Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
CF-Ray
Alt-Svc
X-Served-By
X-Xss-Protection
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
P3p
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
Upgrade
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Template
X-Ws-Request-Id
X-Language
Feature-Policy
X-Age
X-Dns-Prefetch-Control
X-Backend
X-Cache-Group
X-Hacker
X-Amz-Request-Id
X-Server
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
EagleId
X-UA-Device
X-Proxy-Cache
Request-Context
X-Turbo-Charged-By
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Host-Header
Grace
X-Buckets
Report-To
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
Cf-Railgun
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-Vhost
Cf-Bgj
X-Host
X-WebKit-CSP
X-Backend-Server
X-Dispatcher
X-Device
X-Node
NEL
Surrogate-Control
X-Ruxit-JS-Agent
X-Server-Id
Content-Location
X-Response-Time
X-Cache-Lookup
Request-Id
X-Origin-Cache
X-Akam-SW-Version
Accept-CH-Lifetime
X-Ac
EagleEye-TraceId
X-ASPNET-VERSION
X-Country
Accept-CH
Rating
X-HW
X-Mod-Pagespeed
X-Readtime
X-Cloud-Trace-Context
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Application-Context
Allow
Edge-Control
Pinterest-Generated-By
X-Country-Code
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-PC
X-Vname
X-TtlSet
X-DataDome
X-Varnish-TTL
X-Url
X-Cnection
X-Origin-Upstream-Status
X-MS-InvokeApp
X-GitHub-Request-Id
X-Content-Type
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
X-Clacks-Overhead
X-D2id
X-Trace
X-Abt-Application-Version
Response
Display
X-Middleton-Response
X-Server-Name
Pagespeed
X-Sol
X-Middleton-Display
X-Webkit-CSP
X-ESI
X-Vcap-Request-Id
X-Px
Pinterest-Version
X-Pinterest-Rid
X-Rack-Cache
X-FTR-Request-ID
X-B3-TraceId
Verso
X-Navigation-Version
MS-Author-Via
Service-Worker-Allowed
X-DynaTrace
X-Cached
X-Fastly-Request-ID
X-Element-Page-Cache
X-Client-IP
X-Cache-TTL
Arr-Disable-Session-Affinity
X-TTL
X-Dw-Request-Base-Id
Accept-Ch
X-Powered-By-Plesk
X-CST
X-FastCGI-Cache
X-Upstream
Content-MD5
X-SharePointHealthScore
SPRequestGuid
Fastly-Restarts
X-Version
AR-PoweredBy
AR-Request-ID
AR-CACHE
AR-ATIME
Ar-Sid
X-Forwarded-Proto
X-NF-Request-ID
X-Debug
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Server
X-Use-Magma
X-Exp-Variant
X-Kinja-Revision
X-VARITI-CCR
X-Exp-Id
X-Cdn-Fetch
X-Goog-Hash
X-T
X-XRDS-Location
X-Jurisdiction
Access-Control-Request-Method
X-Powered-CMS
X-MSEdge-Ref
X-Release
TP-Cache
TP-L2-Cache
SPIisLatency
SPRequestDuration
X-Content-Digest
S
X-Edge
X-Amz-Rid
TCN
RTSS
X-Pinterest-Direct
X-Ttl
Cache-Tag
Public-Key-Pins
X-NWS-LOG-UUID
X-Ezoic-Cdn
X-Server-ID
X-Node-Name
X-PressLabs-Stats
Fastcgi-Cache
X-Yandex-Sdch-Disable
X-Request-Received
X-Request-Processing-Time
X-MCACHE
X-Mid
X-Cache-Key
Server-Node
Front-End-Https
X-Accel-Expires
X-Amzn-Trace-Id
X-Ratelimit-Remaining
X-Kinsta-Cache
X-Microsite
X-Recruiting
X-Ser
X-Logged-In
X-Request-Handler-Origin-Region
X-Cache-Hit
ServerID
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-SRCache-Fetch-Status
X-Origin-Server
X-SRCache-Store-Status
X-Page-Id
Accept-Charset
X-Mg-S
X-Grace
Host
X-B
Alternate-Protocol
X-Amz-Server-Side-Encryption
X-Content-Security-Policy-Report-Only
X-Varnish-Age
X-ECACHE
X-Mobile-URL
X-Shield-Request-Id
X-DIS-Request-ID
Edge-Cache-Tag
Accept-Ch-Lifetime
X-Hostname
X-Ratelimit-Limit
Nginx-Cache
X-HP-Webp
X-Country-Code-Real
X-Forwarded-For
X-FTR-Backend
X-FTR-Balancer
X-FTR-Realm
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Expires
X-Hits
X-Content-Options
Realpath
X-Seen-By
X-LB-Cache
X-F-Cache
Filterid
X-Git-Hash
X-Load-Cache
X-FireWall-Port
X-Jobs
X-Activity-Id
X-AppVersion
MicrosoftSharePointTeamServices
X-Az
X-N
X-Request-Guid
X-App-Environment
X-Type
Fastcgi-Useragent
X-Varnish-Backend
Cache-Tags
X-Rid
X-WebKit-CSP-Report-Only
Paypal-Debug-Id
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Varnish-Grace
X-TEC-API-ORIGIN
X-Zen-Fury
Cleartype
X-Upgrade-Enabled
DynaTrace
X-Cached-By
X-Kong-Upstream-Latency
X-Daa-Tunnel
X-Kong-Proxy-Latency
Access-Control-Allow-Method
X-Proxy
X-FB-Debug
X-Id
Powered-By-ChinaCache
X-Cache-Age
X-Akamai-Edgescape
X-Litespeed-Cache
X-Amz-Meta-S3cmd-Attrs
X-App-Server
Nel
X-GUploader-UploadID
X-HS-Content-Id
X-HS-Hub-Id
X-Cache-Rule
X-Geo-Country
X-HS-Cache-Config
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Cache-Operation
DC
X-Respond-Thread
X-HS-Combine-CSS
X-Host-Name
Content-Disposition
X-IPLB-Instance
X-Content-Powered-By
X-User-Agent
X-B-Cache
X-B3-Sampled
X-AOL-HN
X-Signature
X-Whom
X-Correlation-ID
X-Accel-Buffering
X-Debug-Info
X-Original-Request-Id
X-Response-Served-From
X-Wix-Request-Id
Healthy
MS-CV
AMP-Access-Control-Allow-Source-Origin
X-Region
X-Frontend
Payment
X-HTML-Minification-Powered-By
X-VCache
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Serve
X-Rule
X-FW-Dynamic
X-FW-Hash
Akamai-Age-Ms
X-Cacheable-TTL
X-Is-Bot
X-UUID
X-Instance
X-Ua
X-Distributor
X-Rendered-As
X-Cache-Time
X-Mobile
X-Endurance-Cache-Level
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel-2
X-Tumblr-Pixel
Datacenter
X-Amz-Apigw-Id
Surrogate-Key
X-Amzn-RequestId
Refresh
NGB
Filters
Charset
Countrycode
X-Via-JSL
X-Acc-Debug-Context
S-Cnection
Liferay-Portal
X-Protected-By
X-App-Version
Viewport
X-Backend-Name
PB-PID
PB-RID
Arc-Version
X-Varnish-Server
X-Hyper-Cache
X-XRDS-LOCATION
X-Cache-Expired-At
X-Ah-Environment
X-Cache-Server
X-Oneagent-Js-Injection
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
Section-Io-Cache
X-Amz-Replication-Status
X-NewRelic-App-Data
X-Cache-Action
X-PHP-Backend
Retry-After
Referer-Policy
X-Source
GEO-INFO
Version
X-WA-Info
X-EdgeConnect-Cache-Status
X-Azure-Ref
X-Correlation-Id
X-Proxy-Cache-Status
X-Sucuri-ID
X-Cache-Control
X-Fastcgi-Cache
Eomportal-Instance
X-L-Path
X-Environment-Context
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Framework
X-Real-IP
X-ES-SERVER
X-Cache-Var-Map
X-Unique-Id
X-Cache-Var
X-RN-RSRV
X-Time
Meta-Geo
X-Air-Hostname
X-RemovedCookies
X-Revision
X-ProcessESI
Frame-Options
X-RTag
Powered
X-GeoIP
Server-Name
Ms-Operation-Id
X-From
X-Xfnlog-Site
X-ProxyCache-Status
X-Qloud-Router
X-R9-Blue-Green-Version
X-ProxyCache-Key
X-Mode
X-BYPASS-REASON
X-Cache-Host
X-Time-Microsecs
X-Cache-TTL-Remaining
X-FW-Version
X-Hosted-By
Mn-Server-Ip
DB-Nickname
Cache-Tv-Group
Uber-Trace-Id
Cross-Origin-Window-Policy
Ec-Rule-Version
X-PHP-Host
X-Cluster
X-DynaTrace-JS-Agent
X-PCL
X-FB-TRIP-ID
X-Labrador-Cache-Channel
X-TNCMS
X-VWS-Id
X-OCL
X-Loop
X-AWS-Id
X-Server-W
X-LJ-Flow-ID
X-Human
X-Status
TWC-GeoIP-LatLong
X-NYM-Debug-Backend
X-Timing-Wait
X-Proxy-Build
X-Amzn-Remapped-Content-Length
X-Drupal-Cache-Contexts
X-Handled-By
TWC-Locale-Group
Selected-Fe
TWC-GeoIP-Country
TWC-Device-Class
X-CSRF-Token
Webcakes-App-Name
Property-Id
X-Origin-Hint
Webcakes-App-Version
Webcakes-Region
X-Detected-As
TWC-Privacy
TWC-Connection-Speed
X-Access
X-Zipkin-Id
X-Be
X-Routing-Service
X-Section
X-Format
X-Redis-Cache
X-ServerID
X-Hl-Ver
X-Proxied
X-Proto
X-Ratelimit-Reset
X-Debug-Cache
X-Cache-PHP
X-BCube-Filmed-By
X-Hp-Webp
X-Device-Type
X-Site-Version
X-Sucuri-Cache
X-Locale
X-No-Session
X-Drupal-Cache-Tags
X-Generated-By
X-Via-Fastly
X-Contextid
FSS-Cache
Cache
X-CDN-Forward
X-ATG-Version
X-SaId
From-Origin
X-JoinUs
X-FTR-Cache-Host
X-Varnish-Cache-Hits
Webserver
X-Esi
CACHE
X-NCache
X-Adobe-Loc
X-Adobe-Content
X-URL
X-NC
X-Origin
CF-Cached-On
OT-Force-Account-Verify
X-AIR-PT
X-NWS-UUID-VERIFY
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Object-Type
X-TT
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
VIX-Pulpo-Node
X-Tt-Trace-Host
Azure-Version
X-GoCache-CacheStatus
VIX-Pulpo-Upstream-Status
X-Tt-Trace-Tag
Azure-SiteName
Azure-InstanceId
Azure-SlotName
Azure-RegionName
X-IPS-LoggedIn
X-TA-CDN-Provider
X-IP
X-Cache-Enabled
X-EC-Lua
X-EIG-Tracking-Id
X-Akamai-Transformed
X-CCM
Access-Control-Request-Headers
X-Adobe-Source
SD-X-WS
X-Bc-Bl
X-Backend-Host
X-Cache-2
X-TIME
Upgrade-Insecure-Requests
X-Route-Name
X-ShardId
X-Providence-Cookie
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShopId
X-Flags
X-Storefront-Renderer-Rendered
X-Is-Crawler
X-Alternate-Cache-Key
X-Shopify-Stage
X-Aspnet-Duration-Ms
X-ECache
X-Soup
X-APP-VERSION
X-Tumblr-Pixel-3
X-Backend-TTL
Node
X-Web-Node
X-ApacheServer
X-Viewer-Country
X-Storage
Fastly-SSL
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-Cache-Grace
X-Cluster-Name
X-Say-Cacheable
X-PERF
X-Pubstack
X-SayCDN-TTL
X-Say-TTL
X-Ruxit-Js-Agent
X-Forwarded-Host
Cache-Status
X-Vtex-Remote-Cache
Xc-Version
X-Worker
X-Vdms-Version
DCR-Decision-By
X-Connection-Hash
X-D
X-Destination
X-External-Request-Id
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Application
X-ARC
X-VG-WebServer
X-B-Cookie
X-Transaction
X-G
X-Rojux
X-S
X-S-Cookie
X-VG-WebCache
X-Rewrite-Enabled
X-Request-UUID
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Processor
X-RCS-CacheZone
X-Aed
X-A-Wwc
X-Vdms-Path
DCR-Processing-Time-Ms
Fastcgi-X-Cache-Version
Host-ID
X-ScT
Apple-News-Services-Request-Url
X-Varnishpool
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Machine
MD5-Digest
X-Vtex-Processado-Em
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A-Ccd
X-A
Meta-Geo-Continent
X-Trv-Group
Mobile-Detection-Method
Rendered-Blocks
X-Twitter-Response-Tags
X-Cache-NE
X-Cache-Backend
X-LAGOON
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-Cdn
X-TX-ID
X-Cache-Config
Fastly-SWR
X-DPWN-IS-SECURE
X-Envoy-Decorator-Operation
X-Clara-WADP
CDN-EdgeStorageId
CDN-Uid
X-Rebelmouse-Surrogate-Control
Adler-Geo
CDN-RequestCountryCode
Fastly-SIE
CDN-RequestId
X-Rebelmouse-Cache-Control
X-Servername
CDN-PullZone
X-VG-TLSProxy
Is-Eu
X-WADP-Cache
CDN-Cache
CDN-CachedAt
X-Generation-Time
X-Variation
X-Fastly-Cache
X-Fmm-Version
Platform
X-Cache-Bucket
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
Backend
X-UPSTREAM-Address
Country
X-Varnish-Beresp-Ttl
X-Cache-NGX
X-Cache-Id
X-Fastly-Backend
C-Via
X-Gzip
X-Hash
CloudFront-Viewer-Country
X-Backend-State
Country-Code
X-Clientip
X-CUA
L
Akamai-GRN
X-Core-Mission
X-Date
X-Dispatcher-Server
X-Esi-Check
NM-Fastcgi-Cache
X-Cms-Context
X-Auto-Login
X-Li-Fabric
X-Policy
X-Render-Time
Surrogated-Key
X-Platform
X-OVcl-Cache
X-Old-Content-Length
X-OVcl
X-Request-Host
X-Request-Start
X-Varnish-Cacheable
X-Webstats-RespID
X-Wikidot-Backend
Gh-Request-Id
X-SN
Rt-Fastcgi-Cache
X-Slack-Backend
Origin
Fastly-Drupal-HTML
X-Wikidot-Static-Cache
X-Li-Pop
X-Ms-Version
Wxu-Next-Region
X-Accel-Expires-Debug
X-HS-Content-Campaign-Id
X-Irp-Debug
X-Micro-Cache
X-LI-UUID
Wxu-Next-Commit
X-Ms-Request-Id
X-Platform-Server
Wxu-Next-Hostname
X-NGENIX-Cache
X-UA
Time
X-CS
L5d-Success-Class
X-Amz-Meta-Cb-Modifiedtime
X-Has-Esi
X-Reqid
X-Skip-Cache
X-Req
X-Owner
X-Mvc-Supplant-Cachable
X-Thanos
X-Up
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-DefHash
X-DefElseHash
X-Minions-Version
X-Microcachable
X-Core-Value
X-Csrf-Jwt
X-Content-Age
X-CGP
X-Cache-Tags
X-Developers
X-Eu-Site
X-Level-Front-Cache
X-JWT-State
X-Is-Gdpr
X-Generated-On
X-Bip
X-Method
Ha-Gx-Prefs
X-Pinterest-Sli-Endpoint-Name
X-Pinterest-Sli-Response-Type
HA-Ipaddr
X-Pinterest-Sli-Latency-Threshold
Fastly-Backend-Name
CacheControlHeader
X-Varnish-Ttl
X-DC
Now
UCS
Ufe-Result
X-Gamma-Serve
X-Edge-Location
X-Cache-Date
X-Cdn-Srv
X-Cache-URL
X-Wa
AKAMAI
X-Aicache-OS
X-VarnishDD-TTL
X-HN
We-Hiring
PFcat
Mail-Subject
Group
Memcached
X-CACHE-AGE
X-Refresh
X-Location
FSS-Proxy
X-Cache-Debug
X-LB-ID
Pagetype
X-Geo-Header
X-Proxy-Upstream
X-Branch-Name
X-Session-Fingerprint
X-Page-View
X-Via-Popn
X-Via-Poph
X-NODE
SRV
X-Agile-Age
X-PF-Uncompressing
X-Agile-Id
X-GEO
X-Agile
X-BC
X-Ftr-Cache-Host
X-ZONE
X-Mvc-Supplant-OutputCached
HostName
X-B3-Traceid
X-Servedbyhost
X-B3-Spanid
X-LI-Proto
X-RateLimit-Remaining
NGX
X-Debug-Cache-Store
M-TraceId
X-Debug-Cache-Fetch
Hostname
X-Via-CDN
X-Nginx-Cache
X-Datadome
Xserver
X-Ua-Device
X-Dc
Arc-Country
X-Request-Time
X-Check-Cacheable
X-Instart-Request-ID
X-Sql-Count
X-SERVER
X-Sql-Duration-Ms
X-Cdn-Forward
X-LLID
Cdn-Request-Time
X-Varnish-Hostname
WebServer
X-SRV
X-VCL-Version
Viewtype
Cdn-Host
VivaBuild
X-Edge-Server
X-NU-AKA-ACS-Version
X-Via-Ucdn
X-Zone
X-Bc
X-Cluster-Node
X-Cache-Remote
X-LiteSpeed-Cache-Control
X-RunCloud-Cache
X-FPC
X-Dynatrace-Js-Agent
X-SERVER-NAME
X-COUNTRY
Srv
X-Via-SSL
Edge-Copy-Time
X-Via-Edge
X-APP
X-CF-Powered-By
X-Via-Popv
Memory
X-Action
X-FORWARDED-FOR
X-Www-Served-By
SID
X-UnsetCookies
On-Server
X-Cs
WWW-Authenticate
X-HS-Status
X-DSS
X-RPM
X-DW
X-RPS
X-DI
X-Svr
X-DB
X-RSL
NtCoent-Length
X-Vgn-Hpd-Ssi
ServedBy
X-MP-GENERATED-AT
ProcessTime
X-ID
Cache-Hits
X-S-Maxage
X-NGINX-Cache
X-ORACLE-APMCS-REQUEST-ID
X-CSRF-TOKEN
XServer
X-Srv
Geoip-Latitude
X-Presslabs-Stats
X-Oss-Cdn-Auth
Apigw-Requestid
Actual-Object-TTL
GeoIp-Country-Code
X-Vcache
X-Geo
Server-Info
GeoIP-Latitude
T-Server
GeoIP-Country-Code
X-We-Are-Hiring
X-Pass-Why
User-Agent
Geo-Info
X-Hit
X-Unique-ID
W
Sid
Amp-Access-Control-Allow-Source-Origin
Processtime
X-Akamai-Request-ID2
X-MSEdge-Flight
X-MSEdge-Features
Ohc-File-Size
LB
X-Epic-Correlation-Id
Pics-Label
X-Tb
X-Erf-Stays-Bingo-Pdp-Web
CF-IPCountry
X-HOST
Protected
S-Rt
Cdn
Server-Host
X-Envoy-Upstream-Healthchecked-Cluster
X-VC
N-Cache
X-SB
X-FC-Vary-Parameters
X-HITS
X-Varnish-Hits
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Pjax-Url
Accept-Language
X-Mobile-Rewrite
X-Uri
WZWS-RAY
X-Cache-Hm
Magicmarker
X-Vcl-Version
X-Fpc
X-Info
X-Cache-Hfrom
X-Nc
X-Webkit-CSP-Report-Only
X-Newrelic-Synthetics
A
X-Key
X-Acc-Rdl
X-Fastly-Country-Code
CDN
Cteonnt-Length
Esi-Enabled
Ohc-Cache-HIT
X-CACHE-KEY
Origin-Edge-Control
User-Cache-Control
Lb
Tracecode
Origin-Cache-Control
X-TT-LOGID
X-Newrelic-App-Data
Section-Io-Id
Odigeo-Trace-Id
Section-Io-Origin-Time-Seconds
X-Provided-By
Section-Io-Origin-Status
Section-Origin-Responded
DSUID
X-B3-SpanId
X-Dispatch
Proxy-Firewall
X-UA-Device-Type
X-Instart-Info
Ssr
X-Via-NSCOPI
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
Cache-Name
X-Geo-Region
X-Magnolia-Registration
X-Origin-Date
X-ServedByHost
Powered-By
X-StackifyID
X-Li-Proto
Lfy
X-Dynatrace
X-Response-By
X-Cache-Info
X-Block-Status
X-Cache-ASPX
X-Request-URI
Path
X-Nyt-Route
MIME-Version
Server-Ext
Locid
IsBot
X-Rocket-Build-Number
X-BBC-Edge-Cache-Status
Instruction
Server-Hostname
X-BBXSRF
X-Contensis-Viewer-Groups
X-Origin-Expires
X-Origin-CC
CDCHOST
Thinkindot-CacheControl
V-Age
Thinkindot-CacheControl-Type
X-Cc-Via
X-Cc-Req-Id
Thinkindot-Control
True-Client-Country-4JS
Vix-Hermes-Req-Id
Release
Sever-Int
Web-Mar-Node
X-API-Version
Server-ID
X-Origin-TTL
FNAC-ModuleRouting
D-Cc-Upstream
SR-User-Adfree
X-Origin-Time
X-Developer
X-SRCache-Key
X-GeoIP-City
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hnp-Log
X-Thinkindot-L3
X-VServer
X-SVT-ORM-RULES
X-Gdpr
X-Gen-Mode
X-Loc
X-Matched-Rule
X-Node-Id
X-RAMCache
X-Varnish-Authentication
X-User
X-Traceid
X-Nginx-Cache-Key
X-Varnish-Url
X-Cache-Expires
X-SVT-ORM-VERSION
Cache-Key
HitType
X-SIPLIST1
X-Sigma-Backend
X-Sigma
X-Akamai-Pragma-Client-IP
Server-Ttl
X-Served-From
X-SD-PageType
X-Server-IP
X-TH-Server
X-Cache-Tag
X-Parent-Response-Time
X-Var-Ttl
X-Generated
Cache-Provider
X-TrackingId
X-Lb-Id
BehaviorPad-Version
X-Device-Os
X-Via-PopH
Cache-Host
X-Fetched-On
X-Scheme
X-Via-PopN
Fastcgi-Cache-TTL
X-Cache-Spec
X-Generated-In
Pramga
Kp-EeAlive
X-Via-PopV
X-Swa-Ws
X-Men
X-No-Cache
CountryCode
X-ElasticPress-Query
X-Cdn-Origin
X-Sn-Servicetimems
Xet-Cookie
X-Trace-Id
X-LiteSpeed-Tag
X-VC-Cache
X-App
X-NodeID
X-Agile-Brick-Ok
X-Azure-Ref-OriginShield
Req-Svc-Chain
X-RateLimit-Limit-Second
X-Tt-Logid
X-RateLimit-Remaining-Second
X-WA
X-Batcache
X-ServiceProvider
Tcn
Cf-Device-Type
X-Planisys-CDN-TTL
X-PJAX-URL
Who
X-Planisys-CDN-Rules
X-HostName
X-Yottaa-OS
Cf-Alt-Svc
Dnion-Transfer-Encoding
X-RateLimit-Limit
X-Pf-Uncompressing
X-Planisys-CDN-Cache
Inserted-Into-Cache-At
X-Varnish-Beresp-TTL
X-Selected-Host-Header
X-Selected-Scheme
X-Path-Route
X-Selected-Name
X-B3-Parentspanid
Vha6-Origin
X-BBC-Origin-Response-Status
X-Proxy-Cachei7
X-MiniProfiler-Ids
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Hits
X-Request-URL
X-Snapshot-Date
Source
X-Apw-Access-Action
X-Vgn-Hpd-Reason
Mime-Version
Resin-Trace
X-C
Pragrma
PICS-Label
X-Dw-Trace-Id