Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
Age
CF-RAY
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Xss-Protection
Alt-Svc
X-Served-By
CF-Ray
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Methods
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Request-ID
X-Generator
P3p
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Upgrade
X-Template
Content-Encoding
X-Language
X-CDN
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Ws-Request-Id
X-Buckets
Feature-Policy
X-Age
X-Backend
X-AH-Environment
X-Hacker
X-Robots-Tag
X-Cache-Group
EagleId
X-UA-Device
X-Server
X-Amz-Request-Id
X-Amz-Id-2
X-Proxy-Cache
X-Turbo-Charged-By
X-Server-Powered-By
Request-Context
Server-Timing
Host-Header
X-Nginx-Cache-Status
Grace
Xkey
X-Dns-Prefetch-Control
Report-To
X-Page-Speed
X-Rq
Cf-Bgj
X-LiteSpeed-Cache
X-Varnish-Cache
X-OneAgent-JS-Injection
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
X-Vhost
NEL
X-Dispatcher
X-Host
X-Node
X-Device
X-Backend-Server
Surrogate-Control
X-Cache-Lookup
X-Origin-Cache
X-Response-Time
X-Ruxit-JS-Agent
Content-Location
X-Akam-SW-Version
X-ASPNET-VERSION
Request-Id
X-Ac
X-Server-Id
Akamai-Age-Ms
X-Country
X-Mod-Pagespeed
X-HW
Rating
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Readtime
X-Cloud-Trace-Context
Accept-CH-Lifetime
Accept-CH
Pinterest-Generated-By
X-Application-Context
X-Origin-Upstream-Status
X-DataDome
Edge-Control
X-Country-Code
X-Url
X-TtlSet
X-PC
X-Vname
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Content-Source
X-Varnish-TTL
X-Cnection
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-D2id
X-GitHub-Request-Id
X-ESI
X-Server-Name
X-MS-InvokeApp
X-Clacks-Overhead
X-Content-Type
X-Navigation-Version
X-FTR-Request-ID
X-Abt-Application-Version
Verso
Accept-Ch
X-Vcap-Request-Id
X-Trace
Pinterest-Version
X-Pinterest-Rid
X-Px
X-B3-TraceId
Display
Response
X-Sol
X-Middleton-Display
Pagespeed
X-Middleton-Response
Allow
X-Cached
X-Element-Page-Cache
X-Rack-Cache
X-DynaTrace
X-Fastly-Request-ID
Service-Worker-Allowed
Accept-Ch-Lifetime
X-TTL
X-Server-ID
X-Cache-TTL
X-Powered-By-Plesk
X-Version
MS-Author-Via
Arr-Disable-Session-Affinity
X-Forwarded-Proto
X-Client-IP
X-Upstream
X-NF-Request-ID
X-T
Content-MD5
X-Debug
Fastly-Restarts
SPRequestGuid
X-SharePointHealthScore
X-Dw-Request-Base-Id
AR-Request-ID
Ar-Sid
AR-PoweredBy
AR-ATIME
AR-CACHE
X-VARITI-CCR
X-Jurisdiction
X-Exp-Id
X-Use-Magma
X-Kinja
X-Kinja-Revision
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Build
X-Cdn-Fetch
X-Kinja-Server
X-Goog-Hash
Access-Control-Request-Method
X-Powered-CMS
TP-L2-Cache
TP-Cache
X-Content-Digest
X-XRDS-Location
X-NWS-LOG-UUID
X-Release
X-Edge
X-PressLabs-Stats
X-MSEdge-Ref
RTSS
SPRequestDuration
SPIisLatency
X-Amz-Rid
Cache-Tag
Public-Key-Pins
Fastcgi-Cache
TCN
S
X-Yandex-Sdch-Disable
X-Request-Processing-Time
X-Request-Received
X-Ttl
X-Mid
X-MCACHE
X-Accel-Expires
X-Ezoic-Cdn
X-Cache-Hit
ServerID
Server-Node
X-Logged-In
X-Cache-Key
X-Amzn-Trace-Id
X-Ratelimit-Remaining
X-Node-Name
Alternate-Protocol
Front-End-Https
X-FastCGI-Cache
X-Request-Handler-Origin-Region
X-Microsite
X-Pinterest-Direct
X-ECACHE
X-Ser
X-Webkit-CSP
X-Recruiting
X-Origin-Server
X-Kinsta-Cache
X-Page-Id
X-B
X-Mobile-URL
Host
Accept-Charset
X-Ratelimit-Limit
Realpath
X-Hostname
X-Forwarded-For
X-FTR-Cache-Status
X-FTR-Realm
X-FireWall-Port
X-FTR-Expires
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Backend
X-Country-Code-Real
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Content-Security-Policy-Report-Only
X-Id
Filterid
X-Seen-By
Nginx-Cache
X-Load-Cache
X-Jobs
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Content-Options
X-Varnish-Age
X-CST
X-DIS-Request-ID
X-Shield-Request-Id
X-Daa-Tunnel
Paypal-Debug-Id
X-Zen-Fury
X-App-Environment
X-F-Cache
X-LB-Cache
X-Az
X-Rid
X-AppVersion
X-Activity-Id
X-Type
Edge-Cache-Tag
X-Git-Hash
X-Varnish-Backend
X-N
X-Varnish-Grace
X-Correlation-ID
X-Request-Guid
X-FB-Debug
X-Grace
X-Hits
X-Amz-Server-Side-Encryption
X-App-Server
Fastcgi-Useragent
AMP-Access-Control-Allow-Source-Origin
X-Cdn
X-Proxy
DC
X-Akamai-Edgescape
X-WebKit-CSP-Report-Only
Content-Disposition
X-Hp-Webp
X-Content-Powered-By
X-Fastcgi-Cache
X-Endurance-Cache-Level
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Cache-Tags
X-Cache-Operation
X-Cache-Rule
Access-Control-Allow-Method
DynaTrace
X-Upgrade-Enabled
X-Kong-Upstream-Latency
X-Mg-S
X-Kong-Proxy-Latency
X-Geo-Country
X-VCache
MicrosoftSharePointTeamServices
Cleartype
X-Wix-Request-Id
X-Cached-By
X-Original-Request-Id
Refresh
X-XRDS-LOCATION
Powered
X-Accel-Buffering
X-Response-Served-From
X-B3-Sampled
X-Amz-Meta-S3cmd-Attrs
NGB
X-User-Agent
X-IPLB-Instance
X-AOL-HN
X-Amzn-RequestId
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-Amz-Apigw-Id
Payment
X-B-Cache
X-Signature
X-Goog-Stored-Content-Encoding
Healthy
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-UUID
X-Cache-Time
X-FW-Static
X-HTML-Minification-Powered-By
X-FW-Type
MS-CV
X-Distributor
X-Whom
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-FW-Serve
X-FW-Hash
X-FW-Server
X-FW-Dynamic
X-Region
X-Tumblr-Pixel-1
X-Rule
X-Is-Bot
Datacenter
X-Tumblr-Pixel-2
X-Rendered-As
X-Cacheable-TTL
X-Frontend
X-Host-Name
X-Instance
PB-PID
Arc-Version
PB-RID
Countrycode
X-DynaTrace-JS-Agent
X-Varnish-Server
Surrogate-Key
X-Debug-Info
X-Ua
X-Mobile
X-HP-Webp
X-PHP-Backend
X-Oneagent-Js-Injection
X-Tec-Api-Origin
X-App-Version
X-Tec-Api-Version
X-Tec-Api-Root
X-NewRelic-App-Data
X-Azure-Ref
X-Backend-Name
X-Via-JSL
X-Cache-Age
Cache
X-FTR-Cache-Host
S-Cnection
X-Cache-Server
Powered-By-ChinaCache
X-WA-Info
X-Time
X-Protected-By
X-Hyper-Cache
Referer-Policy
Webserver
X-Cache-Control
X-Respond-Thread
Filters
Retry-After
Liferay-Portal
Charset
Viewport
From-Origin
X-Cache-Expired-At
X-CSRF-Token
X-EdgeConnect-Cache-Status
X-Proxy-Cache-Status
X-Revision
X-Mode
X-RemovedCookies
X-Cache-Action
X-Debug-Cache
X-Cache-Var
X-ES-SERVER
X-FB-TRIP-ID
X-RN-RSRV
X-ProcessESI
X-Source
Section-Io-Cache
Meta-Geo
X-Cache-Var-Map
X-R9-Blue-Green-Version
X-Sucuri-ID
X-From
X-Ruxit-Js-Agent
X-GeoIP
X-Framework
X-Qloud-Router
X-Server-W
X-Device-Type
Eomportal-Instance
X-Site-Version
X-ProxyCache-Key
Webcakes-App-Version
X-L-Path
X-LJ-Flow-ID
X-Time-Microsecs
Webcakes-Region
X-BYPASS-REASON
TWC-GeoIP-Country
TWC-Connection-Speed
X-AWS-Id
X-Origin-Hint
Property-Id
Mn-Server-Ip
X-Amz-Replication-Status
X-Locale
Webcakes-App-Name
X-Via-Fastly
TWC-Locale-Group
X-Ratelimit-Reset
TWC-GeoIP-LatLong
X-VWS-Id
TWC-Privacy
TWC-Device-Class
X-Environment-Context
X-ProxyCache-Status
DB-Nickname
Selected-Fe
X-FW-Version
X-OCL
X-Cache-Host
X-Status
X-Proxy-Build
X-Zipkin-Id
X-Timing-Wait
X-PCL
X-Hl-Ver
X-Routing-Service
Cross-Origin-Window-Policy
X-Proxied
X-JoinUs
X-SaId
X-Acc-Debug-Context
X-Real-IP
X-Redis-Cache
X-ServerID
X-Amzn-Remapped-Content-Length
Cache-Tv-Group
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Handled-By
X-Hosted-By
X-Human
X-Labrador-Cache-Channel
X-PHP-Host
X-Proto
Ms-Operation-Id
X-Cluster
X-RTag
X-Xfnlog-Site
X-NYM-Debug-Backend
X-Access
Uber-Trace-Id
X-Be
X-Generated-By
X-Format
X-Section
X-Loop
X-TA-CDN-Provider
Ec-Rule-Version
X-Varnish-Cache-Hits
X-TNCMS
X-NWS-UUID-VERIFY
X-BCube-Filmed-By
X-Detected-As
CF-Cached-On
Frame-Options
X-Origin
X-Cache-TTL-Remaining
Server-Name
X-ATG-Version
X-No-Session
X-Cache-PHP
Version
X-Instart-Request-ID
X-NCache
FSS-Cache
X-Sucuri-Cache
X-EIG-Tracking-Id
X-URL
X-Contextid
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Drupal-Cache-Tags
X-CACHE-AGE
X-IPS-LoggedIn
X-Drupal-Cache-Contexts
X-Air-Hostname
X-EC-Lua
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Variations-Key
Now
X-Cache-Enabled
X-IP
X-Litespeed-Cache
X-Akamai-Transformed
Time
X-Tumblr-Pixel-3
X-Bc-Bl
X-Cache-Backend
X-Backend-Host
GEO-INFO
X-TT
X-Unique-Id
OT-Force-Account-Verify
Node
X-Correlation-Id
Azure-SiteName
X-RCS-CacheZone
Azure-InstanceId
Azure-RegionName
Azure-SlotName
Azure-Version
X-GoCache-CacheStatus
X-Adobe-Content
X-Adobe-Loc
Access-Control-Request-Headers
X-TIME
X-Cache-NE
X-UA
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-NGENIX-Cache
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Adobe-Source
X-APP-VERSION
X-Pubstack
X-Oss-Storage-Class
X-CCM
X-Oss-Request-Id
X-Oss-Server-Time
X-B-Cookie
X-Application
X-CF-Lambda-Fn
X-ARC
X-Destination
Apple-News-Services-Handled
X-G
X-Generation-Time
X-Aed
X-Date
X-Connection-Hash
X-D
X-CF-Lambda-Version
X-A-Dcw
DCR-Processing-Time-Ms
Fastcgi-X-Cache-Version
Host-ID
Machine
DCR-Decision-By
CloudFront-Viewer-Country
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
MD5-Digest
Meta-Geo-Continent
X-A-Dam
X-A-Dgt
X-A-Wwc
X-A-Ccd
X-A
Mobile-Detection-Method
Rendered-Blocks
Surrogated-Key
X-Accel-Expires-Debug
X-External-Request-Id
X-S-Cookie
X-Cdn-Forward
HostName
X-Transaction
X-S
X-Rojux
X-PBS-Appsvrname
X-Processor
X-Rewrite-Enabled
X-Trv-Group
X-Twitter-Response-Tags
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Worker
Xc-Version
X-VG-WebServer
X-VG-WebCache
X-Up
X-Vdms-Path
X-Vdms-Version
X-PAYTM-SRV-ID
X-ScT
X-OVcl
X-OVcl-Cache
X-Minions-Version
X-ApacheServer
X-PERF
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Viewer-Country
X-Forwarded-Host
X-Varnishpool
X-ShopId
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-ShardId
X-Cache-Bucket
X-WADP-Cache
X-Webstats-RespID
X-Micro-Cache
X-Cache-2
X-Owner
X-Microcachable
X-Bip
CDN-Uid
CDN-RequestCountryCode
X-Cache-Grace
SD-X-WS
X-Request-UUID
CDN-Cache
CDN-CachedAt
X-Method
CDN-PullZone
CDN-EdgeStorageId
CDN-RequestId
X-VG-TLSProxy
X-Envoy-Decorator-Operation
Wxu-Next-Region
Wxu-Next-Hostname
X-Thanos
X-Agile-Id
X-Agile-Age
X-SN
X-Soup
Wxu-Next-Commit
We-Hiring
X-Render-Time
Mail-Subject
X-Agile
X-Req
X-Core-Value
X-Clara-WADP
X-Fmm-Version
NM-Fastcgi-Cache
X-Hash
X-Dispatcher-Server
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Dc
X-AIR-PT
X-Varnish-Beresp-Grace
X-TX-ID
X-Varnish-Ttl
Akamai-GRN
X-CDN-Forward
X-Skip-Cache
X-Variation
X-Cache-URL
X-Servername
X-Cluster-Name
X-Csrf-Jwt
X-Core-Mission
X-Cms-Context
X-Cache-NGX
Fastly-SSL
X-Cache-Config
M-TraceId
Ha-Gx-Prefs
HA-Ipaddr
PFcat
Ufe-Result
L5d-Success-Class
Group
X-CUA
X-Cache-Id
X-Esi-Check
X-Storage
Platform
X-DPWN-IS-SECURE
X-Reqid
X-Proxy-Upstream
X-Varnish-Cacheable
X-VarnishDD-TTL
Adler-Geo
Fastly-SIE
Fastly-SWR
Is-Eu
X-Policy
X-Platform
X-Gamma-Serve
X-Generated-On
X-Fastly-Cache
X-Eu-Site
Fastly-Drupal-HTML
X-Rebelmouse-Surrogate-Control
X-Gzip
X-Rebelmouse-Cache-Control
X-Level-Front-Cache
X-HS-Content-Campaign-Id
X-HN
X-Edge-Location
X-CGP
Cache-Status
Backend
AKAMAI
X-VHOST
Country-Code
CacheControlHeader
X-RateLimit-Remaining
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-Cache-Date
X-Backend-TTL
X-Cache-Tags
X-Clientip
X-LI-UUID
X-Amz-Meta-Cb-Modifiedtime
X-Irp-Debug
X-Backend-State
Memcached
UCS
Rt-Fastcgi-Cache
X-CS
X-Location
X-Slack-Backend
X-Geo-Header
C-Via
X-Cdn-Srv
X-Request-Host
X-Content-Age
X-Developers
X-Li-Fabric
X-Fastly-Backend
X-Old-Content-Length
X-Say-TTL
X-SayCDN-TTL
X-Li-Pop
X-Say-Cacheable
L
X-Request-Start
X-Auto-Login
X-Esi
X-Wikidot-Backend
X-Web-Node
Pagetype
X-Wikidot-Static-Cache
Gh-Request-Id
Country
X-ORACLE-APMCS-REQUEST-ID
Nel
Actual-Object-TTL
Fastly-Backend-Name
X-Is-Gdpr
Origin
X-NC
X-Mvc-Supplant-Cachable
X-Has-Esi
X-JWT-State
X-Refresh
X-PF-Uncompressing
Arc-Country
X-Ms-Request-Id
X-Ms-Version
X-ZONE
X-BC
X-NODE
X-Wa
X-B3-Spanid
X-LB-ID
VivaBuild
X-Aicache-OS
Viewtype
Geo-Info
Srv
NGX
X-RunCloud-Cache
X-Via-Ucdn
FSS-Proxy
X-Via-Poph
X-Unique-ID
X-Via-Popn
X-LAGOON
X-Platform-Server
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-DefHash
X-Varnish-Remaining-TTL
X-DefElseHash
X-Srv
Upgrade-Insecure-Requests
X-LI-Proto
X-Servedbyhost
X-Branch-Name
Cdn-Request-Time
X-Edge-Server
X-Mvc-Supplant-OutputCached
Cdn-Host
X-Vgn-Hpd-Ssi
Memory
X-Ua-Device
X-SERVER
X-UPSTREAM-Address
X-ECache
X-Session-Fingerprint
X-Cache-Debug
X-Mobile-Rewrite
X-Request-Time
X-Geo
X-LiteSpeed-Cache-Control
Sid
X-Zone
X-Bc
Server-Info
X-Cluster-Node
X-Nginx-Cache
X-APP
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Akamai-Request-ID2
X-Action
X-Epic-Correlation-Id
X-FC-Vary-Parameters
CACHE
X-Nc
X-Hit
Xserver
X-RSL
WWW-Authenticate
X-DW
X-B3-Traceid
X-RPS
X-FPC
X-CF-Powered-By
X-DI
X-RPM
X-Via-Popv
X-Cs
X-DSS
X-DB
Apigw-Requestid
X-NGINX-Cache
X-Varnish-Hostname
X-Providence-Cookie
X-Route-Name
X-Is-Crawler
X-Flags
X-Aspnet-Duration-Ms
X-Oss-Cdn-Auth
X-HS-Status
NtCoent-Length
X-GEO
X-DC
X-Vcache
X-MP-GENERATED-AT
GeoIp-Country-Code
X-Vcl-Version
Geoip-Latitude
X-Ftr-Cache-Host
User-Agent
X-CSRF-TOKEN
Origin-Cache-Control
Origin-Edge-Control
X-VCL-Version
Processtime
ProcessTime
XServer
Hostname
GeoIP-Country-Code
X-SERVER-NAME
GeoIP-Latitude
X-Check-Cacheable
CF-IPCountry
X-FORWARDED-FOR
X-Page-View
X-Key
Accept-Language
X-Dispatch
X-NU-AKA-ACS-Version
X-Tb
X-HOST
X-Via-CDN
X-Fpc
Esi-Enabled
X-UnsetCookies
X-Envoy-Upstream-Healthchecked-Cluster
SID
X-Webkit-CSP-Report-Only
HitType
X-HITS
SRV
Proxy-Firewall
X-Cache-Hm
X-Via-SSL
Cdn
X-Via-Edge
X-Svr
Edge-Copy-Time
X-Cache-Hfrom
X-App
X-Fastly-Country-Code
X-Dynatrace-Js-Agent
W
Request-ID
WebServer
X-Path-Route
X-Www-Served-By
Fastcgi-Cache-TTL
S-Rt
BehaviorPad-Version
X-Generated
X-RAMCache
X-Pass-Why
X-We-Are-Hiring
A
X-Sql-Count
X-Sql-Duration-Ms
X-COUNTRY
LB
X-CACHE-KEY
X-Geo-Region
ServedBy
X-TrackingId
On-Server
Cteonnt-Length
Lb
Ohc-File-Size
CDN
Cache-Hits
Amp-Access-Control-Allow-Source-Origin
Xet-Cookie
X-SRV
X-Amzn-Remapped-Connection
X-Instart-Info
X-Pjax-Url
T-Server
X-Presslabs-Stats
X-Newrelic-App-Data
X-MSEdge-Flight
X-Amzn-Remapped-Date
Powered-By
X-MSEdge-Features
X-Newrelic-Synthetics
X-ServedByHost
X-Li-Proto
N-Cache
X-S-Maxage
Server-Host
X-Cache-Remote
X-Origin-Response-Time
X-Dynatrace
X-Datadome
X-Served-From
Tcn
X-LiteSpeed-Tag
Cache-Key
X-Batcache
Content-Script-Type
Pics-Label
X-Akamai-Pragma-Client-IP
Content-Style-Type
Magicmarker
X-HostName
X-TH-Server
X-Client-Ip
Odigeo-Trace-Id
X-Via-NSCOPI
Dnion-Transfer-Encoding
Ohc-Cache-HIT
X-Lb-Id
Cache-Provider
X-Via-PopN
User-Cache-Control
X-TT-LOGID
X-B3-SpanId
X-StackifyID
X-Region-Sid
X-Via-PopH
X-Via-PopV
X-RateLimit-Limit
WZWS-RAY
X-VC
X-SB
X-Cache-Tag
X-WA
Load-Balancing
X-Planisys-CDN-Rules
X-Tt-Logid
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Agile-Brick-Ok
Cf-Alt-Svc
X-Info
Server-Ttl
X-Vgn-Hpd-Reason
X-Erf-Bev-Bev-Is-Generated
X-Varnish-Hits
X-Erf-Bev-Bev
X-SRCache-Key
Inserted-Into-Cache-At
Who
X-Origin-TTL
AsisCache
GEO-REGION-INFO
X-Pf-Uncompressing
X-Parent-Response-Time
X-Origin-CC
X-Magnolia-Registration
X-Yottaa-OS
X-Tid
X-Developer
X-Pad
X-DevSite-Last-Modified
X-Selected-Name
Protected
X-BACKEND-TTL
Section-Io-Origin-Time-Seconds
CountryCode
Section-Origin-Responded
Section-Io-Origin-Status
Cache-Name
X-UA-Device-Type
DSUID
Proxy-Connection
X-Selected-Host-Header
X-Selected-Scheme
X-ElasticPress-Query
Section-Io-Id
Source
X-Uri
PICS-Label
X-Dw-Trace-Id
X-MiniProfiler-Ids
X-PJAX-URL
Pragrma
X-C
Mime-Version
X-Apw-Access-Action
X-Varnish-Beresp-TTL
X-Request-URL
X-Apw-Hits
X-Apw-Access-Token
X-Apw-Access-Object
URI
X-RateLimit-Remaining-Second
X-Azure-Ref-OriginShield
X-BBXSRF
X-Akamai-Request-ID
Web-Mar-Node
V-Age
Vix-Hermes-Req-Id
X-Block-Status
X-Cache-ASPX
X-Device-Os
X-Fetched-On
X-Contensis-Viewer-Groups
X-Cdn-Request-ID
X-Cache-Info
X-Cdn-Origin
Tracecode
Thinkindot-Control
Locid
MIME-Version
Kp-EeAlive
IsBot
CDCHOST
FNAC-ModuleRouting
Path
Pramga
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Sever-Int
Server-Hostname
Release
Server-Ext
X-Gen-Mode
X-Generated-In
X-Var-Ttl
X-Varnish-Authentication
X-Trace-Id
X-Thinkindot-L3
X-SVT-ORM-VERSION
X-Swa-Ws
X-Varnish-URL
X-Akamai-ERPolicy
X-Nananana
X-Proxy-Cachei7
Cneonction
X-Fastly-Cache-Hits
X-Akamai-ERRuleID
X-Compress-Hint
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-Logging-Id
X-Matched-Rule
X-Loc
X-Hnp-Log
X-GeoIP-City
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Nginx-Cache-Key
X-NodeID
X-ServiceProvider
X-SIPLIST1
X-Request-URI
X-RateLimit-Limit-Second
X-Origin-Date
X-Origin-Expires
Vha6-Origin