Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
CF-RAY
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
X-Xss-Protection
Alt-Svc
X-Served-By
CF-Ray
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
P3p
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Template
X-Language
X-Backend
X-Cache-Group
X-Hacker
X-Amz-Request-Id
X-Server
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
X-UA-Device
X-Dns-Prefetch-Control
EagleId
X-Proxy-Cache
Request-Context
X-Turbo-Charged-By
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Grace
Host-Header
Report-To
Xkey
X-Page-Speed
X-Rq
X-Varnish-Cache
X-OneAgent-JS-Injection
X-Buckets
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-Vhost
X-WebKit-CSP
X-Host
X-Backend-Server
NEL
X-Dispatcher
X-Device
X-Server-Id
X-Node
Surrogate-Control
X-Ruxit-JS-Agent
Accept-CH-Lifetime
Content-Location
Request-Id
X-Response-Time
Accept-CH
X-Cache-Lookup
X-Akam-SW-Version
X-Origin-Cache
EagleEye-TraceId
X-Ac
Cf-Bgj
X-ASPNET-VERSION
X-Readtime
Rating
X-HW
X-Mod-Pagespeed
Allow
X-Country
X-Cloud-Trace-Context
X-Application-Context
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Edge-Control
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DataDome
X-Country-Code
X-PC
X-Vname
X-TtlSet
X-Cnection
X-Varnish-TTL
X-MS-InvokeApp
X-Origin-Upstream-Status
X-Content-Type
X-GitHub-Request-Id
X-Url
X-Clacks-Overhead
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Content-Id
Fusion-Source
Fusion-Component-Id
X-D2id
X-Trace
X-Middleton-Response
Response
X-Sol
Pagespeed
Display
X-Middleton-Display
Pinterest-Version
X-Pinterest-Rid
X-Abt-Application-Version
X-Vcap-Request-Id
X-Px
X-Rack-Cache
X-CST
MS-Author-Via
X-Navigation-Version
X-Server-Name
Verso
Service-Worker-Allowed
X-B3-TraceId
X-DynaTrace
X-FTR-Request-ID
X-FastCGI-Cache
X-Cached
X-Fastly-Request-ID
X-Client-IP
X-Element-Page-Cache
Arr-Disable-Session-Affinity
X-Webkit-CSP
X-TTL
X-Cache-TTL
X-ESI
X-Dw-Request-Base-Id
X-Powered-By-Plesk
SPRequestGuid
X-SharePointHealthScore
X-VARITI-CCR
X-Upstream
X-Goog-Hash
X-Debug
Fastly-Restarts
AR-Request-ID
AR-ATIME
AR-CACHE
AR-PoweredBy
X-NF-Request-ID
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
Content-MD5
X-Kinja-Revision
Ar-Sid
X-Kinja-Server
X-Kinja
X-Kinja-Build
X-Use-Magma
X-Forwarded-Proto
X-Version
X-MSEdge-Ref
X-T
X-Powered-CMS
Access-Control-Request-Method
X-XRDS-Location
X-Jurisdiction
X-Pinterest-Direct
X-Release
SPIisLatency
SPRequestDuration
X-Content-Digest
X-Amz-Rid
S
X-Edge
TP-L2-Cache
TP-Cache
TCN
RTSS
Cache-Tag
X-Ttl
Public-Key-Pins
X-Ezoic-Cdn
X-Node-Name
X-Cache-Key
X-Yandex-Sdch-Disable
Fastcgi-Cache
X-MCACHE
X-Request-Received
X-Request-Processing-Time
X-Mid
Server-Node
Front-End-Https
Accept-Ch
X-NWS-LOG-UUID
X-Accel-Expires
X-Amzn-Trace-Id
X-Recruiting
X-Ser
X-PressLabs-Stats
X-Kinsta-Cache
X-Mg-S
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Request-Handler-Origin-Region
X-Microsite
X-Amz-Server-Side-Encryption
X-Origin-Server
ServerID
X-Grace
X-Logged-In
X-Ratelimit-Remaining
Accept-Charset
X-Cache-Hit
X-Page-Id
X-Litespeed-Cache
X-HP-Webp
X-Varnish-Age
Host
X-DIS-Request-ID
X-Content-Security-Policy-Report-Only
X-ECACHE
Nginx-Cache
X-B
Edge-Cache-Tag
X-Shield-Request-Id
X-Mobile-URL
X-Hostname
X-Hits
MicrosoftSharePointTeamServices
X-Server-ID
Alternate-Protocol
X-F-Cache
Realpath
X-Ratelimit-Limit
X-Git-Hash
X-LB-Cache
X-Activity-Id
X-Az
X-AppVersion
X-Content-Options
X-FTR-Balancer
X-FTR-Realm
X-N
X-FTR-DC
Cache-Tags
X-FTR-Backend
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Expires
X-Load-Cache
X-Seen-By
X-Request-Guid
Paypal-Debug-Id
X-Cache-Age
X-Type
X-Jobs
DynaTrace
X-Rid
Cleartype
X-Varnish-Backend
X-App-Environment
Fastcgi-Useragent
X-FireWall-Port
X-Cached-By
X-Upgrade-Enabled
X-Forwarded-For
Powered-By-ChinaCache
X-Kong-Upstream-Latency
X-TEC-API-ROOT
X-TEC-API-VERSION
Filterid
X-TEC-API-ORIGIN
X-Kong-Proxy-Latency
X-WebKit-CSP-Report-Only
Access-Control-Allow-Method
X-Correlation-ID
X-Amz-Meta-S3cmd-Attrs
X-Proxy
X-Zen-Fury
X-Respond-Thread
X-Varnish-Grace
X-Akamai-Edgescape
X-FB-Debug
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Daa-Tunnel
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-B3-Sampled
X-HS-Combine-CSS
X-App-Server
DC
X-Host-Name
X-B-Cache
X-IPLB-Instance
X-Signature
X-Cache-Rule
X-Cache-Operation
X-AOL-HN
X-Geo-Country
X-Debug-Info
MS-CV
X-Whom
X-Region
X-User-Agent
Healthy
Charset
X-Response-Served-From
X-Mobile
X-Accel-Buffering
X-Original-Request-Id
X-Frontend
AMP-Access-Control-Allow-Source-Origin
X-Content-Powered-By
X-VCache
X-Esi
Payment
X-Instance
Filters
Content-Disposition
X-HTML-Minification-Powered-By
X-Distributor
X-Rule
X-UUID
X-FW-Serve
X-FW-Dynamic
X-FW-Hash
X-Cacheable-TTL
X-Id
X-FW-Type
X-FW-Static
X-FW-Server
X-Tumblr-Pixel
X-Tumblr-Pixel-2
X-Tumblr-User
X-Wix-Request-Id
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Cache-Time
Refresh
Accept-Ch-Lifetime
Surrogate-Key
Liferay-Portal
Viewport
X-Is-Bot
X-Protected-By
X-Rendered-As
X-Acc-Debug-Context
X-Via-JSL
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Ua
X-Endurance-Cache-Level
S-Cnection
Datacenter
Akamai-Age-Ms
X-Amz-Replication-Status
X-Backend-Name
X-Hyper-Cache
PB-PID
X-Cache-Expired-At
Arc-Version
PB-RID
X-App-Version
X-XRDS-LOCATION
GEO-INFO
Nel
Section-Io-Cache
X-URL
NGB
X-Cache-Action
X-Cache-Server
Version
X-Ah-Environment
Countrycode
X-Oneagent-Js-Injection
X-Sucuri-ID
X-Varnish-Server
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
Retry-After
X-Source
X-Unique-Id
X-EdgeConnect-Cache-Status
Referer-Policy
X-Air-Hostname
Server-Name
Eomportal-Instance
X-RemovedCookies
X-ProcessESI
X-Framework
X-L-Path
X-Environment-Context
X-Real-IP
X-Yottaa-Optimizations
Frame-Options
X-Azure-Ref
X-Cache-Control
X-WA-Info
X-Yottaa-Metrics
X-Revision
X-RTag
X-Proxy-Cache-Status
Ms-Operation-Id
CACHE
X-Drupal-Cache-Contexts
Meta-Geo
X-NewRelic-App-Data
X-Cache-Var-Map
X-ES-SERVER
X-Cache-Var
X-PHP-Backend
X-RN-RSRV
X-Sucuri-Cache
X-From
X-Mode
X-GeoIP
DB-Nickname
Cache-Tv-Group
X-Time-Microsecs
X-Cache-Host
X-Cache-TTL-Remaining
X-ProxyCache-Key
X-ProxyCache-Status
X-Xfnlog-Site
X-BYPASS-REASON
X-CDN-Forward
X-DynaTrace-JS-Agent
X-Loop
X-NYM-Debug-Backend
X-OCL
X-PCL
X-Hosted-By
X-FW-Version
Ec-Rule-Version
X-Amzn-Remapped-Content-Length
X-Cluster
X-PHP-Host
Cross-Origin-Window-Policy
X-Labrador-Cache-Channel
X-TNCMS
X-R9-Blue-Green-Version
X-Status
X-Qloud-Router
Webcakes-App-Name
TWC-Privacy
Webcakes-App-Version
X-Access
X-Zipkin-Id
TWC-Locale-Group
Webcakes-Region
TWC-GeoIP-LatLong
Mn-Server-Ip
X-Hl-Ver
X-Redis-Cache
Property-Id
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-Device-Class
X-AWS-Id
X-Be
X-Locale
X-LJ-Flow-ID
X-Server-W
X-Section
X-Origin-Hint
X-Routing-Service
X-Drupal-Cache-Tags
X-Human
X-Detected-As
X-Proxied
X-Format
X-Site-Version
X-ServerID
X-Handled-By
X-Proto
X-VWS-Id
X-Proxy-Build
X-Timing-Wait
X-Via-Fastly
X-No-Session
Selected-Fe
Uber-Trace-Id
X-Contextid
X-Pinterest-Sli-Latency-Threshold
X-Pinterest-Sli-Endpoint-Name
X-Pinterest-Sli-Response-Type
X-Debug-Cache
X-Device-Type
X-FB-TRIP-ID
X-Cache-PHP
X-ATG-Version
X-Generated-By
X-BCube-Filmed-By
X-Ratelimit-Reset
FSS-Cache
Powered
X-Time
X-Correlation-Id
X-NC
X-Varnish-Cache-Hits
X-Adobe-Loc
X-Adobe-Content
Webserver
From-Origin
X-CSRF-Token
X-FTR-Cache-Host
X-Fastcgi-Cache
X-JoinUs
X-AIR-PT
X-SaId
Azure-SlotName
X-TT
Azure-Version
X-NCache
VIX-Pulpo-Upstream-Status
Azure-InstanceId
Cache
Azure-SiteName
CF-Cached-On
Azure-RegionName
X-TIME
VIX-Pulpo-Node
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Flags
X-Providence-Cookie
X-Route-Name
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-Origin
OT-Force-Account-Verify
X-Tt-Trace-Host
X-Tt-Trace-Tag
Upgrade-Insecure-Requests
X-GoCache-CacheStatus
Access-Control-Request-Headers
X-Akamai-Transformed
X-COUNTRY
X-Hp-Webp
X-CCM
X-Cache-2
X-Adobe-Source
X-NWS-UUID-VERIFY
SD-X-WS
X-APP-VERSION
X-IP
X-Backend-TTL
X-IPS-LoggedIn
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-ShardId
X-Sorting-Hat-ShopId
X-LAGOON
X-Alternate-Cache-Key
X-Pubstack
X-PERF
X-Forwarded-Host
X-Cache-Grace
X-ApacheServer
X-Backend-Host
X-Say-TTL
X-TA-CDN-Provider
X-SayCDN-TTL
Decoy-Debug-TTL
Decoy-Debug-Key
X-Web-Node
Cache-Status
X-Storage
X-Soup
X-UPSTREAM-Address
Decoy-Debug-Status
Fastly-SSL
X-Say-Cacheable
X-Cluster-Name
X-ECache
X-Tumblr-Pixel-3
Country
X-Varnishpool
X-EC-Lua
X-Cache-Enabled
X-Viewer-Country
X-Ruxit-Js-Agent
X-G
X-TX-ID
Node
X-Bc-Bl
X-PAYTM-SRV-ID
X-CF-Lambda-Version
X-Vdms-Path
X-Destination
X-External-Request-Id
X-D
X-Vdms-Version
Fastcgi-X-Cache-Version
X-A-Ccd
X-A
DCR-Processing-Time-Ms
X-Connection-Hash
X-A-Dam
X-A-Dcw
X-Aed
Meta-Geo-Continent
X-Vtex-Processado-Em
X-A-Wwc
X-VG-WebServer
X-S
X-ScT
X-PBS-Appsvrname
X-VG-WebCache
X-Vtex-Remote-Cache
Xc-Version
DCR-Decision-By
X-Rewrite-Enabled
X-Cache-Backend
X-Rojux
X-A-Dgt
X-EIG-Tracking-Id
Mobile-Detection-Method
X-Worker
X-Request-UUID
MD5-Digest
X-S-Cookie
X-B-Cookie
Apple-News-Services-Handled
X-Cache-NE
X-RCS-CacheZone
X-Processor
Host-ID
Apple-News-Services-Host
Rendered-Blocks
X-CF-Lambda-Fn
X-ARC
X-Application
X-Trv-Group
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Machine
X-Cache-Config
X-Cdn
X-B3-Traceid
X-Clara-WADP
X-DefElseHash
X-Cache-Bucket
CloudFront-Viewer-Country
Adler-Geo
CDN-EdgeStorageId
X-Auto-Login
CDN-CachedAt
CDN-PullZone
CDN-Cache
CDN-RequestId
CDN-RequestCountryCode
X-Cms-Context
CDN-Uid
X-Varnish-CookieINHashed-On
Fastly-SWR
X-Ms-Request-Id
X-Varnish-CookieHashed-On
X-Micro-Cache
X-Rebelmouse-Cache-Control
Platform
X-Rebelmouse-Surrogate-Control
X-Ms-Version
Is-Eu
X-Twitter-Response-Tags
X-Platform-Server
X-Transaction
X-Variation
X-VG-TLSProxy
Gh-Request-Id
X-DefHash
Fastly-SIE
X-Servername
X-Fastly-Cache
X-Fmm-Version
X-Varnish-Remaining-TTL
X-Page-View
X-DPWN-IS-SECURE
X-Envoy-Decorator-Operation
X-Generation-Time
X-WADP-Cache
Backend
X-CS
X-Core-Value
X-Wikidot-Static-Cache
X-Microcachable
X-Render-Time
Country-Code
X-Thanos
X-Bip
X-Backend-State
X-Wikidot-Backend
AKAMAI
C-Via
X-Cache-Id
X-Skip-Cache
X-Request-Host
X-Request-Start
Rt-Fastcgi-Cache
Akamai-GRN
X-Amz-Meta-Cb-Modifiedtime
L
Origin
X-Slack-Backend
X-Owner
X-Has-Esi
X-Gzip
X-HS-Content-Campaign-Id
X-Irp-Debug
X-JWT-State
X-Is-Gdpr
X-Core-Mission
Fastly-Backend-Name
Fastly-Drupal-HTML
X-Developers
X-Esi-Check
X-CUA
X-Fastly-Backend
X-Policy
X-Li-Fabric
X-Varnish-Beresp-Status
X-Li-Pop
X-Varnish-Beresp-Grace
X-Platform
X-Cache-NGX
X-Old-Content-Length
X-Varnish-Beresp-Ttl
X-Clientip
X-Varnish-Cacheable
X-LI-UUID
X-Method
X-UA
X-DC
Wxu-Next-Hostname
Wxu-Next-Commit
X-Eu-Site
X-HN
X-Geo-Header
X-Level-Front-Cache
X-Location
X-VarnishDD-TTL
X-SN
X-Generated-On
X-Webstats-RespID
PFcat
X-Cache-Date
X-Gamma-Serve
NM-Fastcgi-Cache
X-Cache-Debug
X-Dispatcher-Server
X-Csrf-Jwt
X-Content-Age
X-CGP
X-Hash
X-Minions-Version
X-Session-Fingerprint
X-OVcl-Cache
X-OVcl
X-Mvc-Supplant-Cachable
X-Cache-Tags
Wxu-Next-Region
CacheControlHeader
Ha-Gx-Prefs
X-ID
SRV
L5d-Success-Class
HA-Ipaddr
X-Varnish-Ttl
X-B3-Spanid
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Variations-Key
X-Reqid
X-Wa
Pagetype
X-Branch-Name
X-GEO
X-Accel-Expires-Debug
X-Date
Surrogated-Key
UCS
X-LLID
X-NGENIX-Cache
X-Via-CDN
X-Req
FSS-Proxy
X-Refresh
X-Edge-Location
X-Up
X-LB-ID
Time
Now
Hostname
X-Via-Poph
X-Cache-URL
X-Via-Popn
Memcached
X-Cdn-Srv
Ufe-Result
Mail-Subject
We-Hiring
Group
X-NODE
X-FORWARDED-FOR
X-PF-Uncompressing
X-Aicache-OS
X-Mvc-Supplant-OutputCached
X-Proxy-Upstream
X-LI-Proto
X-RateLimit-Remaining
X-Servedbyhost
NGX
X-Presslabs-Stats
X-Ftr-Cache-Host
X-Nginx-Cache
X-Sql-Count
X-Sql-Duration-Ms
X-SERVER-NAME
X-Cache-Remote
X-BC
X-Agile-Age
X-Agile
X-Agile-Id
X-SRV
X-Debug-Cache-Fetch
X-ZONE
X-Debug-Cache-Store
X-Datadome
X-Cache-Spec
X-FPC
X-Varnish-Hostname
X-NU-AKA-ACS-Version
X-Ua-Device
X-CACHE-AGE
HostName
X-Dc
X-Check-Cacheable
X-Www-Served-By
M-TraceId
X-SERVER
X-LiteSpeed-Cache-Control
X-Request-Time
X-Via-SSL
X-Via-Edge
WebServer
X-S-Maxage
XServer
X-VCL-Version
Cache-Hits
Edge-Copy-Time
Xserver
SID
X-Erf-Stays-Bingo-Pdp-Web
On-Server
Arc-Country
X-Svr
X-Cluster-Node
X-CSRF-TOKEN
X-MP-GENERATED-AT
ServedBy
GeoIp-Country-Code
Cdn-Host
Cdn-Request-Time
Geoip-Latitude
VivaBuild
X-Edge-Server
X-CF-Powered-By
X-Via-Popv
X-Zone
X-Bc
X-APP
Viewtype
Protected
X-UnsetCookies
X-Via-Ucdn
T-Server
X-HS-Status
X-Cdn-Forward
X-RunCloud-Cache
X-Dynatrace-Js-Agent
ProcessTime
NtCoent-Length
X-Action
X-Cs
X-NGINX-Cache
Srv
Ohc-File-Size
X-Pass-Why
Apigw-Requestid
X-DI
X-RPS
Memory
WWW-Authenticate
X-DB
X-RSL
X-Srv
X-RPM
X-DSS
X-Oss-Cdn-Auth
X-DW
Pics-Label
X-We-Are-Hiring
Server-Host
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Vgn-Hpd-Ssi
Server-Info
X-Varnish-Hits
User-Agent
X-Acc-Rdl
X-Uri
X-MSEdge-Flight
X-Instart-Request-ID
X-SB
X-VC
X-MSEdge-Features
W
CF-IPCountry
Processtime
Magicmarker
N-Cache
WZWS-RAY
X-Geo
LB
Amp-Access-Control-Allow-Source-Origin
Sid
S-Rt
X-Tb
X-Info
X-HOST
Ohc-Cache-HIT
X-Newrelic-App-Data
X-Vcache
X-Hit
GeoIP-Latitude
GeoIP-Country-Code
CDN
X-Akamai-Request-ID2
X-TT-LOGID
Cteonnt-Length
X-ORACLE-APMCS-REQUEST-ID
Actual-Object-TTL
X-Newrelic-Synthetics
Odigeo-Trace-Id
Section-Io-Origin-Time-Seconds
Section-Io-Id
Section-Io-Origin-Status
DSUID
X-HITS
Section-Origin-Responded
Cache-Name
X-Epic-Correlation-Id
User-Cache-Control
X-Envoy-Upstream-Healthchecked-Cluster
X-Cache-Hfrom
Geo-Info
X-Vcl-Version
X-Unique-ID
X-Pjax-Url
X-Cache-Hm
Tracecode
X-UA-Device-Type
X-Webkit-CSP-Report-Only
X-Origin-Date
Ssr
X-FC-Vary-Parameters
A
Accept-Language
X-Fastly-Country-Code
X-CACHE-KEY
X-Magnolia-Registration
Esi-Enabled
Lfy
X-Fpc
Lb
Cdn
X-Mobile-Rewrite
CountryCode
X-Provided-By
X-Developer
X-Block-Status
X-Cache-Info
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Cache-Expires
Thinkindot-CacheControl-Type
Instruction
FNAC-ModuleRouting
CDCHOST
Server-ID
IsBot
Server-Hostname
Server-Ext
Path
MIME-Version
Locid
Sever-Int
X-Scheme
Vix-Hermes-Req-Id
Web-Mar-Node
X-API-Version
X-BBC-Edge-Cache-Status
V-Age
True-Client-Country-4JS
X-Men
SR-User-Adfree
Thinkindot-CacheControl
Thinkindot-Control
X-BBXSRF
X-Origin-TTL
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Server-IP
X-SD-PageType
X-Response-By
X-Origin-Time
X-User
X-Request-URI
X-Varnish-Authentication
X-Key
X-Nc
X-Thinkindot-L3
X-Traceid
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-SIPLIST1
X-SRCache-Key
X-Origin-Expires
Release
X-Hnp-Log
X-Loc
X-Matched-Rule
X-GeoIP-City
X-Varnish-Url
X-Gdpr
X-Gen-Mode
X-VServer
X-Nginx-Cache-Key
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Nyt-Route
X-Via-NSCOPI
X-Node-Id
X-Origin-CC
X-Cc-Req-Id
X-Cc-Via
X-Trace-Id
X-StackifyID
X-NodeID
X-Azure-Ref-OriginShield
X-Cdn-Origin
X-ServedByHost
X-Generated-In
X-Sn-Servicetimems
D-Cc-Upstream
X-Li-Proto
X-Dynatrace
X-Cache-Tag
X-Var-Ttl
X-Rocket-Build-Number
X-Fetched-On
X-Device-Os
X-Sigma
X-Sigma-Backend
X-Swa-Ws
Proxy-Firewall
Origin-Cache-Control
X-Dispatch
Cache-Key
Origin-Edge-Control
Server-Ttl
X-Served-From
X-TH-Server
X-Akamai-Pragma-Client-IP
X-Instart-Info
Cache-Host
X-Geo-Region
Kp-EeAlive
Pramga
X-Via-PopN
X-Parent-Response-Time
X-Lb-Id
X-Via-PopH
Powered-By
Cache-Provider
X-B3-SpanId
X-RAMCache
X-Via-PopV
Cf-Device-Type
X-No-Cache
X-Batcache
X-VC-Cache
X-LiteSpeed-Tag
HitType
X-Pf-Uncompressing
X-RateLimit-Limit-Second
X-ServiceProvider
X-RateLimit-Remaining-Second
X-Agile-Brick-Ok
Fastcgi-Cache-TTL
X-Apw-Access-Token
X-Apw-Hits
X-WA
X-Apw-Access-Object
X-Apw-Access-Action
X-Tt-Logid
X-ElasticPress-Query
Source
Tcn
Content-Style-Type
X-TrackingId
Expiry
X-Origin-Response-Time
X-RateLimit-Limit
X-Generated
X-Varnish-Beresp-TTL
Xet-Cookie
Req-Svc-Chain
Content-Script-Type
X-Request-URL
X-HostName
BehaviorPad-Version
Who
X-PJAX-URL
X-Yottaa-OS
X-MiniProfiler-Ids
Cf-Alt-Svc
X-Selected-Host-Header
X-Selected-Scheme
X-Selected-Name
X-Snapshot-Date
X-B3-Parentspanid
Resin-Trace
X-BBC-Origin-Response-Status
X-C
Pragrma
PICS-Label
X-Vgn-Hpd-Reason
Vha6-Origin
Mime-Version
Inserted-Into-Cache-At
Dnion-Transfer-Encoding
X-Dw-Trace-Id