Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
CF-RAY
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-UA-Compatible
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-Xss-Protection
X-Served-By
CF-Ray
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Request-ID
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-Cacheable
P3p
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
X-AspNetMvc-Version
Status
Content-Encoding
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Backend
X-Cache-Group
X-Server
X-Hacker
X-Amz-Request-Id
X-Robots-Tag
X-Amz-Id-2
X-UA-Device
X-AH-Environment
X-Template
EagleId
X-Proxy-Cache
Request-Context
X-Language
X-Turbo-Charged-By
X-Server-Powered-By
X-Dns-Prefetch-Control
Server-Timing
X-Nginx-Cache-Status
Grace
Host-Header
Report-To
X-Rq
Xkey
X-Page-Speed
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-Buckets
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
X-Vhost
X-WebKit-CSP
X-Host
X-Backend-Server
X-Dispatcher
X-Device
X-Server-Id
NEL
Surrogate-Control
X-Node
X-Ruxit-JS-Agent
Accept-CH-Lifetime
Request-Id
Content-Location
Accept-CH
X-Response-Time
EagleEye-TraceId
X-Cache-Lookup
X-Akam-SW-Version
X-Origin-Cache
X-Ac
X-Ua-Compatible
X-Readtime
Allow
Rating
X-HW
X-Mod-Pagespeed
X-Country
X-Cloud-Trace-Context
X-Application-Context
X-ORACLE-DMS-ECID
Edge-Control
X-ORACLE-DMS-RID
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-PC
X-TtlSet
X-Vname
X-DataDome
X-Cnection
X-Country-Code
X-MS-InvokeApp
X-Varnish-TTL
X-GitHub-Request-Id
X-Content-Type
X-ASPNET-VERSION
X-CST
X-D2id
X-Origin-Upstream-Status
X-Clacks-Overhead
X-Trace
X-Sol
Display
Response
Pagespeed
X-Middleton-Response
X-Middleton-Display
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Content-Id
Fusion-Source
Pinterest-Version
X-Server-Name
Fusion-Component-Id
X-Pinterest-Rid
X-Url
MS-Author-Via
X-Abt-Application-Version
X-Vcap-Request-Id
X-Px
X-Navigation-Version
X-B3-TraceId
X-Rack-Cache
X-FastCGI-Cache
Service-Worker-Allowed
Verso
X-ESI
X-Fastly-Request-ID
X-Client-IP
Arr-Disable-Session-Affinity
Cf-Bgj
X-Cached
X-Element-Page-Cache
X-Webkit-CSP
X-DynaTrace
X-FTR-Request-ID
X-Cache-TTL
X-Dw-Request-Base-Id
X-TTL
X-SharePointHealthScore
SPRequestGuid
X-Powered-By-Plesk
X-VARITI-CCR
X-Exp-Variant
X-Cdn-Fetch
X-Goog-Hash
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
X-Upstream
X-Use-Magma
X-NF-Request-ID
Fastly-Restarts
AR-ATIME
AR-Request-ID
AR-PoweredBy
AR-CACHE
Ar-Sid
X-Debug
Content-MD5
X-Forwarded-Proto
X-MSEdge-Ref
X-Version
X-Powered-CMS
X-Pinterest-Direct
SPRequestDuration
SPIisLatency
X-T
Access-Control-Request-Method
X-Release
X-Jurisdiction
X-Amz-Rid
X-Content-Digest
S
X-Edge
X-XRDS-Location
TCN
X-Ttl
TP-L2-Cache
TP-Cache
RTSS
X-Litespeed-Cache
Cache-Tag
X-Ezoic-Cdn
Public-Key-Pins
X-Node-Name
X-Mid
X-MCACHE
X-Yandex-Sdch-Disable
Front-End-Https
X-Request-Received
Server-Node
X-Request-Processing-Time
Fastcgi-Cache
X-Cache-Key
X-Mg-S
X-Accel-Expires
X-Amzn-Trace-Id
X-Recruiting
X-Ser
X-Amz-Server-Side-Encryption
X-NWS-LOG-UUID
X-B3-TraceId-Primal
X-Kinsta-Cache
MRF-Tech
Mrf-Cache-Status
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-PressLabs-Stats
Accept-Ch
X-HP-Webp
X-Grace
X-Request-Handler-Origin-Region
X-Microsite
X-Origin-Server
Accept-Charset
X-Logged-In
ServerID
X-Varnish-Age
X-Page-Id
X-Cache-Hit
X-DIS-Request-ID
X-Ratelimit-Remaining
Host
X-Shield-Request-Id
Nginx-Cache
MicrosoftSharePointTeamServices
X-ECACHE
Edge-Cache-Tag
X-Content-Security-Policy-Report-Only
X-B
X-Server-ID
X-Hostname
X-Mobile-URL
X-F-Cache
X-LB-Cache
Cache-Tags
Realpath
X-Az
X-AppVersion
Powered-By-ChinaCache
X-Activity-Id
Alternate-Protocol
X-Hits
Cleartype
X-Git-Hash
X-N
X-Ratelimit-Limit
X-Content-Options
X-Forwarded-For
X-Cached-By
X-Respond-Thread
X-Load-Cache
X-Upgrade-Enabled
X-Type
DynaTrace
X-Rid
X-Request-Guid
X-Varnish-Backend
X-Cache-Age
Paypal-Debug-Id
X-App-Environment
X-Jobs
X-FTR-Backend
X-Country-Code-Real
X-Kong-Proxy-Latency
X-FTR-Backend-Server
X-Kong-Upstream-Latency
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Balancer
X-FTR-DC
X-Seen-By
X-Correlation-ID
X-FTR-Expires
Fastcgi-Useragent
Nel
X-Amz-Meta-S3cmd-Attrs
Access-Control-Allow-Method
X-FireWall-Port
X-Proxy
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-WebKit-CSP-Report-Only
Filterid
X-Zen-Fury
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Metageneration
X-Akamai-Edgescape
X-Daa-Tunnel
X-FB-Debug
X-Varnish-Grace
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Combine-CSS
X-B3-Sampled
X-VCache
X-IPLB-Instance
Charset
X-Host-Name
X-B-Cache
X-Signature
DC
X-Debug-Info
Healthy
X-AOL-HN
X-Mobile
MS-CV
X-Whom
X-Region
X-App-Server
X-Geo-Country
X-User-Agent
AMP-Access-Control-Allow-Source-Origin
Filters
X-Cache-Rule
X-URL
X-Cache-Operation
Viewport
X-Accel-Buffering
X-Response-Served-From
X-Frontend
X-Original-Request-Id
X-Id
X-XRDS-LOCATION
Payment
Liferay-Portal
Accept-Ch-Lifetime
X-Distributor
X-UUID
X-Instance
X-HTML-Minification-Powered-By
X-Content-Powered-By
X-Tumblr-Pixel
X-FW-Static
X-FW-Dynamic
X-Tumblr-Pixel-2
X-Cacheable-TTL
X-Cache-Time
X-Tumblr-User
X-Acc-Debug-Context
X-FW-Server
X-Tumblr-Pixel-1
X-FW-Serve
X-FW-Hash
X-Tumblr-Pixel-0
X-Rule
X-FW-Type
Refresh
Surrogate-Key
X-Protected-By
Content-Disposition
X-Wix-Request-Id
X-Rendered-As
X-Is-Bot
S-Cnection
X-Via-JSL
X-Amz-Replication-Status
X-Cache-Expired-At
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Hyper-Cache
Section-Io-Cache
Datacenter
X-Backend-Name
X-Sucuri-ID
GEO-INFO
X-Endurance-Cache-Level
Version
X-Ah-Environment
X-Cache-Action
X-Ua
PB-RID
X-Tec-Api-Origin
X-Tec-Api-Root
Arc-Version
PB-PID
X-Tec-Api-Version
X-Oneagent-Js-Injection
X-App-Version
X-Cache-Server
Akamai-Age-Ms
Retry-After
Server-Name
X-Air-Hostname
X-Pinterest-Sli-Response-Type
X-Pinterest-Sli-Latency-Threshold
X-Pinterest-Sli-Endpoint-Name
X-Source
NGB
X-Unique-Id
X-EdgeConnect-Cache-Status
X-Varnish-Server
Eomportal-Instance
Referer-Policy
X-Real-IP
Countrycode
X-RemovedCookies
X-Environment-Context
CACHE
X-Framework
X-L-Path
X-ProcessESI
Ms-Operation-Id
X-Yottaa-Optimizations
X-Yottaa-Metrics
Frame-Options
X-RTag
X-Sucuri-Cache
X-Revision
X-Esi
X-Drupal-Cache-Contexts
X-Cache-Control
X-Proxy-Cache-Status
X-DynaTrace-JS-Agent
X-WA-Info
X-Azure-Ref
X-RN-RSRV
Meta-Geo
X-Cache-Var
X-ES-SERVER
X-Cache-Var-Map
X-GeoIP
X-NewRelic-App-Data
X-Drupal-Cache-Tags
Webserver
X-Mode
X-Time-Microsecs
X-ProxyCache-Key
X-Cache-Host
X-BYPASS-REASON
X-Xfnlog-Site
X-Cache-TTL-Remaining
DB-Nickname
X-R9-Blue-Green-Version
X-Qloud-Router
X-ProxyCache-Status
Cache-Tv-Group
Webcakes-Region
X-FW-Version
X-Handled-By
X-TNCMS
X-Origin-Hint
X-From
X-Server-W
X-Status
X-VWS-Id
X-Hl-Ver
X-Labrador-Cache-Channel
X-LJ-Flow-ID
X-NYM-Debug-Backend
X-OCL
X-Hosted-By
X-Human
X-Redis-Cache
X-PCL
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Connection-Speed
Property-Id
Ec-Rule-Version
Mn-Server-Ip
TWC-Locale-Group
TWC-Privacy
X-PHP-Host
X-Cluster
X-AWS-Id
X-Amzn-Remapped-Content-Length
Webcakes-App-Version
X-Loop
Cross-Origin-Window-Policy
Webcakes-App-Name
X-Via-Fastly
X-Be
X-Zipkin-Id
X-ServerID
X-Timing-Wait
X-Site-Version
Selected-Fe
X-Section
X-Routing-Service
X-Access
X-Proxied
X-Proxy-Build
X-FB-TRIP-ID
X-Format
X-Locale
X-No-Session
X-Detected-As
X-Proto
X-PHP-Backend
X-Contextid
Uber-Trace-Id
FSS-Cache
X-Cache-PHP
X-Debug-Cache
X-CDN-Forward
X-ATG-Version
X-Device-Type
X-Generated-By
X-BCube-Filmed-By
X-Adobe-Content
X-TIME
X-Adobe-Loc
X-AIR-PT
X-Ratelimit-Reset
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Flags
X-Providence-Cookie
X-Route-Name
X-NC
X-TT
X-CSRF-Token
X-Varnish-Cache-Hits
Cache
X-Tt-Trace-Host
VIX-Pulpo-Upstream-Status
X-Tt-Trace-Tag
VIX-Pulpo-Node
Azure-InstanceId
Azure-SiteName
Azure-RegionName
Azure-SlotName
X-Correlation-Id
Upgrade-Insecure-Requests
Azure-Version
From-Origin
Powered
OT-Force-Account-Verify
X-Time
X-NCache
Access-Control-Request-Headers
X-SaId
X-Origin
X-JoinUs
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-COUNTRY
CF-Cached-On
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Storage-Class
X-Varnish-Ttl
X-Akamai-Transformed
X-GoCache-CacheStatus
X-FTR-Cache-Host
X-Cache-2
SD-X-WS
X-Adobe-Source
X-UPSTREAM-Address
X-Fastcgi-Cache
X-CCM
X-Backend-TTL
X-Backend-Host
X-Varnishpool
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
X-LLID
X-LAGOON
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Shopify-Stage
X-ShopId
X-ShardId
X-APP-VERSION
X-Soup
X-PERF
X-Pubstack
Country
X-ApacheServer
X-Cache-Grace
X-Forwarded-Host
X-SayCDN-TTL
X-Say-Cacheable
X-Cluster-Name
Decoy-Debug-Status
Fastly-SSL
X-Storage
Decoy-Debug-Key
X-Say-TTL
Cache-Status
X-Web-Node
X-NWS-UUID-VERIFY
Node
Decoy-Debug-TTL
X-G
X-ECache
X-Page-View
X-IP
X-TA-CDN-Provider
X-Ruxit-Js-Agent
X-Cache-Enabled
X-Tumblr-Pixel-3
X-IPS-LoggedIn
X-Cdn
X-Cache-Spec
X-Viewer-Country
X-TX-ID
X-ScT
Fastcgi-X-Cache-Version
Meta-Geo-Continent
X-S-Cookie
DCR-Processing-Time-Ms
X-S
DCR-Decision-By
Mobile-Detection-Method
X-Trv-Group
X-Worker
Xc-Version
Rendered-Blocks
MD5-Digest
X-D
X-A-Dgt
Host-ID
X-A-Dcw
X-A-Dam
X-External-Request-Id
X-A
X-A-Wwc
X-RCS-CacheZone
X-Rewrite-Enabled
X-Rojux
Machine
X-Aed
X-Request-UUID
X-Destination
X-A-Ccd
X-Application
X-VG-WebCache
X-Vdms-Version
Apple-News-Services-Request-Url
X-VG-WebServer
X-CF-Lambda-Fn
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
X-Bc-Bl
Apple-News-Services-Host
X-Vtex-Remote-Cache
X-B-Cookie
X-CF-Lambda-Version
X-Processor
X-ARC
X-Vdms-Path
X-Cache-NE
X-Connection-Hash
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Vtex-Processado-Em
X-Cache-Config
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-EC-Lua
X-Platform-Server
Adler-Geo
X-Rebelmouse-Surrogate-Control
Is-Eu
Gh-Request-Id
CloudFront-Viewer-Country
X-Ms-Version
X-Microcachable
X-Rebelmouse-Cache-Control
X-Ms-Request-Id
CDN-RequestId
CDN-Uid
X-Micro-Cache
CDN-PullZone
Platform
CDN-CachedAt
CDN-RequestCountryCode
Fastly-SWR
CDN-EdgeStorageId
Fastly-SIE
CDN-Cache
X-Auto-Login
X-VG-TLSProxy
X-Clara-WADP
X-Fmm-Version
X-Cache-Debug
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-Cache-Bucket
X-Varnish-CookieINHashed-On
X-Cms-Context
X-WADP-Cache
X-DefElseHash
X-DefHash
X-DPWN-IS-SECURE
X-Fastly-Cache
X-Session-Fingerprint
X-Core-Value
X-CUA
X-Variation
X-Cache-Backend
X-Servername
X-Envoy-Decorator-Operation
X-Generation-Time
X-ID
X-B3-Spanid
X-GEO
X-UA
Backend
X-Request-Start
X-Gzip
X-Method
Origin
Fastly-Backend-Name
X-Via-CDN
SRV
X-Geo-Header
X-Wikidot-Static-Cache
Rt-Fastcgi-Cache
X-Webstats-RespID
Fastly-Drupal-HTML
X-Core-Mission
X-Wikidot-Backend
Wxu-Next-Hostname
PFcat
L
X-Fastly-Backend
X-Li-Pop
X-Dispatcher-Server
X-Level-Front-Cache
X-Render-Time
X-Developers
X-JWT-State
X-HS-Content-Campaign-Id
X-Location
X-Li-Fabric
X-LI-UUID
X-Esi-Check
X-Is-Gdpr
X-Irp-Debug
X-Request-Host
X-Skip-Cache
X-SN
Wxu-Next-Commit
X-Generated-On
X-VarnishDD-TTL
X-Has-Esi
X-Cache-Id
X-Hash
X-Policy
X-Cache-Date
X-Gamma-Serve
X-Bip
X-Twitter-Response-Tags
X-Backend-State
X-Branch-Name
X-Transaction
X-Thanos
X-Varnish-Cacheable
NM-Fastcgi-Cache
X-Platform
X-EIG-Tracking-Id
Wxu-Next-Region
X-Slack-Backend
X-Old-Content-Length
CacheControlHeader
C-Via
X-OVcl
X-Clientip
X-Owner
X-Cache-NGX
X-OVcl-Cache
AKAMAI
X-HN
Akamai-GRN
X-Hp-Webp
X-Eu-Site
X-Cache-Tags
X-Csrf-Jwt
X-CGP
Pagetype
X-Content-Age
X-Reqid
X-Minions-Version
HA-Ipaddr
Ha-Gx-Prefs
L5d-Success-Class
X-Mvc-Supplant-Cachable
X-PF-Uncompressing
UCS
Country-Code
X-Amz-Meta-Cb-Modifiedtime
X-Refresh
X-CS
FSS-Proxy
X-B3-Traceid
X-DC
X-Aicache-OS
X-Wa
X-Date
X-Accel-Expires-Debug
Surrogated-Key
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Variations-Key
X-NODE
X-NGENIX-Cache
X-Sql-Count
X-Via-Popn
X-LB-ID
X-Up
X-Sql-Duration-Ms
X-Edge-Location
X-Via-Poph
X-Cache-Remote
X-Req
NGX
Mail-Subject
X-Mvc-Supplant-OutputCached
X-Presslabs-Stats
X-RateLimit-Remaining
We-Hiring
Memcached
Time
Ufe-Result
X-Ftr-Cache-Host
X-Cdn-Srv
X-Cache-URL
Group
X-Dc
Now
X-Proxy-Upstream
X-NU-AKA-ACS-Version
X-SRV
HostName
Hostname
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Www-Served-By
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
XServer
X-Ua-Device
X-Servedbyhost
X-FPC
X-Nginx-Cache
X-ZONE
X-LI-Proto
X-BC
X-FORWARDED-FOR
X-Check-Cacheable
Cache-Hits
X-CACHE-AGE
X-S-Maxage
X-Varnish-Hostname
X-Via-Edge
X-Via-SSL
Edge-Copy-Time
X-Agile
X-Agile-Age
X-Agile-Id
GeoIp-Country-Code
On-Server
Protected
X-Svr
Geoip-Latitude
ServedBy
X-Request-Time
M-TraceId
X-Cdn-Forward
X-Cs
Xserver
X-LiteSpeed-Cache-Control
X-CSRF-TOKEN
X-NGINX-Cache
X-Pass-Why
X-Cluster-Node
T-Server
X-VCL-Version
X-UnsetCookies
SID
Arc-Country
X-Acc-Rdl
X-MP-GENERATED-AT
X-HS-Status
NtCoent-Length
X-APP
X-Via-Popv
X-Datadome
X-CF-Powered-By
X-Zone
Srv
X-Bc
X-Edge-Server
X-Erf-Stays-Bingo-Pdp-Web
X-Srv
Cdn-Host
Cdn-Request-Time
Server-Host
N-Cache
Viewtype
VivaBuild
X-Varnish-Hits
Ohc-File-Size
X-Uri
X-HITS
Pics-Label
Processtime
X-Action
WZWS-RAY
X-RunCloud-Cache
Memory
X-VC
X-SB
X-Via-Ucdn
Magicmarker
ProcessTime
Apigw-Requestid
X-We-Are-Hiring
X-Dynatrace-Js-Agent
User-Agent
X-RPM
Sid
W
X-RPS
X-MSEdge-Features
Section-Io-Origin-Status
X-DW
X-DSS
X-DB
X-RSL
X-DI
X-Oss-Cdn-Auth
Section-Io-Origin-Time-Seconds
X-Info
WebServer
WWW-Authenticate
Section-Origin-Responded
Section-Io-Id
X-MSEdge-Flight
X-CACHE-KEY
Ohc-Cache-HIT
LB
X-TT-LOGID
CF-IPCountry
Server-Info
DSUID
X-Vgn-Hpd-Ssi
X-HOST
X-SERVER-NAME
X-Newrelic-App-Data
Cache-Name
Odigeo-Trace-Id
X-UA-Device-Type
Tracecode
X-Vcl-Version
Cteonnt-Length
S-Rt
CDN
X-Tb
X-Geo
X-Origin-Date
X-Dynatrace
X-Hit
X-Pjax-Url
Ssr
Geo-Info
X-Unique-ID
X-Cache-Hm
Amp-Access-Control-Allow-Source-Origin
User-Cache-Control
X-Cache-Hfrom
X-Webkit-CSP-Report-Only
CountryCode
GeoIP-Latitude
Lfy
X-Fastly-Country-Code
GeoIP-Country-Code
X-Akamai-Request-ID2
X-Magnolia-Registration
A
X-Newrelic-Synthetics
Instruction
CDCHOST
X-Varnish-Url
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Envoy-Upstream-Healthchecked-Cluster
X-Cache-Info
X-Cache-ASPX
X-VServer
Thinkindot-CacheControl
X-Origin-TTL
X-Cache-Expires
X-BBXSRF
V-Age
X-Nginx-Cache-Key
X-Origin-Expires
X-Origin-CC
Thinkindot-Control
True-Client-Country-4JS
Vix-Hermes-Req-Id
Web-Mar-Node
X-BBC-Edge-Cache-Status
SR-User-Adfree
X-Origin-Time
X-Epic-Correlation-Id
X-API-Version
X-SVT-ORM-RULES
X-Developer
X-FC-Vary-Parameters
X-Server-IP
X-SD-PageType
X-GeoIP-City
X-Response-By
D-Cc-Upstream
X-Cc-Req-Id
X-User
X-Loc
X-SRCache-Key
X-Scheme
Locid
X-Cc-Via
Thinkindot-CacheControl-Type
X-Varnish-Authentication
Release
X-Nyt-Route
X-Node-Id
X-Contensis-Viewer-Groups
X-SVT-ORM-VERSION
Path
X-Request-URI
Lb
X-Gdpr
X-Matched-Rule
X-Thinkindot-L3
X-Oracle-Dms-Rid
X-Provided-By
X-Fpc
Sever-Int
Pramga
MIME-Version
Server-Ext
Server-Hostname
Server-ID
Cdn
X-ServedByHost
X-Generated-In
Cache-Host
X-Gen-Mode
X-Li-Proto
X-Traceid
X-SIPLIST1
X-Var-Ttl
X-Sn-Servicetimems
Accept-Language
X-Via-NSCOPI
X-Fetched-On
X-Block-Status
X-Hnp-Log
X-Azure-Ref-OriginShield
X-Swa-Ws
X-Trace-Id
IsBot
X-Device-Os
X-Nc
X-Cdn-Origin
X-NodeID
X-ORACLE-APMCS-REQUEST-ID
X-Cache-Tag
Actual-Object-TTL
X-Amzn-Remapped-Date
FNAC-ModuleRouting
X-Instart-Request-ID
X-Men
Esi-Enabled
X-StackifyID
X-Amzn-Remapped-Connection
X-Vcache
Server-Ttl
X-Served-From
X-Sigma-Backend
X-Key
Cache-Key
X-Lb-Id
X-Rocket-Build-Number
X-TH-Server
X-Akamai-Pragma-Client-IP
X-Sigma
Cf-Device-Type
Source
Kp-EeAlive
X-Mobile-Rewrite
X-Via-PopV
X-WA
X-Via-PopN
X-Parent-Response-Time
X-Via-PopH
Cache-Provider
X-Origin-Response-Time
X-No-Cache
X-Dispatch
X-Instart-Info
Expiry
Origin-Cache-Control
Content-Style-Type
Origin-Edge-Control
X-RateLimit-Remaining-Second
X-Geo-Region
X-Agile-Brick-Ok
X-ServiceProvider
X-VC-Cache
Content-Script-Type
Req-Svc-Chain
X-RateLimit-Limit-Second
Proxy-Firewall
X-B3-SpanId
X-Yottaa-OS
X-Batcache
X-ElasticPress-Query
X-Tt-Logid
X-MiniProfiler-Ids
Tcn
X-Apw-Access-Object
X-RateLimit-Limit
X-Apw-Hits
X-Apw-Access-Token
X-Varnish-Beresp-TTL
Location
Url
X-Request-URL
X-B3-Parentspanid
X-BBC-Origin-Response-Status
PICS-Label
X-HostName
X-Apw-Access-Action
Powered-By
X-PJAX-URL
Mime-Version
Inserted-Into-Cache-At
Who
HitType
Cf-Alt-Svc
X-RAMCache
X-Selected-Name
X-Selected-Host-Header
X-Selected-Scheme
EpKe-Alive
Vha6-Origin
X-Miniprofiler-Ids
X-TraceId
Xkeyi7
X-Request-Url
X-Proxy-Cachei7
X-Akamai-Request-ID
X-Pf-Uncompressing
Server-Id
X-C
Pragrma
Xet-Cookie
X-LiteSpeed-Tag
X-Vgn-Hpd-Reason
Dnion-Transfer-Encoding
Fastcgi-Cache-TTL
X-Snapshot-Date
X-Dw-Trace-Id
Resin-Trace
NnCoection