Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
Age
CF-RAY
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-Served-By
CF-Ray
X-Xss-Protection
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Request-ID
X-Generator
P3p
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
Upgrade
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Template
X-Language
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Backend
X-Dns-Prefetch-Control
X-Hacker
X-Cache-Group
X-AH-Environment
X-Server
X-Robots-Tag
X-Amz-Request-Id
X-UA-Device
EagleId
X-Amz-Id-2
X-Proxy-Cache
X-Buckets
X-Turbo-Charged-By
Request-Context
X-Server-Powered-By
Server-Timing
Host-Header
Grace
X-Nginx-Cache-Status
Report-To
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Ali-Swift-Global-Savetime
Cf-Bgj
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Vhost
X-Amz-Version-Id
X-Host
X-WebKit-CSP
NEL
X-Dispatcher
X-Device
X-Backend-Server
X-Node
Surrogate-Control
X-Ruxit-JS-Agent
X-Cache-Lookup
X-Response-Time
Content-Location
X-Origin-Cache
Request-Id
X-Server-Id
X-Akam-SW-Version
X-ASPNET-VERSION
X-Ac
Accept-CH-Lifetime
X-Country
EagleEye-TraceId
Accept-CH
X-HW
X-Mod-Pagespeed
Rating
X-Readtime
X-Cloud-Trace-Context
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Application-Context
Pinterest-Generated-By
Edge-Control
X-Country-Code
X-DataDome
X-Url
X-Vname
X-PC
X-TtlSet
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Varnish-TTL
X-Origin-Upstream-Status
X-Cnection
Allow
X-MS-InvokeApp
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Content-Source
X-D2id
X-GitHub-Request-Id
X-Content-Type
X-ESI
X-Clacks-Overhead
X-Server-Name
X-Abt-Application-Version
Pinterest-Version
X-Pinterest-Rid
X-Trace
X-Navigation-Version
X-FTR-Request-ID
Display
Pagespeed
X-Middleton-Display
X-Sol
X-Middleton-Response
Response
X-Vcap-Request-Id
X-B3-TraceId
X-Px
Verso
X-Cached
X-Rack-Cache
X-Webkit-CSP
X-DynaTrace
X-Element-Page-Cache
Service-Worker-Allowed
X-Client-IP
MS-Author-Via
X-Fastly-Request-ID
X-Cache-TTL
Arr-Disable-Session-Affinity
X-Dw-Request-Base-Id
X-Powered-By-Plesk
X-Upstream
Content-MD5
X-Version
AR-CACHE
AR-Request-ID
X-Forwarded-Proto
AR-PoweredBy
AR-ATIME
Ar-Sid
X-SharePointHealthScore
X-TTL
SPRequestGuid
X-NF-Request-ID
Accept-Ch
X-T
Fastly-Restarts
X-Debug
X-VARITI-CCR
X-Server-ID
X-GoogleNews-Bot
X-Kinja
X-Kinja-Revision
X-Use-Magma
X-Exp-Variant
X-Kinja-Build
X-Kinja-Server
X-Cdn-Fetch
X-Exp-Id
X-Jurisdiction
X-XRDS-Location
Access-Control-Request-Method
TP-L2-Cache
X-Powered-CMS
TP-Cache
X-Goog-Hash
X-FastCGI-Cache
X-MSEdge-Ref
X-Content-Digest
X-Ttl
X-Release
X-Edge
X-NWS-LOG-UUID
S
SPRequestDuration
SPIisLatency
TCN
X-CST
RTSS
X-Amz-Rid
X-Pinterest-Direct
X-PressLabs-Stats
Cache-Tag
X-Request-Processing-Time
X-Request-Received
Public-Key-Pins
Fastcgi-Cache
X-Ezoic-Cdn
X-Yandex-Sdch-Disable
X-Node-Name
X-Mid
X-Cache-Key
Server-Node
X-MCACHE
X-Accel-Expires
Accept-Ch-Lifetime
Front-End-Https
X-Amzn-Trace-Id
X-Logged-In
X-Cache-Hit
X-Ratelimit-Remaining
ServerID
X-Ser
X-Request-Handler-Origin-Region
X-Microsite
X-Recruiting
X-Kinsta-Cache
X-Origin-Server
X-Page-Id
Alternate-Protocol
Host
Accept-Charset
X-B
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ratelimit-Limit
X-Mobile-URL
X-Hostname
X-Varnish-Age
Nginx-Cache
X-FireWall-Port
X-ECACHE
X-Content-Security-Policy-Report-Only
Filterid
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-DC
X-Forwarded-For
X-FTR-Balancer
X-FTR-Backend
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Expires
X-DIS-Request-ID
X-Shield-Request-Id
X-Mg-S
X-Seen-By
X-Content-Options
Realpath
X-Load-Cache
Edge-Cache-Tag
X-Daa-Tunnel
X-Id
X-Grace
Akamai-Age-Ms
X-Amz-Server-Side-Encryption
X-Git-Hash
X-LB-Cache
X-Jobs
X-N
X-F-Cache
X-Type
X-AppVersion
X-Activity-Id
X-App-Environment
X-Az
X-Request-Guid
Paypal-Debug-Id
X-Varnish-Grace
X-Hits
X-Varnish-Backend
X-Rid
Fastcgi-Useragent
X-HP-Webp
X-Proxy
X-Zen-Fury
MicrosoftSharePointTeamServices
DynaTrace
Access-Control-Allow-Method
Cache-Tags
X-Correlation-ID
X-FB-Debug
X-Upgrade-Enabled
X-App-Server
X-Kong-Upstream-Latency
Cleartype
X-Kong-Proxy-Latency
X-WebKit-CSP-Report-Only
X-Geo-Country
DC
X-Akamai-Edgescape
Content-Disposition
X-Cached-By
X-Cache-Operation
X-Content-Powered-By
X-Cache-Rule
AMP-Access-Control-Allow-Source-Origin
X-TEC-API-ORIGIN
X-Amz-Meta-S3cmd-Attrs
X-TEC-API-ROOT
X-Wix-Request-Id
X-TEC-API-VERSION
X-Host-Name
X-IPLB-Instance
X-User-Agent
X-B3-Sampled
X-Original-Request-Id
Powered-By-ChinaCache
X-Response-Served-From
X-Accel-Buffering
X-HS-Cache-Config
X-HS-Hub-Id
X-HTML-Minification-Powered-By
Healthy
X-HS-Content-Id
X-Endurance-Cache-Level
X-Cache-Age
NGB
X-HS-Combine-CSS
MS-CV
Payment
X-Tec-Api-Origin
X-B-Cache
X-Respond-Thread
X-AOL-HN
X-Whom
X-Signature
X-UUID
X-Distributor
X-Tec-Api-Root
X-Tec-Api-Version
Refresh
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Region
X-Goog-Stored-Content-Encoding
X-FW-Dynamic
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Metageneration
X-FW-Hash
X-VCache
X-Is-Bot
X-FW-Type
X-FW-Server
X-FW-Serve
X-Cache-Time
X-FW-Static
X-Rendered-As
X-Cacheable-TTL
X-Debug-Info
X-Instance
X-Rule
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-Pixel-2
X-Tumblr-User
X-Mobile
Countrycode
X-Ua
X-Frontend
X-XRDS-LOCATION
Datacenter
X-App-Version
Arc-Version
PB-RID
PB-PID
Surrogate-Key
X-Fastcgi-Cache
X-Varnish-Server
S-Cnection
X-Oneagent-Js-Injection
X-Backend-Name
X-PHP-Backend
X-Protected-By
X-Acc-Debug-Context
X-Via-JSL
Viewport
X-Cache-Server
X-NewRelic-App-Data
X-Azure-Ref
Liferay-Portal
X-Litespeed-Cache
X-Hyper-Cache
Powered
X-Cache-Expired-At
X-Hp-Webp
Filters
X-Proxy-Cache-Status
X-WA-Info
Charset
Retry-After
Referer-Policy
X-Cache-Control
X-Sucuri-ID
X-DynaTrace-JS-Agent
Section-Io-Cache
X-Amz-Replication-Status
X-Source
X-Cache-Action
X-EdgeConnect-Cache-Status
X-RemovedCookies
X-FB-TRIP-ID
X-ProcessESI
X-FTR-Cache-Host
Cache
X-Cache-Var-Map
X-ES-SERVER
X-RN-RSRV
X-Cache-Var
Meta-Geo
X-Real-IP
X-Mode
X-GeoIP
X-Debug-Cache
X-Framework
Eomportal-Instance
X-Device-Type
X-Locale
X-Qloud-Router
X-Site-Version
X-R9-Blue-Green-Version
X-Time
X-From
X-AWS-Id
X-BYPASS-REASON
X-Cache-Host
Mn-Server-Ip
X-Yottaa-Optimizations
X-L-Path
X-Yottaa-Metrics
X-LJ-Flow-ID
X-ProxyCache-Key
X-VWS-Id
X-Xfnlog-Site
X-Via-Fastly
X-Time-Microsecs
X-ProxyCache-Status
X-Server-W
X-Environment-Context
X-Human
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
Webcakes-Region
X-Cluster
X-Hl-Ver
X-Handled-By
X-FW-Version
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Cache-Tv-Group
X-RTag
X-Revision
Ms-Operation-Id
Ec-Rule-Version
Property-Id
TWC-Device-Class
TWC-Connection-Speed
Selected-Fe
Uber-Trace-Id
X-CSRF-Token
X-Ratelimit-Reset
GEO-INFO
X-Timing-Wait
FSS-Cache
Version
X-Zipkin-Id
X-Proxy-Build
X-Routing-Service
X-Origin-Hint
X-OCL
X-Proxied
X-PCL
X-Labrador-Cache-Channel
X-Generated-By
X-PHP-Host
X-Redis-Cache
X-BCube-Filmed-By
X-Cache-TTL-Remaining
DB-Nickname
X-Proto
X-ServerID
X-TNCMS
X-Amzn-Remapped-Content-Length
X-Be
X-Loop
X-NYM-Debug-Backend
X-Air-Hostname
Webserver
Frame-Options
X-Detected-As
X-Access
X-Format
X-JoinUs
X-SaId
X-Section
X-Status
X-Hosted-By
Nel
X-No-Session
X-Unique-Id
Cross-Origin-Window-Policy
X-Cache-PHP
X-ATG-Version
X-Sucuri-Cache
From-Origin
X-Drupal-Cache-Contexts
X-NWS-UUID-VERIFY
X-Varnish-Cache-Hits
Server-Name
X-Contextid
X-TA-CDN-Provider
X-Drupal-Cache-Tags
X-NCache
X-Origin
X-Correlation-Id
X-EIG-Tracking-Id
CF-Cached-On
X-CDN-Forward
OT-Force-Account-Verify
X-EC-Lua
X-AIR-PT
X-IPS-LoggedIn
X-Adobe-Loc
X-Tt-Trace-Host
X-Oss-Storage-Class
X-Tt-Trace-Tag
X-Adobe-Content
X-Oss-Hash-Crc64ecma
X-GoCache-CacheStatus
X-Bc-Bl
X-Oss-Server-Time
X-Oss-Request-Id
X-Akamai-Transformed
X-Oss-Object-Type
X-TIME
X-IP
X-Cache-Enabled
X-ECache
X-TT
X-NC
X-Vgn-Hpd-Cached
X-Backend-Host
X-Vgn-Hpd-Variations-Key
X-UA
Azure-RegionName
Azure-SiteName
Azure-SlotName
X-Ruxit-Js-Agent
Azure-InstanceId
Azure-Version
X-Cache-Backend
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-URL
X-Cdn
X-Tumblr-Pixel-3
X-Cache-2
Access-Control-Request-Headers
X-Adobe-Source
X-CCM
SD-X-WS
X-CACHE-AGE
X-APP-VERSION
Node
Time
DCR-Processing-Time-Ms
Host-ID
X-A
Fastcgi-X-Cache-Version
DCR-Decision-By
CloudFront-Viewer-Country
X-PERF
Apple-News-Services-Parsed-Url
X-Vdms-Path
X-S
Machine
X-S-Cookie
X-A-Ccd
Meta-Geo-Continent
Rendered-Blocks
X-ScT
X-Forwarded-Host
Apple-News-Services-Request-Url
X-Cache-Grace
Apple-News-Services-Handled
X-Varnishpool
Mobile-Detection-Method
X-Pubstack
Apple-News-Services-Host
X-Soup
X-ApacheServer
MD5-Digest
X-Rojux
X-Vtex-Remote-Cache
X-PAYTM-SRV-ID
X-A-Wwc
X-Vdms-Version
X-PBS-Appsvrname
X-Minions-Version
X-VG-WebServer
X-CF-Lambda-Version
X-A-Dcw
Now
X-Backend-TTL
X-Connection-Hash
X-VG-WebCache
X-Ms-Version
X-Ms-Request-Id
X-B-Cookie
X-ARC
X-Accel-Expires-Debug
X-Aed
X-Application
X-D
X-A-Dgt
X-Rewrite-Enabled
X-Cache-NE
X-G
X-Date
X-Up
X-Request-UUID
Xc-Version
X-Twitter-Response-Tags
X-CF-Lambda-Fn
X-Destination
X-A-Dam
X-Processor
X-Vtex-Processado-Em
X-RCS-CacheZone
X-Transaction
X-Worker
X-Trv-Group
X-External-Request-Id
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-ShardId
X-ShopId
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Shopify-Stage
CDN-Cache
Adler-Geo
X-Web-Node
X-Viewer-Country
X-Say-TTL
X-Dispatcher-Server
X-Cache-Config
X-DPWN-IS-SECURE
X-Edge-Location
X-Cluster-Name
X-Say-Cacheable
X-Storage
X-Core-Value
X-CUA
X-SayCDN-TTL
X-SN
Fastly-SIE
X-VG-TLSProxy
Ufe-Result
X-Skip-Cache
X-Owner
Platform
X-OVcl-Cache
NM-Fastcgi-Cache
We-Hiring
X-Servername
Wxu-Next-Region
X-Req
X-Envoy-Decorator-Operation
X-Rebelmouse-Surrogate-Control
Wxu-Next-Hostname
Wxu-Next-Commit
X-Rebelmouse-Cache-Control
Mail-Subject
X-Thanos
X-Method
X-Microcachable
CDN-RequestCountryCode
X-Cache-Bucket
X-Generation-Time
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestId
CDN-Uid
X-OVcl
X-Bip
Is-Eu
X-NGENIX-Cache
X-Variation
Fastly-SWR
CDN-CachedAt
Surrogated-Key
Fastly-SSL
CACHE
Cache-Status
X-Varnish-Ttl
X-Micro-Cache
X-LI-UUID
X-Li-Fabric
Ha-Gx-Prefs
Gh-Request-Id
X-Level-Front-Cache
Country-Code
X-Li-Pop
X-Policy
X-Request-Start
X-TX-ID
X-Varnish-Cacheable
X-Request-Host
X-Reqid
HA-Ipaddr
X-Proxy-Upstream
X-Render-Time
X-Ah-Environment
X-Hash
X-CGP
X-Clientip
X-Cms-Context
X-Cache-Tags
X-Cache-NGX
X-Auto-Login
X-Backend-State
X-Cache-Date
Rt-Fastcgi-Cache
X-Csrf-Jwt
L5d-Success-Class
L
X-VarnishDD-TTL
X-Generated-On
Origin
Upgrade-Insecure-Requests
X-Eu-Site
PFcat
X-HN
X-Platform
X-Fmm-Version
X-Fastly-Cache
X-Clara-WADP
X-Webstats-RespID
Country
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
AKAMAI
X-WADP-Cache
C-Via
CacheControlHeader
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
Pagetype
X-Wikidot-Backend
X-Developers
X-Esi
X-Location
X-Gamma-Serve
X-Cache-Id
X-Cache-URL
X-Slack-Backend
X-Core-Mission
UCS
X-LAGOON
X-Amz-Meta-Cb-Modifiedtime
X-Platform-Server
X-Wikidot-Static-Cache
Memcached
X-Content-Age
X-Geo-Header
X-Fastly-Backend
X-Has-Esi
X-JWT-State
Group
FSS-Proxy
X-Esi-Check
Akamai-GRN
Fastly-Backend-Name
Fastly-Drupal-HTML
X-Gzip
X-Cdn-Srv
X-Old-Content-Length
X-Irp-Debug
X-Is-Gdpr
X-HS-Content-Campaign-Id
Backend
X-Agile
X-Varnish-CookieINHashed-On
X-CS
X-Agile-Age
X-Agile-Id
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-Wa
X-Providence-Cookie
X-Mvc-Supplant-Cachable
X-Aspnet-Duration-Ms
X-Flags
X-PF-Uncompressing
X-DefElseHash
X-Route-Name
X-DefHash
X-Is-Crawler
X-UPSTREAM-Address
HostName
X-NODE
X-Branch-Name
X-Aicache-OS
X-Refresh
X-BC
X-ZONE
X-Instart-Request-ID
X-Cache-Debug
X-LB-ID
X-Session-Fingerprint
M-TraceId
X-RateLimit-Remaining
X-Dc
X-Via-Poph
X-Via-Popn
X-Cdn-Forward
X-Debug-Cache-Store
X-Servedbyhost
Arc-Country
X-B3-Spanid
X-Mvc-Supplant-OutputCached
NGX
X-LI-Proto
X-Ua-Device
X-Debug-Cache-Fetch
X-Edge-Server
Viewtype
X-Page-View
Cdn-Request-Time
VivaBuild
Cdn-Host
X-GEO
X-DC
X-SERVER
X-Request-Time
X-RunCloud-Cache
X-Via-Ucdn
X-Zone
Srv
X-Bc
X-Varnish-Hostname
X-Ftr-Cache-Host
SRV
X-Nginx-Cache
X-Check-Cacheable
X-APP
Hostname
X-HS-Status
X-Pinterest-Sli-Endpoint-Name
X-NGINX-Cache
X-FPC
X-Pinterest-Sli-Latency-Threshold
Actual-Object-TTL
Xserver
X-ORACLE-APMCS-REQUEST-ID
X-Vgn-Hpd-Ssi
X-Action
X-Pinterest-Sli-Response-Type
Memory
X-LiteSpeed-Cache-Control
WWW-Authenticate
X-B3-Traceid
X-VCL-Version
X-DB
X-DSS
X-NU-AKA-ACS-Version
X-RPS
X-RPM
X-DW
X-RSL
X-DI
X-Srv
X-Cs
X-Via-CDN
X-Datadome
Geo-Info
X-Unique-ID
X-Oss-Cdn-Auth
GeoIp-Country-Code
X-MP-GENERATED-AT
Geoip-Latitude
XServer
X-Sql-Count
X-Cluster-Node
X-Sql-Duration-Ms
X-CSRF-TOKEN
X-UnsetCookies
X-Geo
X-Vcache
X-Via-SSL
Edge-Copy-Time
X-Dynatrace-Js-Agent
Sid
X-Via-Edge
X-Via-Popv
X-Akamai-Request-ID2
X-CF-Powered-By
User-Agent
WebServer
X-Hit
X-We-Are-Hiring
X-Epic-Correlation-Id
Processtime
X-Svr
ProcessTime
X-SRV
On-Server
GeoIP-Latitude
W
X-Www-Served-By
Apigw-Requestid
GeoIP-Country-Code
X-SERVER-NAME
Server-Info
SID
X-FORWARDED-FOR
X-Webkit-CSP-Report-Only
NtCoent-Length
X-S-Maxage
Cache-Hits
X-Cache-Remote
ServedBy
X-FC-Vary-Parameters
LB
X-Mobile-Rewrite
Ohc-File-Size
X-HOST
S-Rt
T-Server
X-Nc
X-Presslabs-Stats
X-Fpc
X-Envoy-Upstream-Healthchecked-Cluster
Amp-Access-Control-Allow-Source-Origin
X-HITS
X-Pass-Why
X-Cache-Hfrom
X-Vcl-Version
X-MSEdge-Features
Accept-Language
X-Cache-Hm
X-MSEdge-Flight
X-Tb
N-Cache
X-Pjax-Url
Server-Host
CF-IPCountry
X-Fastly-Country-Code
Esi-Enabled
Cteonnt-Length
Pics-Label
Magicmarker
Origin-Edge-Control
Origin-Cache-Control
A
Lb
Cdn
CDN
X-Key
X-Varnish-Hits
X-CACHE-KEY
X-COUNTRY
Proxy-Firewall
X-LLID
X-VC
X-Dispatch
WZWS-RAY
X-SB
Ohc-Cache-HIT
Powered-By
X-Geo-Region
X-Amzn-Remapped-Connection
X-Instart-Info
X-Info
X-Amzn-Remapped-Date
Protected
X-ServedByHost
X-Newrelic-App-Data
Server-Ttl
X-StackifyID
X-Li-Proto
HitType
X-Via-NSCOPI
X-RAMCache
X-B3-SpanId
X-Dynatrace
X-Uri
Fastcgi-Cache-TTL
X-Fastly-Request-Id
X-TH-Server
BehaviorPad-Version
User-Cache-Control
X-Lb-Id
Cache-Key
X-Newrelic-Synthetics
X-Generated
X-Akamai-Pragma-Client-IP
X-Served-From
X-TT-LOGID
X-Cache-Tag
Tracecode
X-App
X-Via-PopN
X-ID
X-Via-PopH
Ssr
X-LiteSpeed-Tag
X-Erf-Bev-Bev
X-TrackingId
Cache-Provider
X-Via-PopV
X-Erf-Bev-Bev-Is-Generated
D-Cc-Upstream
X-Men
X-Cache-Spec
X-Cc-Via
X-WA
X-Cc-Req-Id
X-Magnolia-Registration
X-Tt-Logid
X-Scheme
Lfy
Odigeo-Trace-Id
X-UA-Device-Type
X-Path-Route
DSUID
Xet-Cookie
X-Provided-By
X-Erf-Stays-Bingo-Pdp-Web
X-Agile-Brick-Ok
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
Dnion-Transfer-Encoding
Section-Io-Id
Cache-Name
X-Batcache
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Origin-Status
Tcn
X-Cache-ASPX
X-Block-Status
SR-User-Adfree
X-Cache-Expires
X-Server-IP
Server-Hostname
X-Contensis-Viewer-Groups
X-Cdn-Origin
Sever-Int
X-Cache-Info
X-BBC-Edge-Cache-Status
Web-Mar-Node
X-Developer
Vix-Hermes-Req-Id
V-Age
Thinkindot-Control
X-API-Version
X-BBXSRF
True-Client-Country-4JS
Thinkindot-CacheControl-Type
X-Azure-Ref-OriginShield
Thinkindot-CacheControl
X-GeoIP-City
X-Origin-Expires
X-Origin-Time
X-Origin-Date
X-Origin-CC
X-Nyt-Route
X-Origin-TTL
X-Parent-Response-Time
X-Response-By
X-Request-URI
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-NodeID
X-Node-Id
X-Gen-Mode
X-Generated-In
X-Gdpr
X-Fetched-On
X-ElasticPress-Query
Server-Ext
X-SD-PageType
X-Nginx-Cache-Key
X-Matched-Rule
X-Loc
X-Hnp-Log
X-Device-Os
FNAC-ModuleRouting
X-Trace-Id
X-User
X-Var-Ttl
X-Thinkindot-L3
X-ServiceProvider
X-Varnish-Beresp-TTL
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Varnish-Authentication
Inserted-Into-Cache-At
X-Pf-Uncompressing
Cf-Alt-Svc
X-Yottaa-OS
X-VServer
X-VC-Cache
Who
X-PJAX-URL
X-Varnish-Url
X-SRCache-Key
X-Swa-Ws
IsBot
Instruction
X-Sn-Servicetimems
CDCHOST
Kp-EeAlive
Locid
Release
Pramga
Path
MIME-Version
Cache-Host
X-Rocket-Build-Number
X-HostName
X-Sigma-Backend
X-SIPLIST1
X-Sigma
X-RateLimit-Limit
X-Acc-Rdl
X-Selected-Name
X-Selected-Host-Header
DataCenter
CountryCode
X-Selected-Scheme
X-Traceid
X-TraceId
Req-Svc-Chain
X-BBC-Origin-Response-Status
Server-ID
X-Tid
PICS-Label
Content-Script-Type
Content-Style-Type
X-Proxy-Cachei7
Pragrma
Mime-Version
X-MiniProfiler-Ids
X-Dw-Trace-Id
Vha6-Origin
X-Vgn-Hpd-Reason
X-Apw-Access-Action
Source
X-Snapshot-Date
Resin-Trace
X-C
X-Origin-Response-Time
X-Pad
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Hits
X-Request-URL
X-Goog-Meta-Goog-Reserved-File-Mtime