Trace-Context
X-ORACLE-DMS-ECID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-ORACLE-DMS-RID
Edge-Control
Pinterest-Generated-By
X-MS-InvokeApp
X-TtlSet
X-Vname
X-PC
X-Cnection
X-Country-Code
X-CST
X-Varnish-TTL
X-DataDome
X-GitHub-Request-Id
X-Content-Type
X-ASPNET-VERSION
X-Clacks-Overhead
X-D2id
X-Trace
X-Sol
Response
Pagespeed
X-Middleton-Display
Display
X-Middleton-Response
X-FastCGI-Cache
MS-Author-Via
X-Pinterest-Rid
X-Origin-Upstream-Status
Pinterest-Version
X-Server-Name
X-TTL
Fusion-Content-Source
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Source
Fusion-Component-Id
X-Vcap-Request-Id
X-Px
X-Abt-Application-Version
X-Rack-Cache
X-Navigation-Version
X-Url
Service-Worker-Allowed
Verso
X-B3-TraceId
X-ESI
Arr-Disable-Session-Affinity
X-Client-IP
X-Cache-TTL
X-Cached
X-Element-Page-Cache
X-Fastly-Request-ID
X-DynaTrace
X-Dw-Request-Base-Id
X-FTR-Request-ID
X-Webkit-CSP
X-VARITI-CCR
SPRequestGuid
X-SharePointHealthScore
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-GoogleNews-Bot
X-Use-Magma
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Powered-By-Plesk
X-Goog-Hash
X-Upstream
X-NF-Request-ID
Fastly-Restarts
AR-ATIME
AR-PoweredBy
AR-CACHE
AR-Request-ID
Ar-Sid
X-Debug
Content-MD5
X-Pinterest-Direct
X-MSEdge-Ref
SPIisLatency
SPRequestDuration
X-Forwarded-Proto
X-Powered-CMS
X-Version
Access-Control-Request-Method
X-Release
X-Amz-Rid
X-XRDS-Location
X-T
X-Jurisdiction
X-Edge
S
X-Content-Digest
TCN
RTSS
TP-Cache
TP-L2-Cache
Public-Key-Pins
X-Ezoic-Cdn
Cache-Tag
X-Litespeed-Cache
X-Cache-Key
Front-End-Https
X-MCACHE
X-Mid
X-Node-Name
X-Yandex-Sdch-Disable
Server-Node
X-Mg-S
X-Amz-Server-Side-Encryption
X-Request-Received
X-Request-Processing-Time
Fastcgi-Cache
X-Recruiting
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-HP-Webp
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Amzn-Trace-Id
X-Accel-Expires
X-Ser
X-Kinsta-Cache
X-PressLabs-Stats
X-Grace
X-Ttl
X-Request-Handler-Origin-Region
X-NWS-LOG-UUID
X-Microsite
Accept-Ch
X-Origin-Server
X-Varnish-Age
Accept-Charset
MicrosoftSharePointTeamServices
ServerID
X-Logged-In
X-DIS-Request-ID
Cf-Bgj
Edge-Cache-Tag
X-Page-Id
X-ECACHE
X-Shield-Request-Id
Nginx-Cache
X-Ratelimit-Remaining
Host
X-Content-Security-Policy-Report-Only
X-Cache-Hit
X-Hits
Powered-By-ChinaCache
Cache-Tags
X-Hostname
X-B
X-Forwarded-For
X-F-Cache
X-Server-ID
X-LB-Cache
X-Mobile-URL
X-Respond-Thread
X-Activity-Id
X-Az
Cleartype
X-AppVersion
Realpath
X-Git-Hash
X-Cached-By
X-Upgrade-Enabled
X-N
X-Content-Options
X-Cache-Age
X-Kong-Upstream-Latency
Alternate-Protocol
X-Ratelimit-Limit
X-Kong-Proxy-Latency
X-Type
DynaTrace
X-Amz-Meta-S3cmd-Attrs
Paypal-Debug-Id
X-App-Environment
X-Rid
X-Request-Guid
X-Load-Cache
X-Varnish-Backend
X-Jobs
Fastcgi-Useragent
X-Country-Code-Real
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Balancer
Access-Control-Allow-Method
X-FTR-DC
X-FTR-Backend
X-FTR-Backend-Server
X-Seen-By
X-FTR-Expires
X-WebKit-CSP-Report-Only
X-Proxy
Charset
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-Goog-Storage-Class
X-HS-Combine-CSS
X-Zen-Fury
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-GUploader-UploadID
X-Akamai-Edgescape
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-B3-Sampled
X-TEC-API-ROOT
X-URL
X-FireWall-Port
Filters
X-VCache
X-IPLB-Instance
X-FB-Debug
X-Daa-Tunnel
X-Signature
X-B-Cache
X-AOL-HN
Filterid
X-Mobile
Healthy
X-Varnish-Grace
X-Debug-Info
X-Host-Name
MS-CV
X-Whom
X-Correlation-ID
Viewport
DC
X-Region
X-Geo-Country
X-User-Agent
Payment
X-App-Server
X-Accel-Buffering
X-Response-Served-From
X-Frontend
X-Cache-Operation
Liferay-Portal
X-Original-Request-Id
X-Cache-Rule
AMP-Access-Control-Allow-Source-Origin
X-HTML-Minification-Powered-By
X-Instance
X-Distributor
X-UUID
Surrogate-Key
X-Rule
X-FW-Dynamic
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel-2
X-Cache-Time
X-Amz-Replication-Status
X-FW-Static
X-FW-Type
X-Cacheable-TTL
X-FW-Server
X-Tumblr-Pixel-0
X-FW-Serve
X-Tumblr-Pixel
X-FW-Hash
X-Protected-By
Refresh
CACHE
Accept-Ch-Lifetime
X-Content-Powered-By
S-Cnection
Section-Io-Cache
X-Via-JSL
X-Cache-Expired-At
X-Acc-Debug-Context
X-Id
X-Wix-Request-Id
X-Is-Bot
X-Rendered-As
Version
Content-Disposition
X-Tec-Api-Version
GEO-INFO
X-Hyper-Cache
X-Tec-Api-Root
X-Tec-Api-Origin
X-Cache-Action
X-Backend-Name
X-Amzn-RequestId
X-Sucuri-ID
Server-Name
X-Amz-Apigw-Id
X-XRDS-LOCATION
Nel
X-Endurance-Cache-Level
Retry-After
PB-RID
Arc-Version
PB-PID
X-Air-Hostname
X-Cache-Server
Datacenter
X-Ah-Environment
X-Ua
X-Source
X-Oneagent-Js-Injection
X-App-Version
Eomportal-Instance
X-Unique-Id
X-Real-IP
X-ProcessESI
X-L-Path
X-RemovedCookies
X-Framework
X-EdgeConnect-Cache-Status
X-Environment-Context
X-Revision
X-Yottaa-Metrics
X-Pinterest-Sli-Response-Type
X-Yottaa-Optimizations
Referer-Policy
Frame-Options
X-Correlation-Id
X-Pinterest-Sli-Latency-Threshold
X-Pinterest-Sli-Endpoint-Name
Ms-Operation-Id
X-Sucuri-Cache
X-Drupal-Cache-Contexts
X-RTag
X-Varnish-Server
Countrycode
X-Cache-Spec
X-Cache-Control
X-Drupal-Cache-Tags
NGB
X-Esi
X-WA-Info
X-RN-RSRV
X-ES-SERVER
Meta-Geo
X-Cache-Var
X-Cache-Var-Map
Webserver
X-Mode
X-Proxy-Cache-Status
Akamai-Age-Ms
X-BYPASS-REASON
X-ProxyCache-Key
X-Qloud-Router
X-Xfnlog-Site
Cache-Tv-Group
X-TIME
X-R9-Blue-Green-Version
DB-Nickname
X-ProxyCache-Status
X-Cache-Host
X-Cache-TTL-Remaining
X-Time-Microsecs
X-Azure-Ref
X-CDN-Forward
TWC-Connection-Speed
TWC-Device-Class
Cross-Origin-Window-Policy
X-GeoIP
TWC-GeoIP-Country
Mn-Server-Ip
X-Contextid
Property-Id
Ec-Rule-Version
X-Server-W
X-LJ-Flow-ID
TWC-GeoIP-LatLong
X-Labrador-Cache-Channel
X-Human
X-Status
X-Handled-By
X-NYM-Debug-Backend
X-OCL
X-VWS-Id
X-Redis-Cache
X-PHP-Host
X-PCL
X-Origin-Hint
X-Hl-Ver
X-FW-Version
Webcakes-Region
X-Amzn-Remapped-Content-Length
Webcakes-App-Version
Webcakes-App-Name
TWC-Locale-Group
TWC-Privacy
X-Route-Name
X-AWS-Id
X-Providence-Cookie
X-Cluster
X-Flags
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Via-Fastly
X-TNCMS
X-Timing-Wait
X-Proto
X-Be
X-No-Session
X-ServerID
X-Zipkin-Id
X-Locale
X-Hosted-By
X-Format
Selected-Fe
X-FB-TRIP-ID
X-Loop
X-Proxied
X-Section
X-Routing-Service
X-Proxy-Build
X-Site-Version
X-Access
X-Detected-As
X-NewRelic-App-Data
X-From
X-Adobe-Loc
X-Adobe-Content
X-TT
X-AIR-PT
Uber-Trace-Id
X-Tt-Trace-Host
X-DynaTrace-JS-Agent
X-Tt-Trace-Tag
X-Cache-PHP
X-LLID
X-Debug-Cache
FSS-Cache
X-Generated-By
X-ATG-Version
X-Device-Type
X-BCube-Filmed-By
X-Ratelimit-Reset
X-NC
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Upgrade-Insecure-Requests
X-PHP-Backend
Azure-SlotName
Azure-SiteName
Azure-InstanceId
Azure-RegionName
Azure-Version
X-Varnish-Cache-Hits
X-Aspnetmvc-Version
Access-Control-Request-Headers
X-CSRF-Token
OT-Force-Account-Verify
X-ID
From-Origin
X-B3-Traceid
X-UPSTREAM-Address
X-NCache
Cache-Status
X-Oss-Hash-Crc64ecma
X-Adobe-Source
X-CCM
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Server-Time
X-GoCache-CacheStatus
X-Origin
X-Oss-Object-Type
X-Akamai-Transformed
CF-Cached-On
SD-X-WS
X-Page-View
X-COUNTRY
X-Cache-2
X-Backend-TTL
X-LAGOON
X-G
X-Varnishpool
X-Shopify-Stage
X-ShopId
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Soup
X-Storefront-Renderer-Rendered
X-ShardId
X-ApacheServer
X-Pubstack
X-PERF
X-Forwarded-Host
Country
X-Cache-Grace
X-Backend-Host
X-SayCDN-TTL
Powered
Fastly-SSL
Decoy-Debug-Status
SRV
Decoy-Debug-TTL
X-SaId
X-APP-VERSION
X-Web-Node
Decoy-Debug-Key
X-Say-TTL
X-JoinUs
X-Say-Cacheable
X-Cluster-Name
X-Storage
Node
X-Time
X-FTR-Cache-Host
X-IP
Cache
X-ECache
X-Ruxit-Js-Agent
X-Erf-Bev-Bev
X-TX-ID
X-Erf-Bev-Bev-Is-Generated
X-Viewer-Country
X-GEO
X-Cache-Enabled
X-Via-CDN
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
X-PBS-Appsvrname
X-Trv-Group
Apple-News-Services-Host
X-RCS-CacheZone
X-ARC
X-Rojux
X-Rewrite-Enabled
X-Request-UUID
X-S
X-S-Cookie
X-Session-Fingerprint
X-PAYTM-SRV-ID
X-ScT
X-Processor
X-Vdms-Version
X-Worker
X-External-Request-Id
Xc-Version
Rendered-Blocks
X-A
Mobile-Detection-Method
Meta-Geo-Continent
Machine
MD5-Digest
X-Vtex-Processado-Em
X-B-Cookie
X-A-Ccd
X-A-Dam
X-CF-Lambda-Fn
X-D
X-Application
X-CF-Lambda-Version
X-Aed
X-Destination
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-Connection-Hash
Host-ID
X-Vtex-Remote-Cache
X-VG-WebCache
X-VG-WebServer
DCR-Processing-Time-Ms
X-Tumblr-Pixel-3
X-Vdms-Path
Fastcgi-X-Cache-Version
DCR-Decision-By
X-Cache-NE
X-Cdn
X-Cache-Config
X-NWS-UUID-VERIFY
X-B3-Spanid
X-IPS-LoggedIn
X-EC-Lua
CDN-PullZone
CDN-Uid
Adler-Geo
CloudFront-Viewer-Country
CDN-RequestId
X-DefElseHash
X-CUA
X-Core-Value
CDN-Cache
CDN-RequestCountryCode
CDN-CachedAt
X-DefHash
X-Micro-Cache
Platform
X-Ms-Version
X-Fastly-Cache
Fastly-SWR
CDN-EdgeStorageId
X-Fmm-Version
Gh-Request-Id
X-Envoy-Decorator-Operation
X-Microcachable
Fastly-SIE
X-DPWN-IS-SECURE
X-Auto-Login
X-Ms-Request-Id
X-Generation-Time
Is-Eu
X-Rebelmouse-Cache-Control
X-Cache-Bucket
X-VG-TLSProxy
X-WADP-Cache
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Platform-Server
X-Varnish-Remaining-TTL
X-Variation
X-Cache-Debug
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Servername
X-Varnish-Beresp-Grace
X-Rebelmouse-Surrogate-Control
X-Clara-WADP
X-Cms-Context
Backend
X-Cache-Backend
Wxu-Next-Region
X-Fastcgi-Cache
X-Has-Esi
Fastly-Backend-Name
X-Gzip
Fastly-Drupal-HTML
CacheControlHeader
X-VarnishDD-TTL
X-Is-Gdpr
X-JWT-State
X-HS-Content-Campaign-Id
Wxu-Next-Hostname
X-Irp-Debug
X-Varnish-Cacheable
X-Geo-Header
X-Wikidot-Backend
X-Dispatcher-Server
X-Developers
Rt-Fastcgi-Cache
X-Fastly-Backend
X-Wikidot-Static-Cache
X-Platform
PFcat
Origin
NM-Fastcgi-Cache
L
X-Generated-On
X-Cache-NGX
X-Gamma-Serve
Wxu-Next-Commit
X-Webstats-RespID
C-Via
X-Esi-Check
X-HN
X-OVcl-Cache
X-Owner
X-Backend-State
X-Old-Content-Length
X-Thanos
X-SN
X-Skip-Cache
X-Branch-Name
X-Bip
X-Policy
X-Clientip
X-Request-Host
X-Request-Start
X-Method
X-OVcl
X-Cache-Id
X-LI-UUID
X-Li-Pop
X-Li-Fabric
AKAMAI
X-Level-Front-Cache
Akamai-GRN
X-Cache-Date
X-Location
X-UA
X-Bc-Bl
Ha-Gx-Prefs
X-Cache-Remote
L5d-Success-Class
Pagetype
X-DC
X-Varnish-Ttl
HA-Ipaddr
X-Slack-Backend
X-Cache-Tags
X-CGP
X-Hash
X-Core-Mission
X-Content-Age
X-Eu-Site
X-Render-Time
X-Csrf-Jwt
X-Mvc-Supplant-Cachable
X-Reqid
X-CS
X-PF-Uncompressing
X-Sql-Duration-Ms
X-Wa
X-Sql-Count
X-Refresh
X-Transaction
X-Twitter-Response-Tags
X-EIG-Tracking-Id
X-Minions-Version
X-Aicache-OS
X-TA-CDN-Provider
UCS
FSS-Proxy
X-Amz-Meta-Cb-Modifiedtime
X-SRV
Country-Code
X-Ftr-Cache-Host
XServer
X-NODE
Hostname
X-Www-Served-By
X-Via-Popn
X-Via-Poph
X-Date
X-NU-AKA-ACS-Version
NGX
X-Accel-Expires-Debug
Surrogated-Key
X-Hp-Webp
X-NGENIX-Cache
X-S-Maxage
Cache-Hits
X-Req
X-Up
X-Edge-Location
X-RateLimit-Remaining
X-Presslabs-Stats
X-Mvc-Supplant-OutputCached
Protected
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-LB-ID
X-LI-Proto
X-Servedbyhost
X-Nginx-Cache
X-Check-Cacheable
X-FPC
X-Debug-Cache-Store
Mail-Subject
We-Hiring
X-Debug-Cache-Fetch
X-Cdn-Srv
Group
Memcached
Ufe-Result
X-Dc
X-Cache-URL
Time
ServedBy
Edge-Copy-Time
X-Ua-Device
On-Server
X-Via-SSL
X-Via-Edge
X-Svr
X-Proxy-Upstream
X-Varnish-Hostname
Now
HostName
X-CACHE-AGE
GeoIp-Country-Code
X-Request-Time
Geoip-Latitude
X-Dynatrace-Js-Agent
X-BC
X-ZONE
X-VCL-Version
X-Agile
X-Webkit-Csp
X-Agile-Id
X-Pass-Why
X-Agile-Age
T-Server
X-CSRF-TOKEN
X-Cluster-Node
X-Cs
X-FORWARDED-FOR
SID
X-Uri
WZWS-RAY
Section-Io-Origin-Status
X-MP-GENERATED-AT
N-Cache
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-Acc-Rdl
Section-Origin-Responded
X-NGINX-Cache
Server-Host
M-TraceId
Pics-Label
Xserver
X-Varnish-Hits
X-UnsetCookies
Magicmarker
ProcessTime
X-VC
X-Via-Popv
X-SB
X-Cdn-Forward
X-LiteSpeed-Cache-Control
X-Datadome
X-TT-LOGID
Ohc-File-Size
X-Zone
X-Bc
X-CF-Powered-By
DSUID
Arc-Country
X-HS-Status
X-Srv
X-Info
X-Erf-Stays-Bingo-Pdp-Web
Apigw-Requestid
X-APP
Ohc-Cache-HIT
Cache-Name
NtCoent-Length
X-UA-Device-Type
Cteonnt-Length
Cdn-Host
X-Edge-Server
X-We-Are-Hiring
VivaBuild
Viewtype
Cdn-Request-Time
Odigeo-Trace-Id
User-Cache-Control
User-Agent
X-Origin-Date
X-MSEdge-Flight
CF-IPCountry
WebServer
X-RunCloud-Cache
Processtime
X-Action
Tracecode
X-Via-Ucdn
Memory
W
X-MSEdge-Features
Amp-Access-Control-Allow-Source-Origin
Server-Info
Srv
LB
X-RPS
X-RPM
X-Oss-Cdn-Auth
Ssr
S-Rt
X-DSS
X-Tb
Sid
WWW-Authenticate
X-Magnolia-Registration
X-DW
X-DI
X-RSL
X-DB
CountryCode
X-HOST
X-Newrelic-App-Data
X-Vgn-Hpd-Ssi
CDN
X-SERVER-NAME
Lfy
X-Dynatrace
X-HITS
Instruction
CDCHOST
X-VServer
X-SVT-ORM-RULES
X-Developer
X-Pjax-Url
MIME-Version
Locid
IsBot
X-Varnish-Url
X-User
X-Cc-Req-Id
D-Cc-Upstream
X-Cc-Via
X-Thinkindot-L3
X-Varnish-Authentication
X-SVT-ORM-VERSION
X-Scheme
X-SRCache-Key
Server-Hostname
X-Node-Id
X-Cache-Info
X-Nginx-Cache-Key
X-API-Version
Web-Mar-Node
X-Nyt-Route
V-Age
Vix-Hermes-Req-Id
X-Matched-Rule
X-Loc
X-Block-Status
X-Cache-ASPX
X-Cache-Expires
X-Gen-Mode
X-BBXSRF
X-BBC-Edge-Cache-Status
X-Hnp-Log
True-Client-Country-4JS
X-Contensis-Viewer-Groups
Server-Ext
X-Origin-TTL
Server-ID
Path
X-Request-URI
X-Server-IP
X-SD-PageType
X-Response-By
X-Origin-Time
X-Origin-Expires
Thinkindot-CacheControl-Type
X-Origin-CC
Thinkindot-Control
Thinkindot-CacheControl
SR-User-Adfree
X-Gdpr
Sever-Int
X-SIPLIST1
X-Cache-Hfrom
X-Vcl-Version
X-Cache-Hm
X-Unique-ID
Geo-Info
X-Browser-Type
X-Webkit-CSP-Report-Only
X-Hit
X-Geo
X-GeoIP-City
X-Generated-In
X-Sn-Servicetimems
X-Goog-Meta-Goog-Reserved-File-Mtime
X-FC-Vary-Parameters
X-Newrelic-Synthetics
Cache-Host
X-Fastly-Country-Code
Pramga
Release
GeoIP-Latitude
GeoIP-Country-Code
X-Traceid
X-NodeID
X-Device-Os
X-Var-Ttl
X-Cdn-Origin
X-Trace-Id
X-Fetched-On
X-Swa-Ws
A
X-Azure-Ref-OriginShield
X-CACHE-KEY
X-Akamai-Request-ID2
Lb
X-Oracle-Dms-Rid
Cdn
X-Provided-By
X-Nc
X-Lb-Id
X-Via-NSCOPI
Source
X-Envoy-Upstream-Healthchecked-Cluster
X-Fpc
X-Epic-Correlation-Id
Cf-Device-Type
X-Origin-Response-Time
X-Cache-Tag
FNAC-ModuleRouting
Accept-Language
X-Men
X-ServedByHost
X-Li-Proto
X-Fastly-Request-Id
X-Sigma-Backend
Expiry
X-StackifyID
X-Akamai-Pragma-Client-IP
X-Sigma
Cache-Key
X-Served-From
X-Amzn-Remapped-Date
Kp-EeAlive
X-Via-PopN
X-Via-PopH
X-Via-PopV
X-Amzn-Remapped-Connection
X-TH-Server
Server-Ttl
Esi-Enabled
X-Rocket-Build-Number
Actual-Object-TTL
X-ORACLE-APMCS-REQUEST-ID
X-Key
Content-Style-Type
Content-Script-Type
X-Parent-Response-Time
X-Instart-Request-ID
X-Vgn-Hpd-Reason
Url
Cache-Provider
X-No-Cache
X-Agile-Brick-Ok
X-RateLimit-Remaining-Second
X-Tt-Logid
X-ElasticPress-Query
X-RateLimit-Limit-Second
X-WA
X-Proxy-Cachei7
X-Yottaa-OS
Location
Xkeyi7
X-ServiceProvider
X-Akamai-Request-ID
X-Request-URL
X-Batcache
Content-Secure-Policy
EpKe-Alive
Req-Svc-Chain
X-VC-Cache
X-B3-SpanId
X-Mobile-Rewrite
X-MiniProfiler-Ids
Tcn
X-Vcache
Inserted-Into-Cache-At
BehaviorPad-Version
X-PJAX-URL
X-ND-Cache
Who
Proxy-Firewall
X-Dispatch
X-Apw-Hits
URI
X-Instart-Info
X-RateLimit-Limit
X-HostName
X-BBC-Origin-Response-Status
X-Varnish-Beresp-TTL
Origin-Cache-Control
X-Apw-Access-Object
X-B3-Parentspanid
Origin-Edge-Control
X-Apw-Access-Token
X-Apw-Access-Action
X-Selected-Scheme
X-Geo-Region
X-Selected-Host-Header
X-Selected-Name
X-TrackingId
PICS-Label
X-C
Pragrma
X-Pf-Uncompressing
Xet-Cookie
Mime-Version
DataCenter
X-TraceId
Resin-Trace
Cf-Alt-Svc
HitType
Powered-By
X-RAMCache
NnCoection
X-Dw-Trace-Id
Vha6-Origin
X-Snapshot-Date