Threat Level: green Handler on Duty: Remco Verhoef

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
CF-RAY
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-UA-Compatible
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-Served-By
CF-Ray
X-Xss-Protection
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
P3p
Status
Content-Encoding
X-AspNetMvc-Version
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Cache-Group
X-Server
X-Backend
X-Amz-Request-Id
X-Hacker
X-Robots-Tag
X-Amz-Id-2
X-UA-Device
X-AH-Environment
Request-Context
X-Proxy-Cache
EagleId
X-Turbo-Charged-By
X-Server-Powered-By
Server-Timing
X-Template
X-Nginx-Cache-Status
Grace
X-Dns-Prefetch-Control
Host-Header
X-Language
Report-To
X-Rq
X-Page-Speed
Xkey
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Ua-Compatible
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
X-Buckets
X-Vhost
X-Host
X-WebKit-CSP
NEL
X-Backend-Server
X-Server-Id
X-Dispatcher
X-Device
Accept-CH-Lifetime
Surrogate-Control
X-Node
X-Ruxit-JS-Agent
Request-Id
Accept-CH
Content-Location
X-Response-Time
EagleEye-TraceId
X-Cache-Lookup
X-Akam-SW-Version
X-Origin-Cache
X-Ac
Allow
X-Readtime
X-Mod-Pagespeed
Rating
X-HW
X-Country
X-Application-Context
X-Cloud-Trace-Context
X-ORACLE-DMS-ECID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Edge-Control
X-ORACLE-DMS-RID
Pinterest-Generated-By
X-MS-InvokeApp
X-Cnection
X-TtlSet
X-PC
X-Vname
X-Country-Code
X-DataDome
X-Varnish-TTL
X-CST
X-Content-Type
X-GitHub-Request-Id
X-ASPNET-VERSION
X-Clacks-Overhead
X-D2id
X-Server-Name
X-Trace
Response
Pagespeed
X-Middleton-Display
Display
X-Middleton-Response
X-Sol
X-FastCGI-Cache
X-Pinterest-Rid
X-Origin-Upstream-Status
Pinterest-Version
MS-Author-Via
X-TTL
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
X-Abt-Application-Version
X-ESI
X-Vcap-Request-Id
X-Px
X-Rack-Cache
X-Navigation-Version
Service-Worker-Allowed
Verso
X-B3-TraceId
X-Url
Arr-Disable-Session-Affinity
X-Client-IP
X-Cache-TTL
X-Element-Page-Cache
X-Fastly-Request-ID
X-Cached
X-DynaTrace
X-FTR-Request-ID
X-Webkit-CSP
X-Dw-Request-Base-Id
X-SharePointHealthScore
SPRequestGuid
X-VARITI-CCR
X-Exp-Variant
X-Exp-Id
X-Powered-By-Plesk
X-Use-Magma
X-Kinja-Server
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Upstream
X-NF-Request-ID
X-Goog-Hash
Fastly-Restarts
X-Debug
AR-ATIME
AR-CACHE
AR-PoweredBy
AR-Request-ID
Ar-Sid
Content-MD5
X-Pinterest-Direct
X-MSEdge-Ref
SPIisLatency
SPRequestDuration
X-Forwarded-Proto
X-Powered-CMS
X-Release
X-Version
Access-Control-Request-Method
X-Amz-Rid
X-XRDS-Location
X-T
X-Jurisdiction
S
X-Edge
X-Content-Digest
TCN
RTSS
TP-Cache
TP-L2-Cache
Public-Key-Pins
Cache-Tag
X-Ezoic-Cdn
X-Litespeed-Cache
X-Cache-Key
Front-End-Https
X-Mid
X-MCACHE
X-Node-Name
X-Yandex-Sdch-Disable
Server-Node
X-Mg-S
X-Request-Processing-Time
X-Request-Received
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-Recruiting
Mrf-Cache-Status
X-SRCache-Fetch-Status
X-HP-Webp
X-SRCache-Store-Status
X-B3-TraceId-Primal
MRF-Tech
X-Amzn-Trace-Id
X-Accel-Expires
X-Ser
X-PressLabs-Stats
X-Kinsta-Cache
X-Grace
X-Ttl
X-NWS-LOG-UUID
X-Request-Handler-Origin-Region
X-Microsite
Accept-Ch
X-Origin-Server
X-Varnish-Age
MicrosoftSharePointTeamServices
Accept-Charset
ServerID
X-Logged-In
X-DIS-Request-ID
Edge-Cache-Tag
Cf-Bgj
X-Page-Id
Nginx-Cache
Host
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-Ratelimit-Remaining
X-ECACHE
X-Cache-Hit
X-Hits
Cache-Tags
Powered-By-ChinaCache
X-Forwarded-For
X-Hostname
X-B
X-Mobile-URL
X-Server-ID
X-F-Cache
X-LB-Cache
X-Respond-Thread
X-AppVersion
X-Az
X-Activity-Id
X-Git-Hash
Realpath
Cleartype
X-Cached-By
X-N
X-Upgrade-Enabled
Alternate-Protocol
X-Cache-Age
X-Content-Options
X-Type
X-Kong-Upstream-Latency
X-Ratelimit-Limit
X-Kong-Proxy-Latency
X-Amz-Meta-S3cmd-Attrs
X-Rid
X-Request-Guid
Paypal-Debug-Id
X-URL
X-App-Environment
X-Load-Cache
DynaTrace
X-Varnish-Backend
Fastcgi-Useragent
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Realm
X-FTR-Balancer
X-Jobs
X-FTR-Cache-Status
X-FTR-DC
X-Seen-By
X-FTR-Expires
Access-Control-Allow-Method
X-Proxy
X-WebKit-CSP-Report-Only
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
Charset
X-Zen-Fury
X-HS-Combine-CSS
X-Akamai-Edgescape
X-B3-Sampled
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Goog-Stored-Content-Length
X-TEC-API-ORIGIN
X-FireWall-Port
X-IPLB-Instance
X-Daa-Tunnel
X-VCache
Healthy
Filterid
X-FB-Debug
X-AOL-HN
X-Mobile
X-Signature
X-Debug-Info
X-B-Cache
X-Varnish-Grace
Filters
X-Host-Name
MS-CV
X-Whom
DC
X-Correlation-ID
Viewport
X-Geo-Country
AMP-Access-Control-Allow-Source-Origin
X-User-Agent
X-Region
X-Original-Request-Id
X-Response-Served-From
X-App-Server
X-Cache-Rule
X-Accel-Buffering
Payment
X-Cache-Operation
Liferay-Portal
X-Frontend
X-UUID
X-Instance
X-HTML-Minification-Powered-By
X-Distributor
X-Cacheable-TTL
X-FW-Serve
X-Tumblr-Pixel-2
X-FW-Server
X-FW-Type
X-Tumblr-User
Surrogate-Key
X-Tumblr-Pixel-1
X-FW-Static
X-FW-Hash
X-Tumblr-Pixel
X-Rule
X-Cache-Time
X-FW-Dynamic
X-Tumblr-Pixel-0
X-Amz-Replication-Status
Accept-Ch-Lifetime
X-Content-Powered-By
X-Protected-By
Refresh
S-Cnection
CACHE
X-Acc-Debug-Context
X-Via-JSL
X-Cache-Expired-At
Section-Io-Cache
X-Id
X-Wix-Request-Id
X-Rendered-As
Version
Content-Disposition
X-Is-Bot
X-Cache-Action
X-Tec-Api-Version
GEO-INFO
X-Tec-Api-Root
X-Tec-Api-Origin
X-Hyper-Cache
X-Backend-Name
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Sucuri-ID
Server-Name
Nel
X-XRDS-LOCATION
X-Endurance-Cache-Level
Retry-After
X-Ah-Environment
X-Cache-Server
Arc-Version
PB-RID
X-Ua
PB-PID
X-Air-Hostname
X-Source
X-Oneagent-Js-Injection
X-App-Version
Datacenter
X-Unique-Id
X-Real-IP
X-RemovedCookies
Eomportal-Instance
X-L-Path
X-Framework
X-ProcessESI
X-Environment-Context
X-EdgeConnect-Cache-Status
X-Correlation-Id
X-Pinterest-Sli-Latency-Threshold
X-Pinterest-Sli-Response-Type
Referer-Policy
X-Revision
X-Pinterest-Sli-Endpoint-Name
Ms-Operation-Id
Frame-Options
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Drupal-Cache-Contexts
X-RTag
X-Sucuri-Cache
Webserver
X-TIME
X-Cache-Spec
X-Varnish-Server
X-Drupal-Cache-Tags
X-Cache-Control
NGB
Meta-Geo
X-Cache-Var-Map
X-RN-RSRV
X-Cache-Var
X-ES-SERVER
X-Proxy-Cache-Status
X-Mode
Countrycode
X-WA-Info
Akamai-Age-Ms
DB-Nickname
X-BYPASS-REASON
X-ProxyCache-Key
X-Cache-TTL-Remaining
X-Cache-Host
X-R9-Blue-Green-Version
X-Time-Microsecs
Cache-Tv-Group
X-ProxyCache-Status
X-CDN-Forward
X-Azure-Ref
X-Xfnlog-Site
X-Qloud-Router
X-Handled-By
X-Human
TWC-Locale-Group
X-FW-Version
TWC-GeoIP-Country
X-Redis-Cache
X-Server-W
Property-Id
X-Origin-Hint
X-PCL
Webcakes-App-Version
X-AWS-Id
Mn-Server-Ip
Ec-Rule-Version
X-VWS-Id
X-Cluster
TWC-GeoIP-LatLong
X-GeoIP
X-Amzn-Remapped-Content-Length
X-OCL
X-Status
X-PHP-Host
Webcakes-App-Name
TWC-Device-Class
TWC-Connection-Speed
X-Labrador-Cache-Channel
X-NYM-Debug-Backend
X-Hl-Ver
X-LJ-Flow-ID
TWC-Privacy
Webcakes-Region
X-Aspnet-Duration-Ms
X-Flags
X-Is-Crawler
X-Route-Name
X-Providence-Cookie
X-No-Session
X-Proto
X-ServerID
X-Contextid
X-Section
X-Zipkin-Id
X-Locale
X-Proxied
X-Routing-Service
X-Site-Version
X-Format
X-Via-Fastly
X-FB-TRIP-ID
X-Access
X-Be
X-Hosted-By
X-TNCMS
X-Loop
X-From
X-Detected-As
X-Adobe-Loc
X-Adobe-Content
Cross-Origin-Window-Policy
Selected-Fe
X-Proxy-Build
X-Timing-Wait
X-AIR-PT
X-NewRelic-App-Data
Uber-Trace-Id
X-TT
X-Tt-Trace-Tag
X-DynaTrace-JS-Agent
X-Tt-Trace-Host
X-Debug-Cache
FSS-Cache
X-LLID
X-ATG-Version
X-Device-Type
X-Generated-By
VIX-Pulpo-Upstream-Status
X-NC
X-BCube-Filmed-By
X-Cache-PHP
VIX-Pulpo-Node
Upgrade-Insecure-Requests
X-PHP-Backend
X-Ratelimit-Reset
Azure-Version
Azure-InstanceId
Azure-RegionName
Azure-SiteName
X-Esi
Azure-SlotName
X-Varnish-Cache-Hits
X-Aspnetmvc-Version
OT-Force-Account-Verify
Access-Control-Request-Headers
From-Origin
X-CSRF-Token
X-UPSTREAM-Address
X-ID
Cache-Status
X-B3-Traceid
X-NCache
X-CCM
X-Oss-Hash-Crc64ecma
X-Origin
CF-Cached-On
X-Page-View
X-GoCache-CacheStatus
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Storage-Class
X-Adobe-Source
X-Akamai-Transformed
SD-X-WS
X-Oss-Server-Time
X-COUNTRY
X-Backend-TTL
X-G
X-LAGOON
X-Soup
Country
X-PERF
X-Forwarded-Host
X-Pubstack
X-ApacheServer
X-Varnishpool
X-Cache-Grace
X-Cache-2
Powered
Fastly-SSL
SRV
X-SaId
X-JoinUs
X-Web-Node
X-Say-Cacheable
Decoy-Debug-Status
X-SayCDN-TTL
X-Storage
Decoy-Debug-Key
Decoy-Debug-TTL
X-Backend-Host
X-Say-TTL
X-APP-VERSION
X-Cluster-Name
Node
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
X-ShopId
X-FTR-Cache-Host
X-ShardId
X-IP
Cache
X-ECache
X-Cache-Enabled
X-GEO
X-EC-Lua
X-Via-CDN
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Viewer-Country
X-TX-ID
X-Ruxit-Js-Agent
Apple-News-Services-Request-Url
X-Request-UUID
X-Rewrite-Enabled
X-Rojux
X-S
X-RCS-CacheZone
X-Processor
X-Destination
X-External-Request-Id
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-S-Cookie
X-ScT
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Worker
Xc-Version
X-VG-WebServer
X-VG-WebCache
X-Session-Fingerprint
X-Trv-Group
X-Vdms-Path
X-Vdms-Version
X-D
X-Connection-Hash
Machine
MD5-Digest
Meta-Geo-Continent
Mobile-Detection-Method
Host-ID
Fastcgi-X-Cache-Version
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
DCR-Decision-By
DCR-Processing-Time-Ms
Rendered-Blocks
X-A
X-B-Cookie
X-Cache-NE
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Aed
X-A-Wwc
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A-Dgt
Apple-News-Services-Handled
X-Application
X-Tumblr-Pixel-3
X-Time
X-IPS-LoggedIn
X-B3-Spanid
X-Cdn
X-NWS-UUID-VERIFY
X-Cache-Config
X-Fmm-Version
X-Cms-Context
Adler-Geo
X-Core-Value
X-Cache-Debug
X-Clara-WADP
X-Microcachable
X-Fastly-Cache
X-Micro-Cache
CDN-RequestCountryCode
X-CUA
X-DefHash
X-Cache-Bucket
X-ARC
X-Generation-Time
X-DefElseHash
X-Envoy-Decorator-Operation
Platform
X-Ms-Request-Id
X-DPWN-IS-SECURE
Is-Eu
CDN-Cache
X-VG-TLSProxy
X-Varnish-Remaining-TTL
X-Varnish-Beresp-Ttl
X-Varnish-CookieINHashed-On
X-WADP-Cache
CDN-CachedAt
CDN-RequestId
CDN-PullZone
CDN-Uid
CDN-EdgeStorageId
X-Varnish-CookieHashed-On
CloudFront-Viewer-Country
X-Platform-Server
Fastly-SWR
Gh-Request-Id
X-Varnish-Beresp-Grace
Fastly-SIE
X-Varnish-Beresp-Status
X-Variation
X-Servername
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Ms-Version
X-Cache-Backend
NM-Fastcgi-Cache
Origin
L
Fastly-Drupal-HTML
Fastly-Backend-Name
PFcat
Wxu-Next-Commit
X-Auto-Login
X-Backend-State
Wxu-Next-Region
X-Cache-Date
Wxu-Next-Hostname
X-Branch-Name
X-Gamma-Serve
X-Policy
X-Request-Start
X-Owner
X-OVcl
X-Method
X-Old-Content-Length
X-Skip-Cache
X-Varnish-Cacheable
X-Irp-Debug
X-Platform
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-VarnishDD-TTL
X-Webstats-RespID
X-Location
X-LI-UUID
X-Geo-Header
X-Gzip
X-Generated-On
X-Esi-Check
X-Developers
X-Dispatcher-Server
X-Has-Esi
X-HN
X-Li-Fabric
X-Li-Pop
X-Level-Front-Cache
X-JWT-State
X-HS-Content-Campaign-Id
X-Is-Gdpr
X-Cache-Id
X-OVcl-Cache
X-Fastcgi-Cache
Akamai-GRN
CacheControlHeader
AKAMAI
X-Bc-Bl
Backend
X-UA
X-Cache-Tags
X-CGP
X-Bip
X-Eu-Site
X-Mvc-Supplant-Cachable
X-PF-Uncompressing
X-Clientip
X-Cache-NGX
Rt-Fastcgi-Cache
X-Varnish-Ttl
X-Fastly-Backend
X-Reqid
X-Render-Time
X-Csrf-Jwt
C-Via
Pagetype
X-Request-Host
L5d-Success-Class
Ha-Gx-Prefs
HA-Ipaddr
X-SN
X-Thanos
X-Cache-Remote
XServer
X-Sql-Count
X-Core-Mission
X-Content-Age
X-Wa
X-DC
X-CS
X-Sql-Duration-Ms
X-Slack-Backend
X-Hash
X-Refresh
X-Transaction
X-Twitter-Response-Tags
X-EIG-Tracking-Id
X-Minions-Version
X-Aicache-OS
FSS-Proxy
UCS
X-TA-CDN-Provider
Country-Code
X-Ftr-Cache-Host
X-SRV
X-Amz-Meta-Cb-Modifiedtime
X-NODE
Surrogated-Key
Hostname
X-Accel-Expires-Debug
X-Www-Served-By
NGX
X-Date
X-NU-AKA-ACS-Version
Cache-Hits
X-NGENIX-Cache
X-S-Maxage
X-Hp-Webp
X-RateLimit-Remaining
X-Via-Poph
X-Up
X-Servedbyhost
X-LI-Proto
X-Req
X-Edge-Location
X-Via-Popn
X-Vgn-Hpd-Variations-Key
X-Presslabs-Stats
X-Vgn-Hpd-Cached
X-Check-Cacheable
X-Dc
X-LB-ID
X-Cdn-Srv
X-FPC
X-Mvc-Supplant-OutputCached
Mail-Subject
Protected
Group
Ufe-Result
X-Debug-Cache-Fetch
Memcached
We-Hiring
X-Debug-Cache-Store
X-Cache-URL
Time
X-Proxy-Upstream
X-Varnish-Hostname
GeoIp-Country-Code
Geoip-Latitude
X-Nginx-Cache
ServedBy
X-Ua-Device
X-Via-Edge
Edge-Copy-Time
X-Via-SSL
X-Svr
On-Server
X-CACHE-AGE
HostName
Now
X-Request-Time
X-BC
X-ZONE
X-Dynatrace-Js-Agent
T-Server
X-CSRF-TOKEN
X-Agile
X-Agile-Age
X-VCL-Version
X-Webkit-Csp
X-Agile-Id
X-Pass-Why
X-NGINX-Cache
X-Acc-Rdl
X-Cluster-Node
X-FORWARDED-FOR
X-Cs
X-Uri
X-MP-GENERATED-AT
Server-Host
WZWS-RAY
Pics-Label
M-TraceId
N-Cache
X-Varnish-Hits
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-UnsetCookies
Section-Io-Origin-Status
SID
Section-Io-Id
X-SB
X-LiteSpeed-Cache-Control
Magicmarker
X-Datadome
ProcessTime
X-Cdn-Forward
X-VC
X-TT-LOGID
X-Bc
X-Zone
Arc-Country
X-Srv
X-Erf-Stays-Bingo-Pdp-Web
X-CF-Powered-By
X-Via-Popv
X-HS-Status
X-Info
X-APP
Apigw-Requestid
Ohc-File-Size
Xserver
DSUID
X-UA-Device-Type
NtCoent-Length
Cdn-Host
X-Edge-Server
X-We-Are-Hiring
Cdn-Request-Time
VivaBuild
User-Cache-Control
Cteonnt-Length
Viewtype
Cache-Name
Odigeo-Trace-Id
User-Agent
Ohc-Cache-HIT
W
CF-IPCountry
X-MSEdge-Features
X-Action
CountryCode
X-Origin-Date
Tracecode
Memory
X-MSEdge-Flight
X-RunCloud-Cache
X-Via-Ucdn
Processtime
Server-Info
LB
Srv
X-DB
X-Magnolia-Registration
X-RPS
X-Tb
X-DW
X-DI
X-DSS
X-RSL
Sid
S-Rt
X-RPM
CDN
X-Oss-Cdn-Auth
WWW-Authenticate
Ssr
X-HOST
X-Newrelic-App-Data
Lfy
X-Vgn-Hpd-Ssi
WebServer
X-Dynatrace
X-HITS
X-Browser-Type
X-Cache-Hm
Path
MIME-Version
IsBot
Locid
X-Cache-Hfrom
X-Thinkindot-L3
Server-Ext
Server-Hostname
Sever-Int
X-Loc
SR-User-Adfree
Instruction
X-Response-By
X-Vcl-Version
X-Origin-Time
X-Origin-CC
X-Nyt-Route
X-Origin-TTL
X-SD-PageType
X-Pjax-Url
X-Request-URI
X-SIPLIST1
X-Node-Id
X-Matched-Rule
X-User
Amp-Access-Control-Allow-Source-Origin
X-SRCache-Key
Geo-Info
X-Nginx-Cache-Key
CDCHOST
Server-ID
X-Block-Status
X-Hnp-Log
X-BBC-Edge-Cache-Status
X-Varnish-Url
X-VServer
X-Cache-ASPX
X-Cache-Info
Thinkindot-CacheControl
X-Cache-Expires
X-Developer
X-Contensis-Viewer-Groups
X-Gdpr
V-Age
True-Client-Country-4JS
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Unique-ID
Vix-Hermes-Req-Id
X-Gen-Mode
X-Varnish-Authentication
X-API-Version
Web-Mar-Node
X-Webkit-CSP-Report-Only
X-Hit
X-Geo
Pramga
X-Origin-Expires
X-Fetched-On
Release
X-BBXSRF
X-Generated-In
X-Azure-Ref-OriginShield
X-GeoIP-City
X-Device-Os
X-Cdn-Origin
X-Cc-Req-Id
D-Cc-Upstream
X-Scheme
X-NodeID
Cache-Host
X-Cc-Via
X-Server-IP
A
X-SVT-ORM-RULES
X-Newrelic-Synthetics
X-Swa-Ws
X-Trace-Id
X-Fastly-Country-Code
X-FC-Vary-Parameters
X-Var-Ttl
X-Sn-Servicetimems
X-SVT-ORM-VERSION
X-CACHE-KEY
X-Lb-Id
GeoIP-Country-Code
X-Traceid
Lb
X-Oracle-Dms-Rid
X-Akamai-Request-ID2
GeoIP-Latitude
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Provided-By
Cf-Device-Type
X-Nc
X-Fpc
X-Envoy-Upstream-Healthchecked-Cluster
X-Via-NSCOPI
Cdn
Source
X-Epic-Correlation-Id
X-Cache-Tag
X-Origin-Response-Time
X-Li-Proto
X-Men
Accept-Language
FNAC-ModuleRouting
X-ServedByHost
X-Fastly-Request-Id
Expiry
X-StackifyID
X-SERVER-NAME
X-Via-PopH
X-Via-PopV
X-Served-From
X-Amzn-Remapped-Connection
Server-Ttl
X-Via-PopN
X-Sigma
X-Sigma-Backend
Esi-Enabled
X-Amzn-Remapped-Date
X-TH-Server
X-Akamai-Pragma-Client-IP
X-Rocket-Build-Number
Cache-Key
Kp-EeAlive
Actual-Object-TTL
X-ORACLE-APMCS-REQUEST-ID
Content-Style-Type
Content-Script-Type
Cache-Provider
X-Parent-Response-Time
X-Instart-Request-ID
X-Key
Url
X-No-Cache
X-ServiceProvider
X-RateLimit-Limit-Second
X-VC-Cache
Req-Svc-Chain
X-RateLimit-Remaining-Second
X-B3-SpanId
X-WA
Xkeyi7
EpKe-Alive
X-Mobile-Rewrite
X-Proxy-Cachei7
X-ElasticPress-Query
X-Batcache
X-Akamai-Request-ID
X-Yottaa-OS
X-MiniProfiler-Ids
X-Vgn-Hpd-Reason
X-Request-URL
Content-Secure-Policy
X-Agile-Brick-Ok
X-Tt-Logid
X-Vcache
Tcn
X-RateLimit-Limit
Inserted-Into-Cache-At
Location
X-HostName
BehaviorPad-Version
X-BBC-Origin-Response-Status
X-B3-Parentspanid
X-Instart-Info
X-Dispatch
X-PJAX-URL
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Hits
X-Varnish-Beresp-TTL
X-ND-Cache
URI
X-Apw-Access-Action
Origin-Edge-Control
Origin-Cache-Control
Proxy-Firewall
Who
X-Selected-Scheme
X-Selected-Name
X-Selected-Host-Header
X-Geo-Region
Vha6-Origin
X-TraceId
DataCenter
X-RAMCache
X-Dw-Trace-Id
Mime-Version
Powered-By
HitType
Cf-Alt-Svc
X-C
Pragrma
Resin-Trace
X-Snapshot-Date
PICS-Label
Xet-Cookie
NnCoection