Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
CF-RAY
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-UA-Compatible
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Xss-Protection
Alt-Svc
X-Served-By
CF-Ray
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
P3p
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Backend
X-Cache-Group
X-Server
X-Hacker
X-Amz-Request-Id
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
X-UA-Device
X-Template
EagleId
X-Proxy-Cache
Request-Context
X-Language
X-Turbo-Charged-By
X-Server-Powered-By
X-Dns-Prefetch-Control
Server-Timing
X-Nginx-Cache-Status
Grace
Host-Header
Report-To
X-Rq
Xkey
X-Page-Speed
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-Buckets
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-Vhost
X-WebKit-CSP
X-Host
X-Backend-Server
NEL
X-Dispatcher
X-Server-Id
X-Device
X-Node
Surrogate-Control
X-Ruxit-JS-Agent
Request-Id
Content-Location
X-Response-Time
Accept-CH-Lifetime
EagleEye-TraceId
X-Cache-Lookup
Accept-CH
X-Akam-SW-Version
X-Origin-Cache
X-Ac
X-Ua-Compatible
X-Readtime
Allow
Rating
X-Mod-Pagespeed
X-HW
X-Country
X-Application-Context
X-Cloud-Trace-Context
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Edge-Control
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-TtlSet
X-Vname
X-PC
X-DataDome
X-Cnection
X-Country-Code
X-MS-InvokeApp
X-Varnish-TTL
X-GitHub-Request-Id
X-Content-Type
X-ASPNET-VERSION
X-D2id
X-CST
X-Origin-Upstream-Status
X-Clacks-Overhead
X-Trace
X-Middleton-Display
Pagespeed
X-Middleton-Response
Display
Response
X-Sol
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
X-Server-Name
Pinterest-Version
X-Pinterest-Rid
MS-Author-Via
X-Vcap-Request-Id
X-Px
X-Abt-Application-Version
X-Navigation-Version
X-B3-TraceId
X-Rack-Cache
X-FastCGI-Cache
X-Url
Service-Worker-Allowed
Verso
X-ESI
X-Fastly-Request-ID
X-TTL
X-Client-IP
Arr-Disable-Session-Affinity
Cf-Bgj
X-Cached
X-Element-Page-Cache
X-Webkit-CSP
X-DynaTrace
X-FTR-Request-ID
X-Cache-TTL
X-Dw-Request-Base-Id
X-SharePointHealthScore
SPRequestGuid
X-Powered-By-Plesk
X-VARITI-CCR
X-Kinja-Revision
X-Kinja-Server
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Use-Magma
X-GoogleNews-Bot
X-Upstream
X-Kinja-Build
X-Goog-Hash
X-Kinja
X-NF-Request-ID
Fastly-Restarts
AR-PoweredBy
AR-ATIME
AR-CACHE
AR-Request-ID
Ar-Sid
X-Debug
Content-MD5
X-Forwarded-Proto
X-Version
X-MSEdge-Ref
X-Pinterest-Direct
X-Powered-CMS
SPRequestDuration
SPIisLatency
X-T
Access-Control-Request-Method
X-Release
X-Jurisdiction
X-Amz-Rid
S
X-Content-Digest
X-Edge
X-XRDS-Location
TP-Cache
TP-L2-Cache
RTSS
TCN
Accept-Ch
X-Litespeed-Cache
Cache-Tag
X-Ezoic-Cdn
Public-Key-Pins
X-Cache-Key
X-Node-Name
X-Ttl
X-MCACHE
X-Mid
Front-End-Https
X-Yandex-Sdch-Disable
X-Request-Received
X-Request-Processing-Time
Server-Node
Fastcgi-Cache
X-Mg-S
X-Recruiting
X-Amzn-Trace-Id
X-Accel-Expires
X-Ser
X-NWS-LOG-UUID
X-Kinsta-Cache
X-B3-TraceId-Primal
X-Amz-Server-Side-Encryption
Mrf-Cache-Status
MRF-Tech
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-PressLabs-Stats
X-HP-Webp
X-Grace
X-Request-Handler-Origin-Region
X-Microsite
X-Origin-Server
X-Logged-In
Accept-Charset
ServerID
X-Varnish-Age
X-Page-Id
X-Ratelimit-Remaining
X-Cache-Hit
X-DIS-Request-ID
Host
X-Shield-Request-Id
Nginx-Cache
MicrosoftSharePointTeamServices
X-ECACHE
Edge-Cache-Tag
X-Content-Security-Policy-Report-Only
X-Server-ID
X-B
X-Hits
X-Mobile-URL
X-F-Cache
X-LB-Cache
Cache-Tags
X-Activity-Id
Realpath
X-Az
X-AppVersion
Powered-By-ChinaCache
Alternate-Protocol
Accept-Ch-Lifetime
X-Hostname
X-Ratelimit-Limit
X-N
Cleartype
X-Git-Hash
X-Content-Options
X-Forwarded-For
X-Cached-By
X-Respond-Thread
X-Load-Cache
DynaTrace
X-Upgrade-Enabled
Paypal-Debug-Id
X-Request-Guid
X-Type
X-Rid
X-Varnish-Backend
X-App-Environment
X-Jobs
X-FTR-Balancer
X-FTR-DC
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend-Server
X-Kong-Proxy-Latency
X-FTR-Backend
X-FTR-Realm
X-Kong-Upstream-Latency
X-FTR-Expires
X-Seen-By
Fastcgi-Useragent
X-Amz-Meta-S3cmd-Attrs
Access-Control-Allow-Method
X-Proxy
X-FireWall-Port
X-Cache-Age
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-URL
X-WebKit-CSP-Report-Only
Filterid
X-Zen-Fury
X-Correlation-ID
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Akamai-Edgescape
X-Goog-Metageneration
X-HS-Cache-Config
X-FB-Debug
X-HS-Hub-Id
X-HS-Content-Id
X-Varnish-Grace
X-Daa-Tunnel
X-HS-Combine-CSS
X-B3-Sampled
X-IPLB-Instance
X-VCache
DC
X-Signature
X-B-Cache
X-Host-Name
Charset
MS-CV
X-AOL-HN
X-Mobile
Healthy
X-Debug-Info
X-Whom
X-App-Server
X-Region
X-User-Agent
Filters
AMP-Access-Control-Allow-Source-Origin
X-Cache-Rule
X-Geo-Country
X-Cache-Operation
Viewport
X-Frontend
X-Accel-Buffering
X-Original-Request-Id
X-Response-Served-From
X-XRDS-LOCATION
Liferay-Portal
Payment
X-Id
X-HTML-Minification-Powered-By
X-UUID
X-Distributor
X-Content-Powered-By
X-Instance
X-FW-Static
X-Tumblr-Pixel
X-Rule
X-FW-Server
X-FW-Type
X-Tumblr-Pixel-1
X-Cache-Time
X-Cacheable-TTL
X-FW-Dynamic
X-FW-Hash
X-Tumblr-User
X-FW-Serve
X-Tumblr-Pixel-0
X-Tumblr-Pixel-2
X-Protected-By
Refresh
X-Acc-Debug-Context
Surrogate-Key
Content-Disposition
X-Rendered-As
X-Wix-Request-Id
X-Via-JSL
S-Cnection
X-Is-Bot
X-Amz-Replication-Status
X-Cache-Expired-At
X-Amz-Apigw-Id
X-Amzn-RequestId
Nel
X-Hyper-Cache
X-App-Version
X-Backend-Name
Datacenter
Section-Io-Cache
Version
X-Endurance-Cache-Level
X-Sucuri-ID
X-Ah-Environment
X-Cache-Action
X-Ua
X-Oneagent-Js-Injection
Arc-Version
PB-PID
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
PB-RID
X-Cache-Server
Akamai-Age-Ms
Retry-After
GEO-INFO
X-Air-Hostname
Server-Name
X-Pinterest-Sli-Response-Type
X-Pinterest-Sli-Endpoint-Name
X-Pinterest-Sli-Latency-Threshold
X-Source
NGB
X-EdgeConnect-Cache-Status
X-Varnish-Server
Countrycode
X-Unique-Id
X-Real-IP
Eomportal-Instance
Referer-Policy
X-Environment-Context
X-ProcessESI
X-L-Path
X-Framework
CACHE
X-RemovedCookies
X-Sucuri-Cache
X-Yottaa-Metrics
X-RTag
Ms-Operation-Id
Frame-Options
X-Yottaa-Optimizations
X-Revision
X-Esi
X-Drupal-Cache-Contexts
X-Cache-Control
X-Azure-Ref
X-Proxy-Cache-Status
X-DynaTrace-JS-Agent
X-WA-Info
X-Cache-Var-Map
X-Cache-Var
X-RN-RSRV
X-NewRelic-App-Data
X-ES-SERVER
Meta-Geo
X-Mode
X-Drupal-Cache-Tags
X-GeoIP
Webserver
X-Time-Microsecs
X-R9-Blue-Green-Version
X-Xfnlog-Site
X-Cache-Host
X-ProxyCache-Key
X-Cache-TTL-Remaining
DB-Nickname
X-BYPASS-REASON
Cache-Tv-Group
X-ProxyCache-Status
X-Qloud-Router
X-NYM-Debug-Backend
Webcakes-App-Name
X-From
X-Redis-Cache
X-FW-Version
X-Hl-Ver
X-Handled-By
X-Server-W
Webcakes-Region
X-Cluster
X-VWS-Id
X-TNCMS
X-Status
X-Amzn-Remapped-Content-Length
X-AWS-Id
X-PHP-Host
X-Hosted-By
X-Loop
X-LJ-Flow-ID
TWC-Connection-Speed
Property-Id
Ec-Rule-Version
Mn-Server-Ip
X-Origin-Hint
TWC-Device-Class
TWC-Privacy
X-Human
TWC-Locale-Group
X-Labrador-Cache-Channel
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Cross-Origin-Window-Policy
Webcakes-App-Version
X-Zipkin-Id
X-Via-Fastly
X-Proto
X-Proxy-Build
X-OCL
X-FB-TRIP-ID
X-Timing-Wait
Selected-Fe
X-Proxied
X-Routing-Service
X-ServerID
X-Site-Version
X-No-Session
X-Be
X-Locale
X-PCL
X-Detected-As
X-PHP-Backend
X-Section
X-Format
X-Access
FSS-Cache
X-Contextid
Uber-Trace-Id
X-CDN-Forward
X-Debug-Cache
X-Correlation-Id
X-Device-Type
X-Generated-By
X-ATG-Version
X-Adobe-Content
X-AIR-PT
X-Adobe-Loc
X-Cache-PHP
X-TIME
X-Ratelimit-Reset
X-BCube-Filmed-By
X-Providence-Cookie
X-Route-Name
X-Flags
X-Is-Crawler
X-Aspnet-Duration-Ms
X-NC
X-TT
X-CSRF-Token
X-Varnish-Cache-Hits
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Cache
X-Tt-Trace-Tag
X-Tt-Trace-Host
Azure-SlotName
Upgrade-Insecure-Requests
Azure-Version
Azure-InstanceId
Azure-RegionName
Azure-SiteName
From-Origin
Powered
OT-Force-Account-Verify
X-Time
X-NCache
Access-Control-Request-Headers
X-Origin
X-JoinUs
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
CF-Cached-On
X-Oss-Storage-Class
X-SaId
X-COUNTRY
X-GoCache-CacheStatus
X-Akamai-Transformed
X-FTR-Cache-Host
X-Cache-2
SD-X-WS
X-UPSTREAM-Address
X-CCM
X-Adobe-Source
X-Fastcgi-Cache
X-Backend-TTL
X-Alternate-Cache-Key
X-ShopId
X-Backend-Host
X-Storefront-Renderer-Rendered
X-Varnishpool
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShardId
X-Shopify-Stage
X-LAGOON
X-LLID
X-Cache-Grace
X-Soup
X-PERF
X-Pubstack
X-Forwarded-Host
X-ApacheServer
Country
Decoy-Debug-Key
X-Cluster-Name
X-Storage
Decoy-Debug-Status
X-Web-Node
Decoy-Debug-TTL
Node
X-Page-View
X-G
X-IP
X-NWS-UUID-VERIFY
Cache-Status
X-ECache
Fastly-SSL
X-TA-CDN-Provider
X-Ruxit-Js-Agent
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
X-APP-VERSION
X-Cache-Enabled
X-Cdn
X-Tumblr-Pixel-3
X-IPS-LoggedIn
X-TX-ID
X-A-Ccd
X-Connection-Hash
X-Aed
X-A
X-A-Dcw
X-Vdms-Version
X-Vdms-Path
Machine
X-A-Dam
X-VG-WebServer
X-VG-WebCache
SRV
X-Vtex-Processado-Em
MD5-Digest
Rendered-Blocks
X-A-Dgt
X-Vtex-Remote-Cache
Host-ID
X-A-Wwc
X-Cache-Spec
X-Bc-Bl
X-PAYTM-SRV-ID
X-B-Cookie
DCR-Decision-By
X-Request-UUID
DCR-Processing-Time-Ms
Xc-Version
X-PBS-Appsvrname
X-Destination
X-RCS-CacheZone
X-D
X-Processor
Mobile-Detection-Method
X-Rewrite-Enabled
X-Rojux
X-Application
X-ARC
Fastcgi-X-Cache-Version
X-Worker
X-Trv-Group
X-CF-Lambda-Version
Meta-Geo-Continent
X-CF-Lambda-Fn
X-S
X-External-Request-Id
X-S-Cookie
X-ScT
X-Cache-NE
X-Cache-Config
X-EC-Lua
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Viewer-Country
X-Varnish-Beresp-Grace
Apple-News-Services-Request-Url
CDN-RequestId
X-CUA
Platform
Apple-News-Services-Parsed-Url
X-DefElseHash
X-Cache-Debug
CDN-Cache
CDN-CachedAt
X-Cache-Bucket
CDN-Uid
CDN-RequestCountryCode
CDN-PullZone
CloudFront-Viewer-Country
CDN-EdgeStorageId
X-Clara-WADP
X-Cms-Context
Gh-Request-Id
X-Core-Value
Fastly-SWR
Fastly-SIE
Is-Eu
Apple-News-Services-Handled
Adler-Geo
X-Auto-Login
Apple-News-Services-Host
X-Micro-Cache
X-Microcachable
X-Ms-Request-Id
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-WADP-Cache
X-Varnish-Remaining-TTL
X-Ms-Version
X-Servername
X-Platform-Server
X-DefHash
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Cache-Backend
X-Session-Fingerprint
X-Variation
X-Envoy-Decorator-Operation
X-Fastly-Cache
X-DPWN-IS-SECURE
X-Fmm-Version
X-Generation-Time
X-UA
X-ID
Backend
X-Skip-Cache
X-Request-Host
X-Request-Start
Wxu-Next-Commit
X-Backend-State
X-Bip
PFcat
Rt-Fastcgi-Cache
X-EIG-Tracking-Id
X-Branch-Name
X-Render-Time
Wxu-Next-Hostname
X-Cache-Date
X-SN
L
Wxu-Next-Region
NM-Fastcgi-Cache
X-VarnishDD-TTL
X-Via-CDN
X-Wikidot-Backend
X-Webstats-RespID
X-VG-TLSProxy
X-Varnish-Cacheable
CacheControlHeader
Fastly-Backend-Name
X-Wikidot-Static-Cache
Origin
Fastly-Drupal-HTML
X-Thanos
X-Twitter-Response-Tags
X-Transaction
X-Slack-Backend
C-Via
X-JWT-State
X-Is-Gdpr
X-Irp-Debug
X-HS-Content-Campaign-Id
X-Level-Front-Cache
X-Policy
X-Core-Mission
X-LI-UUID
X-Li-Pop
X-HN
X-Hash
X-Fastly-Backend
X-Esi-Check
X-Dispatcher-Server
X-Developers
X-Gamma-Serve
X-Generated-On
X-Has-Esi
X-Gzip
X-Geo-Header
X-Location
X-Li-Fabric
AKAMAI
X-Varnish-Ttl
X-OVcl
Akamai-GRN
X-Cache-Id
X-Platform
X-Owner
X-Old-Content-Length
X-OVcl-Cache
X-Clientip
X-Method
X-Hp-Webp
X-CS
X-Mvc-Supplant-Cachable
X-Minions-Version
Pagetype
X-B3-Spanid
X-Eu-Site
X-Csrf-Jwt
X-Cache-Tags
L5d-Success-Class
HA-Ipaddr
X-GEO
X-CGP
X-Cache-NGX
X-Content-Age
X-Reqid
Ha-Gx-Prefs
X-Refresh
X-PF-Uncompressing
UCS
X-Amz-Meta-Cb-Modifiedtime
FSS-Proxy
X-B3-Traceid
Country-Code
X-DC
X-Accel-Expires-Debug
X-Date
X-Aicache-OS
X-Wa
Surrogated-Key
X-Vgn-Hpd-Variations-Key
X-NGENIX-Cache
X-Vgn-Hpd-Cached
X-NODE
X-Via-Poph
X-Via-Popn
X-Cache-Remote
X-Up
X-Sql-Duration-Ms
X-CACHE-AGE
X-LB-ID
X-Sql-Count
X-Edge-Location
X-Req
X-Presslabs-Stats
Time
We-Hiring
X-Mvc-Supplant-OutputCached
Ufe-Result
X-Cdn-Srv
Group
X-Ftr-Cache-Host
X-Cache-URL
Mail-Subject
X-RateLimit-Remaining
Memcached
NGX
X-Dc
X-NU-AKA-ACS-Version
HostName
Now
X-Debug-Cache-Store
Hostname
X-SRV
X-Debug-Cache-Fetch
X-Proxy-Upstream
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Www-Served-By
XServer
X-Servedbyhost
X-Nginx-Cache
X-FPC
X-FORWARDED-FOR
X-BC
X-Ua-Device
X-ZONE
X-LI-Proto
Cache-Hits
X-S-Maxage
X-Check-Cacheable
X-Via-SSL
X-Varnish-Hostname
X-Agile-Age
X-Via-Edge
Edge-Copy-Time
X-Agile
X-Agile-Id
Protected
GeoIp-Country-Code
X-Request-Time
X-Svr
On-Server
ServedBy
Geoip-Latitude
X-Cdn-Forward
M-TraceId
X-LiteSpeed-Cache-Control
Xserver
X-CSRF-TOKEN
X-Cluster-Node
X-NGINX-Cache
X-VCL-Version
T-Server
SID
X-UnsetCookies
X-HS-Status
X-Datadome
X-APP
X-CF-Powered-By
X-MP-GENERATED-AT
NtCoent-Length
X-Pass-Why
X-Cs
X-Via-Popv
Arc-Country
X-Bc
X-Zone
X-Acc-Rdl
X-Edge-Server
Cdn-Host
Viewtype
X-Erf-Stays-Bingo-Pdp-Web
Cdn-Request-Time
N-Cache
VivaBuild
Pics-Label
X-Srv
Server-Host
X-Uri
X-Varnish-Hits
Ohc-File-Size
X-RunCloud-Cache
ProcessTime
X-Via-Ucdn
X-We-Are-Hiring
Apigw-Requestid
Magicmarker
WZWS-RAY
X-VC
X-SB
Memory
X-Action
Processtime
User-Agent
Srv
X-Dynatrace-Js-Agent
Sid
X-RSL
WWW-Authenticate
WebServer
X-MSEdge-Flight
X-RPM
X-Info
X-MSEdge-Features
W
X-RPS
X-DI
X-DW
X-Oss-Cdn-Auth
X-DB
X-DSS
LB
Section-Io-Origin-Status
Geo-Info
X-TT-LOGID
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Ohc-Cache-HIT
Section-Io-Id
Server-Info
X-Vgn-Hpd-Ssi
CF-IPCountry
X-Geo
DSUID
Cache-Name
X-UA-Device-Type
Odigeo-Trace-Id
X-SERVER-NAME
X-HOST
X-Newrelic-App-Data
User-Cache-Control
X-Vcl-Version
Cteonnt-Length
Tracecode
X-Tb
CDN
S-Rt
X-Dynatrace
X-Origin-Date
X-Hit
X-HITS
Ssr
X-Unique-ID
X-Cache-Hfrom
Amp-Access-Control-Allow-Source-Origin
X-Pjax-Url
X-Cache-Hm
X-Webkit-CSP-Report-Only
CountryCode
A
GeoIP-Country-Code
X-Magnolia-Registration
X-Fastly-Country-Code
GeoIP-Latitude
X-CLOUD-TRACE-CONTEXT
Lfy
X-Akamai-Request-ID2
X-CACHE-KEY
D-Cc-Upstream
IsBot
X-SVT-ORM-RULES
Web-Mar-Node
X-SVT-ORM-VERSION
X-Newrelic-Synthetics
X-API-Version
X-Cc-Via
CDCHOST
X-Cc-Req-Id
Instruction
Vix-Hermes-Req-Id
X-BBC-Edge-Cache-Status
X-Scheme
Thinkindot-Control
Server-Hostname
Server-Ext
SR-User-Adfree
Sever-Int
X-Thinkindot-L3
X-BBXSRF
X-Nginx-Cache-Key
Release
X-User
True-Client-Country-4JS
Locid
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Path
V-Age
X-Block-Status
X-Varnish-Authentication
X-Envoy-Upstream-Healthchecked-Cluster
X-Epic-Correlation-Id
X-FC-Vary-Parameters
X-Origin-CC
X-GeoIP-City
X-Nyt-Route
X-Gen-Mode
X-SRCache-Key
X-Goog-Meta-Goog-Reserved-File-Mtime
X-SIPLIST1
X-Varnish-Url
X-Origin-Expires
X-Origin-Time
X-Hnp-Log
X-Origin-TTL
X-Request-URI
X-Server-IP
X-SD-PageType
X-Response-By
X-Gdpr
X-Loc
X-Developer
X-Contensis-Viewer-Groups
Lb
X-Node-Id
X-Cache-Expires
X-VServer
X-Cache-ASPX
X-Matched-Rule
X-Provided-By
Cache-Host
MIME-Version
Pramga
X-Cdn-Origin
X-Azure-Ref-OriginShield
X-Cache-Info
X-Li-Proto
X-ServedByHost
X-Via-NSCOPI
X-NodeID
Server-ID
X-Generated-In
X-Device-Os
X-Fetched-On
X-Sn-Servicetimems
X-Trace-Id
X-Traceid
Accept-Language
X-Swa-Ws
X-Fpc
Cdn
X-Var-Ttl
X-Nc
X-ORACLE-APMCS-REQUEST-ID
Tcn
Actual-Object-TTL
X-Cache-Tag
Esi-Enabled
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Instart-Request-ID
X-StackifyID
FNAC-ModuleRouting
X-Men
X-Vcache
X-Key
Server-Ttl
Kp-EeAlive
Cache-Key
X-Akamai-Pragma-Client-IP
X-Sigma-Backend
Source
X-Lb-Id
X-Served-From
Cf-Device-Type
X-TH-Server
X-HostName
X-Rocket-Build-Number
X-Sigma
X-B3-SpanId
X-Mobile-Rewrite
X-Via-PopN
X-Via-PopH
X-Via-PopV
X-WA
X-Parent-Response-Time
Cache-Provider
X-Origin-Response-Time
X-No-Cache
Req-Svc-Chain
X-Instart-Info
Content-Script-Type
Content-Style-Type
Expiry
Origin-Edge-Control
X-RateLimit-Remaining-Second
X-ServiceProvider
Origin-Cache-Control
X-Agile-Brick-Ok
X-VC-Cache
X-Dispatch
X-RateLimit-Limit-Second
X-Geo-Region
X-Batcache
X-Tt-Logid
X-MiniProfiler-Ids
X-ElasticPress-Query
Proxy-Firewall
X-Yottaa-OS
NnCoection
Inserted-Into-Cache-At
Cf-Alt-Svc
HitType
Who
X-Apw-Access-Object
X-Apw-Access-Token
X-B3-Parentspanid
X-Apw-Access-Action
X-BBC-Origin-Response-Status
X-PJAX-URL
Mime-Version
Location
X-Apw-Hits
X-RAMCache
X-Varnish-Beresp-TTL
Powered-By
X-Request-URL
X-RateLimit-Limit
X-Selected-Host-Header
X-Selected-Scheme
X-Selected-Name
Xkeyi7
X-Akamai-Request-ID
Vha6-Origin
Url
X-Request-Url
X-Miniprofiler-Ids
X-Proxy-Cachei7
EpKe-Alive
Server-Id
X-TraceId
X-Pf-Uncompressing
Xet-Cookie
PICS-Label
X-Vgn-Hpd-Reason
Resin-Trace
Pragrma
X-C
Dnion-Transfer-Encoding
X-LiteSpeed-Tag
X-Snapshot-Date
X-Dw-Trace-Id
Fastcgi-Cache-TTL