Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
CF-RAY
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-Served-By
X-Xss-Protection
CF-Ray
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-DNS-Prefetch-Control
P3p
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
X-CDN
Upgrade
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
X-Template
X-Language
Feature-Policy
X-Age
X-Dns-Prefetch-Control
X-Backend
X-Cache-Group
X-Hacker
X-Server
X-Amz-Request-Id
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
X-UA-Device
EagleId
X-Proxy-Cache
Request-Context
X-Turbo-Charged-By
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Host-Header
Grace
Report-To
X-Buckets
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
Cf-Railgun
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
X-Vhost
X-Host
X-WebKit-CSP
X-Backend-Server
X-Dispatcher
X-Device
X-Node
NEL
Surrogate-Control
Cf-Bgj
X-Server-Id
X-Ruxit-JS-Agent
Content-Location
X-Response-Time
X-Cache-Lookup
Request-Id
X-Origin-Cache
X-Akam-SW-Version
Accept-CH-Lifetime
X-Ac
EagleEye-TraceId
X-ASPNET-VERSION
Accept-CH
X-Country
X-HW
Rating
X-Mod-Pagespeed
X-Readtime
X-Application-Context
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Cloud-Trace-Context
Allow
Pinterest-Generated-By
Edge-Control
X-EdgeConnect-MidMile-RTT
X-Country-Code
X-EdgeConnect-Origin-MEX-Latency
X-Vname
X-TtlSet
X-PC
X-DataDome
X-Varnish-TTL
X-Cnection
X-MS-InvokeApp
X-Url
X-Origin-Upstream-Status
X-GitHub-Request-Id
X-Content-Type
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Source
X-D2id
X-Clacks-Overhead
X-Trace
X-Sol
X-Middleton-Response
Pagespeed
X-Middleton-Display
Response
Pinterest-Version
X-Pinterest-Rid
Display
X-Abt-Application-Version
X-Server-Name
X-Px
X-Vcap-Request-Id
X-Navigation-Version
X-ESI
X-Rack-Cache
X-B3-TraceId
X-FTR-Request-ID
Verso
MS-Author-Via
Service-Worker-Allowed
X-Cached
X-Webkit-CSP
X-Fastly-Request-ID
X-Element-Page-Cache
X-DynaTrace
X-Client-IP
Arr-Disable-Session-Affinity
X-Cache-TTL
X-Dw-Request-Base-Id
X-TTL
X-CST
X-Powered-By-Plesk
Content-MD5
X-Upstream
X-SharePointHealthScore
Fastly-Restarts
Accept-Ch
SPRequestGuid
AR-CACHE
AR-Request-ID
AR-ATIME
AR-PoweredBy
X-Version
Ar-Sid
X-NF-Request-ID
X-FastCGI-Cache
X-Forwarded-Proto
X-VARITI-CCR
X-Debug
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Server
X-Exp-Variant
X-Kinja-Revision
X-Use-Magma
X-Exp-Id
X-Cdn-Fetch
X-Goog-Hash
X-T
X-Powered-CMS
X-Jurisdiction
Access-Control-Request-Method
X-MSEdge-Ref
X-Release
X-Content-Digest
SPRequestDuration
SPIisLatency
S
TP-Cache
TP-L2-Cache
X-Edge
X-XRDS-Location
X-Amz-Rid
X-Pinterest-Direct
X-Ttl
RTSS
TCN
Cache-Tag
X-Ezoic-Cdn
Public-Key-Pins
X-NWS-LOG-UUID
X-Node-Name
X-Yandex-Sdch-Disable
Fastcgi-Cache
X-PressLabs-Stats
X-Request-Received
X-Cache-Key
X-Request-Processing-Time
X-MCACHE
X-Mid
Server-Node
Front-End-Https
X-Accel-Expires
X-Amzn-Trace-Id
X-Server-ID
X-Ser
X-Recruiting
X-Kinsta-Cache
X-Microsite
X-Logged-In
X-Request-Handler-Origin-Region
ServerID
X-Ratelimit-Remaining
X-Cache-Hit
Accept-Charset
X-SRCache-Fetch-Status
X-Origin-Server
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-SRCache-Store-Status
X-Page-Id
X-Mg-S
Accept-Ch-Lifetime
Host
X-Amz-Server-Side-Encryption
X-Grace
X-B
X-Varnish-Age
X-Content-Security-Policy-Report-Only
Alternate-Protocol
X-HP-Webp
X-ECACHE
X-Shield-Request-Id
Nginx-Cache
X-DIS-Request-ID
X-Mobile-URL
X-Hostname
Edge-Cache-Tag
X-Ratelimit-Limit
X-Forwarded-For
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Balancer
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-Hits
Realpath
X-Content-Options
X-F-Cache
X-FTR-Expires
X-LB-Cache
X-FireWall-Port
Filterid
X-Git-Hash
X-Seen-By
X-Az
X-AppVersion
X-Load-Cache
X-Activity-Id
MicrosoftSharePointTeamServices
X-N
X-Jobs
X-App-Environment
X-Request-Guid
Paypal-Debug-Id
X-Type
Cache-Tags
X-Rid
X-Varnish-Backend
Fastcgi-Useragent
Cleartype
X-Cached-By
X-Varnish-Grace
X-Upgrade-Enabled
X-Zen-Fury
X-WebKit-CSP-Report-Only
DynaTrace
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Access-Control-Allow-Method
X-Daa-Tunnel
X-Proxy
X-TEC-API-ROOT
X-Litespeed-Cache
Nel
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Cache-Age
Powered-By-ChinaCache
X-FB-Debug
X-Id
X-Akamai-Edgescape
X-Amz-Meta-S3cmd-Attrs
X-Respond-Thread
X-App-Server
X-Geo-Country
DC
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Host-Name
X-Correlation-ID
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-B3-Sampled
X-HS-Combine-CSS
AMP-Access-Control-Allow-Source-Origin
X-Signature
X-B-Cache
X-IPLB-Instance
X-Content-Powered-By
X-User-Agent
Content-Disposition
X-Response-Served-From
X-Original-Request-Id
Healthy
X-Whom
X-AOL-HN
MS-CV
X-Cache-Operation
X-Cache-Rule
X-Accel-Buffering
X-Region
X-XRDS-LOCATION
X-Debug-Info
X-Wix-Request-Id
X-HTML-Minification-Powered-By
X-Mobile
Payment
X-FW-Static
X-FW-Server
X-Cacheable-TTL
X-Distributor
X-Rule
X-Frontend
X-FW-Type
X-FW-Hash
X-Instance
X-FW-Dynamic
X-FW-Serve
X-Cache-Time
X-Is-Bot
X-Rendered-As
X-UUID
Akamai-Age-Ms
X-Tumblr-Pixel-2
X-VCache
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Ua
Refresh
Datacenter
X-Endurance-Cache-Level
X-Amz-Apigw-Id
Surrogate-Key
X-Amzn-RequestId
NGB
Charset
Filters
X-Protected-By
Viewport
Liferay-Portal
X-Acc-Debug-Context
X-Via-JSL
S-Cnection
Countrycode
X-App-Version
X-Backend-Name
Arc-Version
PB-RID
PB-PID
X-Ah-Environment
X-Hyper-Cache
X-Cache-Expired-At
X-Tec-Api-Origin
X-Fastcgi-Cache
X-Oneagent-Js-Injection
X-Tec-Api-Root
X-Varnish-Server
X-Tec-Api-Version
X-Cache-Server
X-Amz-Replication-Status
X-NewRelic-App-Data
Section-Io-Cache
Retry-After
X-Sucuri-ID
X-Cache-Action
X-PHP-Backend
X-Azure-Ref
Referer-Policy
Version
X-Source
X-EdgeConnect-Cache-Status
X-Cache-Control
X-Proxy-Cache-Status
X-WA-Info
GEO-INFO
Eomportal-Instance
X-Environment-Context
X-Framework
X-L-Path
X-ProcessESI
X-Real-IP
X-RemovedCookies
Frame-Options
X-Air-Hostname
X-RN-RSRV
Ms-Operation-Id
X-Yottaa-Metrics
X-URL
X-RTag
X-Revision
Server-Name
X-Yottaa-Optimizations
X-ES-SERVER
X-Correlation-Id
X-Cache-Var-Map
Meta-Geo
X-Cache-Var
X-Mode
X-Unique-Id
X-GeoIP
X-From
X-Time
Cache
X-R9-Blue-Green-Version
X-Qloud-Router
X-Time-Microsecs
X-Cache-TTL-Remaining
X-Xfnlog-Site
X-Cache-Host
X-DynaTrace-JS-Agent
Cross-Origin-Window-Policy
X-Drupal-Cache-Contexts
X-LJ-Flow-ID
X-FW-Version
X-Hosted-By
Mn-Server-Ip
X-BYPASS-REASON
X-AWS-Id
DB-Nickname
X-Cluster
X-Loop
Ec-Rule-Version
X-OCL
X-Server-W
X-ProxyCache-Status
X-Status
X-TNCMS
X-VWS-Id
X-ProxyCache-Key
Uber-Trace-Id
Powered
X-PCL
X-Amzn-Remapped-Content-Length
X-Origin-Hint
Selected-Fe
TWC-Privacy
X-NYM-Debug-Backend
Webcakes-Region
TWC-Locale-Group
Webcakes-App-Name
TWC-Device-Class
X-Sucuri-Cache
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Webcakes-App-Version
X-FB-TRIP-ID
X-Proxy-Build
X-Proxied
TWC-Connection-Speed
X-Redis-Cache
X-Zipkin-Id
X-Timing-Wait
X-Site-Version
X-Routing-Service
X-Locale
X-PHP-Host
X-Labrador-Cache-Channel
X-Debug-Cache
Property-Id
Cache-Tv-Group
X-Detected-As
X-Human
X-Hl-Ver
X-Format
X-Via-Fastly
X-Be
X-Handled-By
X-Access
X-Cache-PHP
X-ServerID
X-Section
X-CSRF-Token
X-Proto
X-Device-Type
X-BCube-Filmed-By
X-No-Session
X-Generated-By
FSS-Cache
X-Ratelimit-Reset
X-ATG-Version
X-Drupal-Cache-Tags
X-Contextid
X-JoinUs
From-Origin
X-FTR-Cache-Host
X-SaId
X-Esi
Webserver
X-Hp-Webp
X-CDN-Forward
X-Varnish-Cache-Hits
X-Adobe-Content
X-Adobe-Loc
X-AIR-PT
CF-Cached-On
X-NCache
X-Origin
X-Oss-Object-Type
OT-Force-Account-Verify
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-NC
CACHE
X-NWS-UUID-VERIFY
VIX-Pulpo-Node
X-TT
VIX-Pulpo-Upstream-Status
X-GoCache-CacheStatus
Azure-RegionName
Azure-SlotName
Azure-InstanceId
X-Akamai-Transformed
Azure-SiteName
Azure-Version
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-TA-CDN-Provider
Upgrade-Insecure-Requests
X-TIME
X-IP
X-Is-Crawler
SD-X-WS
X-Route-Name
X-Flags
X-Cache-Enabled
X-IPS-LoggedIn
X-Providence-Cookie
X-Bc-Bl
X-CCM
X-Adobe-Source
X-Aspnet-Duration-Ms
X-EIG-Tracking-Id
X-Cache-2
X-ECache
X-APP-VERSION
X-Backend-Host
X-Pinterest-Sli-Latency-Threshold
X-Pinterest-Sli-Endpoint-Name
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-ShopId
X-ShardId
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Ruxit-Js-Agent
X-Sorting-Hat-ShopId
X-Pinterest-Sli-Response-Type
X-EC-Lua
X-Tumblr-Pixel-3
X-ApacheServer
X-Backend-TTL
Access-Control-Request-Headers
X-Forwarded-Host
X-Pubstack
X-PERF
X-Soup
X-Cache-Grace
Cache-Status
Fastly-SSL
X-Storage
X-Varnishpool
X-Viewer-Country
X-G
X-Web-Node
Decoy-Debug-Status
Decoy-Debug-Key
X-Cdn
Decoy-Debug-TTL
X-LAGOON
X-Cache-Backend
X-Say-Cacheable
X-SayCDN-TTL
Node
X-Say-TTL
X-Rewrite-Enabled
X-Vdms-Path
X-ARC
X-Application
X-Vdms-Version
X-Rojux
X-A-Wwc
X-Aed
X-Request-UUID
X-Cache-NE
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Connection-Hash
X-D
X-External-Request-Id
X-Destination
X-A-Dgt
X-Transaction
X-S-Cookie
X-B-Cookie
X-ScT
X-Twitter-Response-Tags
X-Trv-Group
X-S
Meta-Geo-Continent
X-PAYTM-SRV-ID
X-Vtex-Processado-Em
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Vtex-Remote-Cache
X-PBS-Appsvrname
X-Worker
X-Cluster-Name
Xc-Version
X-RCS-CacheZone
X-Processor
X-VG-WebCache
DCR-Decision-By
X-A-Ccd
X-A
X-A-Dam
X-A-Dcw
X-VG-WebServer
Rendered-Blocks
Mobile-Detection-Method
Host-ID
Fastcgi-X-Cache-Version
Machine
MD5-Digest
DCR-Processing-Time-Ms
X-TX-ID
X-Cache-Config
X-UPSTREAM-Address
CDN-EdgeStorageId
CDN-CachedAt
CDN-PullZone
X-Ms-Version
CDN-RequestId
CDN-RequestCountryCode
CDN-Cache
Adler-Geo
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Variations-Key
X-Rebelmouse-Cache-Control
X-WADP-Cache
X-Platform-Server
CDN-Uid
CloudFront-Viewer-Country
X-DPWN-IS-SECURE
X-Generation-Time
X-Fmm-Version
X-Fastly-Cache
X-Envoy-Decorator-Operation
X-Clara-WADP
X-Cache-Bucket
Fastly-SWR
Fastly-SIE
X-Micro-Cache
Is-Eu
Platform
X-Rebelmouse-Surrogate-Control
X-Ms-Request-Id
X-VG-TLSProxy
Country
X-Variation
Backend
X-UA
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-OVcl
X-Old-Content-Length
C-Via
X-Varnish-CookieINHashed-On
X-CUA
X-Owner
X-Auto-Login
X-LI-UUID
Akamai-GRN
X-OVcl-Cache
X-Varnish-CookieHashed-On
X-Cms-Context
X-DefElseHash
Wxu-Next-Hostname
X-Varnish-Cacheable
X-Li-Fabric
Rt-Fastcgi-Cache
X-Microcachable
X-Li-Pop
NM-Fastcgi-Cache
X-Method
X-Minions-Version
X-Slack-Backend
X-Esi-Check
Wxu-Next-Commit
X-Accel-Expires-Debug
X-HS-Content-Campaign-Id
X-Irp-Debug
X-DefHash
Surrogated-Key
Wxu-Next-Region
X-Varnish-Remaining-TTL
X-Core-Mission
X-Core-Value
X-Webstats-RespID
X-Wikidot-Backend
X-Gzip
X-Wikidot-Static-Cache
X-Date
X-Skip-Cache
X-SN
X-Render-Time
X-Fastly-Backend
X-Thanos
X-Request-Host
X-Dispatcher-Server
X-Clientip
X-Request-Start
X-Servername
X-Varnish-Ttl
X-Hash
X-Policy
Gh-Request-Id
X-Platform
X-Bip
X-Backend-State
X-Cache-Id
X-Cache-NGX
X-NGENIX-Cache
X-CS
PFcat
X-Cache-Tags
Origin
X-CGP
X-Has-Esi
X-Is-Gdpr
X-Eu-Site
X-Content-Age
X-Level-Front-Cache
X-Cache-Date
X-HN
X-Generated-On
X-Gamma-Serve
X-JWT-State
X-Csrf-Jwt
L
Country-Code
X-Developers
X-Amz-Meta-Cb-Modifiedtime
X-VarnishDD-TTL
CacheControlHeader
Fastly-Backend-Name
Time
X-Mvc-Supplant-Cachable
AKAMAI
Ha-Gx-Prefs
Fastly-Drupal-HTML
X-Up
X-Req
X-Reqid
L5d-Success-Class
HA-Ipaddr
X-Cache-URL
X-Edge-Location
Mail-Subject
X-Aicache-OS
X-Cdn-Srv
X-Branch-Name
X-Cache-Debug
X-Session-Fingerprint
FSS-Proxy
We-Hiring
X-Location
X-Page-View
Now
X-Geo-Header
UCS
Ufe-Result
Memcached
Pagetype
Group
X-Proxy-Upstream
X-LB-ID
X-Refresh
X-Wa
X-NODE
X-Via-Poph
X-DC
X-Via-Popn
SRV
X-PF-Uncompressing
X-CACHE-AGE
X-B3-Spanid
X-Agile-Age
X-Agile
X-B3-Traceid
X-Agile-Id
X-RateLimit-Remaining
HostName
X-Dc
X-GEO
NGX
X-Debug-Cache-Fetch
X-BC
X-Debug-Cache-Store
X-ZONE
X-Mvc-Supplant-OutputCached
X-Via-CDN
X-Ftr-Cache-Host
X-Datadome
X-LI-Proto
X-Ua-Device
M-TraceId
X-Servedbyhost
Hostname
Xserver
X-Check-Cacheable
X-Sql-Duration-Ms
X-Sql-Count
X-SERVER
X-LLID
X-Cdn-Forward
X-Nginx-Cache
X-NU-AKA-ACS-Version
X-FPC
X-SRV
Arc-Country
X-Request-Time
VivaBuild
Viewtype
X-Varnish-Hostname
X-SERVER-NAME
X-Bc
X-Cache-Remote
X-Zone
X-Edge-Server
Cdn-Host
Cdn-Request-Time
X-COUNTRY
X-Via-Ucdn
X-VCL-Version
X-RunCloud-Cache
WebServer
X-APP
X-Via-SSL
X-Via-Edge
X-LiteSpeed-Cache-Control
X-Cluster-Node
X-Action
X-Www-Served-By
Edge-Copy-Time
Srv
X-UnsetCookies
X-FORWARDED-FOR
X-NGINX-Cache
X-Via-Popv
X-Instart-Request-ID
X-ID
X-CF-Powered-By
On-Server
X-DI
X-DB
X-DSS
X-RPS
X-RSL
X-DW
X-RPM
WWW-Authenticate
Memory
X-Cs
Cache-Hits
X-Dynatrace-Js-Agent
X-HS-Status
GeoIp-Country-Code
Geoip-Latitude
SID
X-S-Maxage
ServedBy
X-Geo
X-Oss-Cdn-Auth
NtCoent-Length
X-CSRF-TOKEN
X-Srv
X-MP-GENERATED-AT
X-Presslabs-Stats
X-Vgn-Hpd-Ssi
XServer
X-Svr
X-Vcache
T-Server
X-We-Are-Hiring
Geo-Info
Processtime
Apigw-Requestid
ProcessTime
Ohc-File-Size
X-Pass-Why
User-Agent
X-Unique-ID
Sid
W
Actual-Object-TTL
Server-Info
X-ORACLE-APMCS-REQUEST-ID
X-Hit
LB
N-Cache
GeoIP-Latitude
GeoIP-Country-Code
Pics-Label
X-MSEdge-Flight
Server-Host
X-Akamai-Request-ID2
X-Erf-Stays-Bingo-Pdp-Web
X-MSEdge-Features
Protected
X-HOST
CF-IPCountry
X-Tb
Magicmarker
X-Vcl-Version
X-VC
X-SB
S-Rt
WZWS-RAY
X-Epic-Correlation-Id
X-Envoy-Upstream-Healthchecked-Cluster
X-Dynatrace
X-HITS
X-Varnish-Hits
X-Erf-Bev-Bev
Accept-Language
Amp-Access-Control-Allow-Source-Origin
X-Cache-Hfrom
X-Erf-Bev-Bev-Is-Generated
X-Cache-Hm
X-Pjax-Url
X-Nc
X-Uri
X-Webkit-CSP-Report-Only
Ohc-Cache-HIT
A
X-FC-Vary-Parameters
Cdn
CDN
Cteonnt-Length
X-Fpc
X-Info
X-Acc-Rdl
Esi-Enabled
X-Fastly-Country-Code
X-CLOUD-TRACE-CONTEXT
X-Newrelic-Synthetics
X-CACHE-KEY
X-Mobile-Rewrite
User-Cache-Control
X-TT-LOGID
X-Newrelic-App-Data
X-Key
Lb
Tracecode
DSUID
Section-Io-Origin-Status
Odigeo-Trace-Id
Section-Origin-Responded
X-Provided-By
Section-Io-Origin-Time-Seconds
Section-Io-Id
X-Via-NSCOPI
X-UA-Device-Type
X-ServedByHost
X-Amzn-Remapped-Connection
Cache-Name
X-Amzn-Remapped-Date
X-Li-Proto
Origin-Edge-Control
X-B3-SpanId
Origin-Cache-Control
Tcn
X-Dispatch
X-Instart-Info
Ssr
Lfy
X-Magnolia-Registration
Proxy-Firewall
X-StackifyID
X-Origin-Date
Server-Hostname
Instruction
Server-ID
Release
True-Client-Country-4JS
Locid
IsBot
Server-Ext
X-Cc-Via
FNAC-ModuleRouting
SR-User-Adfree
CDCHOST
Thinkindot-CacheControl
Sever-Int
X-Men
MIME-Version
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Scheme
X-Hnp-Log
X-Rocket-Build-Number
X-SD-PageType
X-Server-IP
X-Sigma
X-Response-By
X-Request-URI
X-Origin-Expires
X-Origin-Time
X-Origin-TTL
X-Sigma-Backend
X-SIPLIST1
X-Varnish-Authentication
X-Varnish-Url
X-VServer
X-User
X-Thinkindot-L3
X-SRCache-Key
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Origin-CC
X-Nyt-Route
X-Block-Status
X-Cache-ASPX
X-Cache-Info
X-BBXSRF
X-BBC-Edge-Cache-Status
Vix-Hermes-Req-Id
Web-Mar-Node
X-API-Version
X-Contensis-Viewer-Groups
X-Developer
X-Matched-Rule
X-Nginx-Cache-Key
X-Node-Id
X-Loc
X-Cc-Req-Id
X-Gdpr
X-Gen-Mode
X-GeoIP-City
V-Age
X-Served-From
X-TH-Server
Powered-By
X-Akamai-Pragma-Client-IP
X-Geo-Region
Server-Ttl
Cache-Key
D-Cc-Upstream
X-Cache-Tag
X-Cdn-Origin
X-Lb-Id
X-Via-PopH
X-Azure-Ref-OriginShield
X-Device-Os
X-Via-PopN
X-Cache-Expires
X-Via-PopV
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Sn-Servicetimems
X-Trace-Id
X-Traceid
X-Var-Ttl
X-Parent-Response-Time
X-RAMCache
X-Cache-Spec
HitType
X-NodeID
X-Fetched-On
X-Generated-In
Path
Cache-Host
X-WA
Kp-EeAlive
Pramga
Cache-Provider
CountryCode
X-No-Cache
BehaviorPad-Version
X-VC-Cache
X-LiteSpeed-Tag
X-TrackingId
Fastcgi-Cache-TTL
X-Swa-Ws
X-Tt-Logid
X-ServiceProvider
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Agile-Brick-Ok
X-Generated
X-ElasticPress-Query
Req-Svc-Chain
X-Batcache
Cf-Alt-Svc
X-Pf-Uncompressing
Cf-Device-Type
X-RateLimit-Limit
X-Yottaa-OS
X-HostName
X-PJAX-URL
Source
Xet-Cookie
Dnion-Transfer-Encoding
X-Varnish-Beresp-TTL
Who
X-Dw-Trace-Id
X-Selected-Name
X-Selected-Scheme
X-Selected-Host-Header
X-App
X-TraceId
X-BBC-Origin-Response-Status
X-Request-URL
X-Snapshot-Date
X-B3-Parentspanid
X-Request-Url
X-Apw-Hits
PICS-Label
Resin-Trace
X-Vgn-Hpd-Reason
X-MiniProfiler-Ids
Pragrma
X-C
Mime-Version
X-Apw-Access-Action
X-Apw-Access-Object
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
Inserted-Into-Cache-At
Vha6-Origin
X-Apw-Access-Token
X-Proxy-Cachei7