Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Pragma
Link
X-Powered-By
ETag
X-XSS-Protection
Expect-CT
CF-RAY
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Cache-Hits
P3P
Alt-Svc
X-Served-By
CF-Ray
X-Timer
X-Download-Options
X-Xss-Protection
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
P3p
X-Content-Security-Policy
Status
Content-Encoding
X-CDN
X-AspNetMvc-Version
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Ua-Compatible
X-Age
X-Cache-Group
X-Server
X-Backend
X-Amz-Request-Id
X-Hacker
X-Robots-Tag
X-Amz-Id-2
Request-Context
X-UA-Device
X-AH-Environment
X-Proxy-Cache
EagleId
X-Turbo-Charged-By
X-Server-Powered-By
X-Dns-Prefetch-Control
Server-Timing
X-Nginx-Cache-Status
Grace
Host-Header
X-Template
Report-To
X-Language
X-Rq
Xkey
X-Page-Speed
X-Varnish-Cache
X-OneAgent-JS-Injection
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-Vhost
X-Buckets
X-Host
X-WebKit-CSP
X-Backend-Server
NEL
X-Server-Id
X-Dispatcher
X-Device
Surrogate-Control
X-Node
Request-Id
X-Ruxit-JS-Agent
Content-Location
Accept-CH-Lifetime
EagleEye-TraceId
X-Response-Time
Accept-CH
X-Akam-SW-Version
X-Cache-Lookup
X-Origin-Cache
X-Ac
Allow
X-Readtime
X-Country
Rating
X-Mod-Pagespeed
X-HW
X-Application-Context
X-Cloud-Trace-Context
X-ORACLE-DMS-ECID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Edge-Control
X-ORACLE-DMS-RID
Pinterest-Generated-By
X-MS-InvokeApp
X-CST
X-PC
X-Vname
X-TtlSet
X-Cnection
X-Country-Code
X-Varnish-TTL
X-DataDome
X-ASPNET-VERSION
X-GitHub-Request-Id
X-Content-Type
X-D2id
X-Clacks-Overhead
X-Trace
X-Middleton-Display
X-Sol
X-Server-Name
Response
X-Middleton-Response
Display
Pagespeed
MS-Author-Via
X-TTL
Pinterest-Version
X-Pinterest-Rid
X-Origin-Upstream-Status
X-ESI
X-FastCGI-Cache
X-B3-TraceId
X-Vcap-Request-Id
X-Px
X-Rack-Cache
X-Abt-Application-Version
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Source
X-Navigation-Version
Service-Worker-Allowed
X-Url
Verso
Arr-Disable-Session-Affinity
X-Client-IP
X-Cache-TTL
X-Element-Page-Cache
X-Cached
X-Fastly-Request-ID
X-Webkit-CSP
X-Dw-Request-Base-Id
X-FTR-Request-ID
X-DynaTrace
X-VARITI-CCR
SPRequestGuid
X-SharePointHealthScore
X-Cdn-Fetch
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja
X-Use-Magma
X-Exp-Id
X-Exp-Variant
X-Kinja-Server
X-Goog-Hash
X-Powered-By-Plesk
X-Upstream
X-NF-Request-ID
Fastly-Restarts
X-Pinterest-Direct
AR-ATIME
AR-Request-ID
AR-CACHE
AR-PoweredBy
Ar-Sid
X-Debug
Content-MD5
SPRequestDuration
SPIisLatency
X-MSEdge-Ref
X-Powered-CMS
X-Forwarded-Proto
Access-Control-Request-Method
X-Amz-Rid
X-Release
X-Version
X-T
X-Jurisdiction
S
X-Edge
X-Content-Digest
X-XRDS-Location
RTSS
TCN
Accept-Ch
Public-Key-Pins
TP-L2-Cache
TP-Cache
X-Ezoic-Cdn
Cache-Tag
X-Litespeed-Cache
X-Cache-Key
Front-End-Https
X-MCACHE
X-Mid
X-Node-Name
X-Mg-S
Server-Node
X-Yandex-Sdch-Disable
X-Amz-Server-Side-Encryption
X-HP-Webp
X-Request-Processing-Time
Fastcgi-Cache
X-Request-Received
X-Recruiting
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-PressLabs-Stats
X-Accel-Expires
X-Amzn-Trace-Id
X-Ser
X-Grace
X-Kinsta-Cache
X-Request-Handler-Origin-Region
X-Microsite
MicrosoftSharePointTeamServices
X-NWS-LOG-UUID
X-Origin-Server
X-Varnish-Age
X-Ttl
Accept-Charset
X-Logged-In
ServerID
X-DIS-Request-ID
Edge-Cache-Tag
Host
Nginx-Cache
X-Page-Id
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-ECACHE
Powered-By-ChinaCache
X-Ratelimit-Remaining
X-Cache-Hit
X-Forwarded-For
X-Hits
X-Server-ID
Cache-Tags
X-B
X-F-Cache
X-LB-Cache
Cleartype
X-Respond-Thread
X-Mobile-URL
X-Activity-Id
X-AppVersion
X-Az
X-Git-Hash
Accept-Ch-Lifetime
X-Upgrade-Enabled
Realpath
X-N
X-Cached-By
X-Hostname
X-Kong-Proxy-Latency
X-Amz-Meta-S3cmd-Attrs
X-Kong-Upstream-Latency
X-Content-Options
X-Load-Cache
Alternate-Protocol
X-Rid
X-Type
X-Ratelimit-Limit
DynaTrace
X-Varnish-Backend
Paypal-Debug-Id
X-Request-Guid
X-App-Environment
X-Jobs
Access-Control-Allow-Method
Fastcgi-Useragent
X-FTR-Realm
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-DC
X-Country-Code-Real
X-FTR-Expires
X-Cache-Age
X-Seen-By
X-WebKit-CSP-Report-Only
X-Proxy
Charset
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Generation
X-URL
X-Goog-Storage-Class
X-VCache
X-B3-Sampled
X-Zen-Fury
X-Akamai-Edgescape
Filters
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-IPLB-Instance
X-FireWall-Port
X-B-Cache
X-Signature
X-FB-Debug
MS-CV
Healthy
X-Mobile
X-AOL-HN
Viewport
X-Debug-Info
X-Whom
X-Host-Name
X-Varnish-Grace
Filterid
X-Daa-Tunnel
DC
X-Region
X-Geo-Country
X-User-Agent
AMP-Access-Control-Allow-Source-Origin
Payment
X-Correlation-ID
Liferay-Portal
X-Frontend
X-Accel-Buffering
X-Original-Request-Id
X-Response-Served-From
X-Cache-Operation
X-XRDS-LOCATION
X-App-Server
X-Cache-Rule
X-HTML-Minification-Powered-By
X-Id
X-Tumblr-User
X-Tumblr-Pixel
X-Instance
X-Distributor
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
Surrogate-Key
X-UUID
X-Tumblr-Pixel-2
X-Amz-Replication-Status
X-Rule
X-FW-Serve
X-Cacheable-TTL
X-FW-Hash
X-FW-Server
X-Protected-By
X-FW-Type
X-FW-Dynamic
X-FW-Static
X-Cache-Time
Refresh
X-Content-Powered-By
S-Cnection
Section-Io-Cache
X-Cache-Expired-At
X-Acc-Debug-Context
X-Via-JSL
X-Tec-Api-Origin
Version
X-Tec-Api-Version
X-Tec-Api-Root
X-Rendered-As
X-Wix-Request-Id
X-Is-Bot
X-Hyper-Cache
X-Cache-Action
Nel
X-Sucuri-ID
Content-Disposition
X-Backend-Name
CACHE
Server-Name
X-Ah-Environment
X-Ua
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Oneagent-Js-Injection
Retry-After
X-Air-Hostname
GEO-INFO
PB-RID
X-Endurance-Cache-Level
Arc-Version
PB-PID
X-Cache-Server
X-App-Version
Datacenter
X-Pinterest-Sli-Endpoint-Name
X-Pinterest-Sli-Response-Type
X-Correlation-Id
X-Source
X-Pinterest-Sli-Latency-Threshold
X-Framework
X-Real-IP
Eomportal-Instance
Webserver
X-RemovedCookies
X-Environment-Context
X-L-Path
X-EdgeConnect-Cache-Status
X-ProcessESI
X-Yottaa-Optimizations
X-Yottaa-Metrics
Referer-Policy
X-Sucuri-Cache
Frame-Options
X-Revision
X-Drupal-Cache-Contexts
Ms-Operation-Id
X-Cache-Spec
X-RTag
Countrycode
X-Varnish-Server
X-Unique-Id
X-Drupal-Cache-Tags
X-Proxy-Cache-Status
X-RN-RSRV
X-Cache-Control
NGB
Meta-Geo
X-Is-Crawler
X-Cache-Var
X-Providence-Cookie
X-Route-Name
X-Cache-Var-Map
X-ES-SERVER
X-Aspnet-Duration-Ms
X-Flags
Akamai-Age-Ms
X-WA-Info
X-Mode
X-BYPASS-REASON
X-ProxyCache-Key
X-ProxyCache-Status
X-Qloud-Router
X-Time-Microsecs
X-Cache-TTL-Remaining
X-Xfnlog-Site
Cache-Tv-Group
X-R9-Blue-Green-Version
X-NewRelic-App-Data
X-Hl-Ver
X-Cache-Host
X-Proto
X-GeoIP
X-PHP-Host
X-Redis-Cache
X-ServerID
X-Server-W
X-Human
Webcakes-Region
Property-Id
Mn-Server-Ip
X-Amzn-Remapped-Content-Length
X-Be
X-AWS-Id
TWC-Connection-Speed
TWC-Device-Class
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Privacy
TWC-GeoIP-Country
Webcakes-App-Name
X-Cluster
X-FW-Version
X-NYM-Debug-Backend
X-No-Session
X-OCL
X-Origin-Hint
X-VWS-Id
X-PCL
X-LJ-Flow-ID
X-Labrador-Cache-Channel
X-Handled-By
Ec-Rule-Version
DB-Nickname
Cross-Origin-Window-Policy
X-Contextid
X-Status
Webcakes-App-Version
X-Azure-Ref
X-DynaTrace-JS-Agent
X-Section
X-Hosted-By
X-Site-Version
X-Routing-Service
X-Access
X-Loop
X-Proxied
X-Timing-Wait
X-TNCMS
X-Zipkin-Id
Selected-Fe
X-Proxy-Build
X-Locale
X-Via-Fastly
X-FB-TRIP-ID
X-Format
X-Detected-As
X-From
X-TIME
X-Adobe-Loc
X-Adobe-Content
X-TT
X-LLID
FSS-Cache
X-CDN-Forward
X-AIR-PT
X-Tt-Trace-Host
Cf-Bgj
X-Tt-Trace-Tag
Uber-Trace-Id
X-Device-Type
X-Cache-PHP
Upgrade-Insecure-Requests
X-Debug-Cache
X-ATG-Version
X-Generated-By
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-BCube-Filmed-By
X-Ratelimit-Reset
X-Aspnetmvc-Version
Azure-SiteName
Azure-Version
Azure-SlotName
Azure-RegionName
X-CSRF-Token
Azure-InstanceId
X-PHP-Backend
Access-Control-Request-Headers
X-NC
X-Varnish-Cache-Hits
X-UPSTREAM-Address
OT-Force-Account-Verify
Cache
X-Page-View
X-NCache
X-Akamai-Transformed
Cache-Status
From-Origin
X-CCM
SD-X-WS
X-Adobe-Source
X-GoCache-CacheStatus
X-Cache-2
X-FTR-Cache-Host
X-Backend-TTL
X-Oss-Storage-Class
X-Origin
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
SRV
X-Varnishpool
CF-Cached-On
X-Cluster-Name
X-G
X-LAGOON
X-ShardId
X-ShopId
X-Cache-Grace
X-Forwarded-Host
X-Shopify-Stage
Country
X-Storefront-Renderer-Rendered
X-Soup
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-PERF
X-ApacheServer
X-Sorting-Hat-ShopId
X-Pubstack
X-Say-TTL
X-Storage
X-Time
Decoy-Debug-Status
Fastly-SSL
X-Say-Cacheable
X-Backend-Host
Decoy-Debug-Key
X-Esi
Decoy-Debug-TTL
X-Web-Node
X-ID
X-SayCDN-TTL
X-SaId
X-Fastcgi-Cache
X-JoinUs
X-APP-VERSION
X-ECache
Node
X-Ruxit-Js-Agent
X-Via-CDN
Powered
X-IP
X-Viewer-Country
X-EC-Lua
X-TX-ID
X-Rewrite-Enabled
Apple-News-Services-Host
DCR-Processing-Time-Ms
X-Request-UUID
X-Cache-NE
Apple-News-Services-Handled
X-Aed
X-A-Dam
X-Vtex-Processado-Em
X-VG-WebServer
X-A-Dcw
X-Destination
X-A-Wwc
X-Vtex-Remote-Cache
X-VG-WebCache
X-Cache-Enabled
X-GEO
Apple-News-Services-Parsed-Url
X-Vdms-Version
X-D
X-A
X-External-Request-Id
X-A-Ccd
X-Connection-Hash
Rendered-Blocks
X-S-Cookie
X-Session-Fingerprint
X-Trv-Group
X-B-Cookie
X-Vdms-Path
X-Processor
Fastcgi-X-Cache-Version
X-ARC
X-A-Dgt
X-ScT
Meta-Geo-Continent
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-Worker
Mobile-Detection-Method
X-RCS-CacheZone
Apple-News-Services-Request-Url
MD5-Digest
Xc-Version
X-S
X-Rojux
DCR-Decision-By
X-CF-Lambda-Fn
X-CF-Lambda-Version
Machine
Host-ID
X-Application
X-Tumblr-Pixel-3
X-Cache-Config
X-CUA
X-Cms-Context
X-DefElseHash
X-DefHash
X-Cache-Bucket
X-Core-Value
X-Clara-WADP
X-Cache-Debug
CDN-PullZone
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Servername
CloudFront-Viewer-Country
X-Platform-Server
X-Platform
X-DPWN-IS-SECURE
CDN-RequestId
CDN-Uid
X-IPS-LoggedIn
X-Variation
X-Varnish-CookieHashed-On
X-Auto-Login
Fastly-SIE
Fastly-SWR
Is-Eu
Gh-Request-Id
X-WADP-Cache
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-VG-TLSProxy
Platform
CDN-RequestCountryCode
X-Fmm-Version
X-Ms-Version
X-Irp-Debug
X-Fastly-Cache
Adler-Geo
X-Generation-Time
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
CDN-CachedAt
CDN-Cache
X-Ms-Request-Id
X-Microcachable
X-Micro-Cache
X-Envoy-Decorator-Operation
CDN-EdgeStorageId
Backend
X-B3-Traceid
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
L5d-Success-Class
NM-Fastcgi-Cache
L
Wxu-Next-Commit
PFcat
X-Backend-State
Rt-Fastcgi-Cache
Pagetype
Origin
Wxu-Next-Hostname
Wxu-Next-Region
X-JWT-State
X-Reqid
X-Skip-Cache
X-Varnish-Cacheable
X-VarnishDD-TTL
X-PF-Uncompressing
X-Owner
X-Mvc-Supplant-Cachable
X-Old-Content-Length
X-OVcl
X-OVcl-Cache
X-Webstats-RespID
X-Wikidot-Backend
X-Request-Host
X-Request-Start
X-SN
X-Thanos
X-Policy
X-Clientip
X-Wikidot-Static-Cache
C-Via
X-Bip
X-Cache-NGX
X-Method
X-Location
X-Dispatcher-Server
X-Esi-Check
X-Eu-Site
X-Fastly-Backend
X-Developers
X-Csrf-Jwt
X-Cache-Date
X-Cache-Id
X-Cache-Tags
X-CGP
X-Gamma-Serve
X-Generated-On
X-Level-Front-Cache
X-Li-Fabric
X-Li-Pop
X-LI-UUID
X-Is-Gdpr
X-HS-Content-Campaign-Id
X-Geo-Header
X-Gzip
X-Has-Esi
X-HN
X-Branch-Name
X-Cache-Backend
Akamai-GRN
X-NWS-UUID-VERIFY
Fastly-Backend-Name
AKAMAI
X-Cache-Remote
X-B3-Spanid
HA-Ipaddr
Fastly-Drupal-HTML
CacheControlHeader
X-Varnish-Ttl
Ha-Gx-Prefs
X-Bc-Bl
X-Render-Time
X-Content-Age
X-Hash
X-COUNTRY
X-Core-Mission
X-Slack-Backend
X-Refresh
X-Sql-Duration-Ms
X-Sql-Count
X-CS
X-Transaction
UCS
X-Twitter-Response-Tags
X-Aicache-OS
FSS-Proxy
X-UA
X-Wa
X-Minions-Version
X-EIG-Tracking-Id
X-DC
X-NODE
X-Www-Served-By
X-SRV
X-Dc
X-CACHE-AGE
X-NU-AKA-ACS-Version
X-Amz-Meta-Cb-Modifiedtime
XServer
Country-Code
Cache-Hits
X-S-Maxage
X-Via-Poph
X-Date
X-Mvc-Supplant-OutputCached
X-RateLimit-Remaining
X-Via-Popn
Protected
Surrogated-Key
X-Accel-Expires-Debug
NGX
X-TA-CDN-Provider
X-NGENIX-Cache
X-Check-Cacheable
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Ftr-Cache-Host
We-Hiring
X-Edge-Location
X-Vgn-Hpd-Variations-Key
HostName
X-Vgn-Hpd-Cached
Mail-Subject
X-Up
X-Req
X-LB-ID
Hostname
X-Via-Edge
Edge-Copy-Time
X-LI-Proto
X-Via-SSL
X-Servedbyhost
On-Server
X-FPC
Memcached
X-Proxy-Upstream
Group
X-Cache-URL
X-Svr
ServedBy
Ufe-Result
X-Cdn-Srv
X-Ua-Device
GeoIp-Country-Code
Time
X-Request-Time
X-Varnish-Hostname
Geoip-Latitude
X-Nginx-Cache
X-Presslabs-Stats
Now
X-Hp-Webp
X-Webkit-Csp
T-Server
X-NGINX-Cache
X-Pass-Why
X-Cdn-Forward
X-Agile-Id
X-Erf-Stays-Bingo-Pdp-Web
X-Agile
X-BC
X-ZONE
X-Agile-Age
X-Cs
X-Uri
Section-Io-Origin-Status
X-Acc-Rdl
WZWS-RAY
X-Cluster-Node
X-VCL-Version
Section-Io-Id
Section-Origin-Responded
Pics-Label
Server-Host
N-Cache
Section-Io-Origin-Time-Seconds
Xserver
X-UnsetCookies
X-Varnish-Hits
X-CSRF-TOKEN
X-MP-GENERATED-AT
X-VC
X-SB
Magicmarker
M-TraceId
X-LiteSpeed-Cache-Control
X-Datadome
X-Bc
X-TT-LOGID
X-Zone
X-Dynatrace-Js-Agent
X-Dynatrace
Ohc-File-Size
SID
X-Srv
DSUID
X-HS-Status
X-Via-Popv
X-CF-Powered-By
X-Info
NtCoent-Length
X-UA-Device-Type
Cache-Name
X-FORWARDED-FOR
Ohc-Cache-HIT
Arc-Country
Processtime
X-We-Are-Hiring
X-APP
Apigw-Requestid
ProcessTime
User-Cache-Control
Odigeo-Trace-Id
User-Agent
X-Origin-Date
W
X-MSEdge-Flight
X-Via-Ucdn
Tracecode
X-MSEdge-Features
Cteonnt-Length
VivaBuild
Sid
Cdn-Request-Time
Cdn-Host
Viewtype
X-Edge-Server
Geo-Info
LB
X-Unique-ID
CF-IPCountry
Ssr
S-Rt
Memory
X-RunCloud-Cache
X-Action
X-Magnolia-Registration
X-HOST
CountryCode
Srv
Lfy
X-Vcl-Version
CDN
Server-Info
WWW-Authenticate
X-DSS
X-DB
X-RPM
X-Tb
X-RPS
X-Oss-Cdn-Auth
X-RSL
X-DW
X-DI
X-HITS
Locid
X-Request-URI
Web-Mar-Node
X-VServer
X-Origin-Time
X-Cache-Hm
X-Cache-Hfrom
X-Origin-TTL
X-BBXSRF
X-Response-By
X-BBC-Edge-Cache-Status
IsBot
X-API-Version
X-Server-IP
X-SRCache-Key
Path
Sever-Int
X-SVT-ORM-RULES
Server-Hostname
X-SVT-ORM-VERSION
Server-Ext
SR-User-Adfree
Thinkindot-CacheControl
V-Age
Vix-Hermes-Req-Id
X-Block-Status
X-SIPLIST1
True-Client-Country-4JS
Thinkindot-CacheControl-Type
Thinkindot-Control
X-SD-PageType
X-Varnish-Url
X-Node-Id
X-Geo
X-Scheme
X-Thinkindot-L3
D-Cc-Upstream
X-Cache-ASPX
X-Nyt-Route
Amp-Access-Control-Allow-Source-Origin
X-User
X-Loc
X-Hnp-Log
X-Cc-Via
X-Cc-Req-Id
X-Nginx-Cache-Key
X-Gen-Mode
X-Origin-Expires
X-Developer
X-Contensis-Viewer-Groups
X-Pjax-Url
X-Cache-Expires
X-Cache-Info
X-Matched-Rule
X-Varnish-Authentication
CDCHOST
X-Gdpr
X-Origin-CC
X-Vgn-Hpd-Ssi
Instruction
WebServer
X-Webkit-CSP-Report-Only
MIME-Version
X-Var-Ttl
X-Fastly-Country-Code
Cache-Host
X-Swa-Ws
X-Azure-Ref-OriginShield
X-Newrelic-App-Data
X-Device-Os
X-Cdn-Origin
Pramga
X-Fetched-On
X-Generated-In
X-NodeID
X-Goog-Meta-Goog-Reserved-File-Mtime
X-GeoIP-City
X-Newrelic-Synthetics
A
X-Sn-Servicetimems
Release
X-Trace-Id
Server-ID
X-CACHE-KEY
X-CLOUD-TRACE-CONTEXT
X-Hit
X-Nc
X-Traceid
X-FC-Vary-Parameters
X-Oracle-Dms-Rid
GeoIP-Country-Code
Lb
GeoIP-Latitude
X-Provided-By
X-ServedByHost
Cf-Device-Type
Cdn
X-Via-NSCOPI
X-Lb-Id
X-Browser-Type
X-Akamai-Request-ID2
X-Fpc
X-Li-Proto
Source
X-Origin-Response-Time
X-Cache-Tag
Tcn
X-Epic-Correlation-Id
X-Men
X-Envoy-Upstream-Healthchecked-Cluster
FNAC-ModuleRouting
X-Fastly-Request-Id
X-Via-PopH
X-Via-PopN
X-Sigma-Backend
X-Rocket-Build-Number
X-Via-PopV
Accept-Language
X-HostName
X-B3-SpanId
X-TH-Server
Kp-EeAlive
X-Sigma
Expiry
X-SERVER-NAME
Server-Ttl
Cache-Key
X-Akamai-Pragma-Client-IP
X-Served-From
X-StackifyID
X-Amzn-Remapped-Connection
Cache-Provider
X-WA
X-Parent-Response-Time
Esi-Enabled
X-Amzn-Remapped-Date
X-Vgn-Hpd-Reason
Content-Style-Type
Content-Script-Type
Url
X-No-Cache
Req-Svc-Chain
X-ServiceProvider
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Agile-Brick-Ok
X-Proxy-Cachei7
Xkeyi7
X-Request-URL
Content-Secure-Policy
X-Tt-Logid
X-Yottaa-OS
Location
X-VC-Cache
X-B3-Parentspanid
X-BBC-Origin-Response-Status
X-MiniProfiler-Ids
X-ORACLE-APMCS-REQUEST-ID
X-Akamai-Request-ID
EpKe-Alive
Actual-Object-TTL
X-ElasticPress-Query
X-Key
X-Instart-Request-ID
X-TraceId
X-ND-Cache
BehaviorPad-Version
URI
Who
X-Batcache
Inserted-Into-Cache-At
Mime-Version
X-RateLimit-Limit
X-Apw-Access-Action
X-PJAX-URL
X-Apw-Access-Object
X-Apw-Hits
X-Apw-Access-Token
X-Varnish-Beresp-TTL
X-Selected-Name
X-Mobile-Rewrite
X-Selected-Host-Header
X-Selected-Scheme
X-Dispatch
X-TrackingId
DataCenter
X-Litespeed-Cache-Control
Server-Id
X-Instart-Info
NnCoection
Xet-Cookie
Origin-Cache-Control
PICS-Label
X-Snapshot-Date
Origin-Edge-Control
Pragrma
X-C
Resin-Trace
Proxy-Firewall
Vha6-Origin