Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
CF-RAY
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-Served-By
X-Xss-Protection
CF-Ray
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-DNS-Prefetch-Control
P3p
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
Upgrade
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
Keep-Alive
X-Template
X-Via
X-Language
X-Ws-Request-Id
Feature-Policy
X-Age
X-Dns-Prefetch-Control
X-Backend
X-Cache-Group
X-Hacker
X-Server
X-Amz-Request-Id
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
X-UA-Device
EagleId
X-Proxy-Cache
Request-Context
X-Turbo-Charged-By
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Host-Header
Grace
X-Buckets
Report-To
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Vhost
X-Amz-Version-Id
Cf-Bgj
X-Host
X-Dispatcher
X-Device
X-Backend-Server
NEL
X-WebKit-CSP
X-Node
Surrogate-Control
X-Ruxit-JS-Agent
X-Cache-Lookup
X-Response-Time
Content-Location
Request-Id
X-Server-Id
X-Origin-Cache
X-Akam-SW-Version
X-Ac
X-ASPNET-VERSION
EagleEye-TraceId
Accept-CH-Lifetime
X-Country
X-HW
X-Mod-Pagespeed
Rating
Accept-CH
X-Readtime
X-Cloud-Trace-Context
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Application-Context
Pinterest-Generated-By
Edge-Control
X-Country-Code
Allow
X-Url
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Vname
X-TtlSet
X-PC
X-DataDome
X-Varnish-TTL
X-Cnection
X-Origin-Upstream-Status
X-MS-InvokeApp
X-GitHub-Request-Id
Fusion-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Deployment-Id
X-Content-Type
X-D2id
X-Clacks-Overhead
X-Webkit-CSP
X-Trace
X-ESI
X-Abt-Application-Version
X-Server-Name
X-Middleton-Display
X-Middleton-Response
Pagespeed
Display
X-Pinterest-Rid
Response
X-Sol
Pinterest-Version
X-Px
X-Vcap-Request-Id
X-Navigation-Version
X-Rack-Cache
X-FTR-Request-ID
Verso
X-B3-TraceId
X-DynaTrace
X-Cached
Service-Worker-Allowed
MS-Author-Via
X-Element-Page-Cache
X-Fastly-Request-ID
Accept-Ch
X-Client-IP
Arr-Disable-Session-Affinity
X-Cache-TTL
X-Dw-Request-Base-Id
X-TTL
X-Powered-By-Plesk
Content-MD5
X-Upstream
X-Version
AR-Request-ID
AR-PoweredBy
AR-CACHE
AR-ATIME
Ar-Sid
SPRequestGuid
X-SharePointHealthScore
X-Forwarded-Proto
X-FastCGI-Cache
Fastly-Restarts
X-NF-Request-ID
X-Debug
X-CST
X-VARITI-CCR
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja
X-Kinja-Revision
X-Exp-Variant
X-Use-Magma
X-Kinja-Server
X-Exp-Id
X-Cdn-Fetch
X-T
X-Goog-Hash
X-Server-ID
Access-Control-Request-Method
X-Jurisdiction
X-XRDS-Location
X-Powered-CMS
X-MSEdge-Ref
TP-L2-Cache
TP-Cache
X-Release
X-Content-Digest
X-Edge
S
SPIisLatency
SPRequestDuration
TCN
X-Ttl
X-Amz-Rid
X-Pinterest-Direct
RTSS
X-NWS-LOG-UUID
Cache-Tag
X-PressLabs-Stats
Public-Key-Pins
X-Ezoic-Cdn
X-Node-Name
X-Yandex-Sdch-Disable
Fastcgi-Cache
X-Request-Received
X-Request-Processing-Time
X-Cache-Key
X-MCACHE
X-Mid
Accept-Ch-Lifetime
Server-Node
X-Accel-Expires
Front-End-Https
X-Amzn-Trace-Id
X-Logged-In
X-Cache-Hit
X-Ratelimit-Remaining
X-Ser
X-Request-Handler-Origin-Region
X-Microsite
X-Kinsta-Cache
X-Recruiting
ServerID
X-Page-Id
X-Origin-Server
Accept-Charset
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Host
Alternate-Protocol
X-Mg-S
X-B
X-Content-Security-Policy-Report-Only
X-Shield-Request-Id
X-Varnish-Age
X-Grace
X-Forwarded-For
X-Mobile-URL
X-Amz-Server-Side-Encryption
X-DIS-Request-ID
Nginx-Cache
X-Hostname
X-Ratelimit-Limit
Filterid
Edge-Cache-Tag
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Backend
X-FireWall-Port
X-FTR-Realm
X-FTR-DC
X-FTR-Backend-Server
X-ECACHE
X-FTR-Expires
X-Seen-By
X-HP-Webp
Realpath
X-Load-Cache
X-Content-Options
X-Hits
X-Git-Hash
X-LB-Cache
X-F-Cache
X-AppVersion
X-Jobs
X-Activity-Id
X-N
X-Az
X-App-Environment
X-Request-Guid
X-Type
MicrosoftSharePointTeamServices
X-Varnish-Backend
X-Varnish-Grace
Fastcgi-Useragent
X-Rid
Paypal-Debug-Id
Cache-Tags
X-TEC-API-ROOT
DynaTrace
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Daa-Tunnel
X-Zen-Fury
X-Id
X-Proxy
Cleartype
X-Upgrade-Enabled
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Access-Control-Allow-Method
X-FB-Debug
X-Cached-By
X-WebKit-CSP-Report-Only
X-App-Server
X-Akamai-Edgescape
X-Cache-Age
Powered-By-ChinaCache
X-Amz-Meta-S3cmd-Attrs
DC
X-Geo-Country
X-Cache-Operation
Content-Disposition
X-Cache-Rule
X-Content-Powered-By
X-Correlation-ID
X-User-Agent
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-Host-Name
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-HS-Combine-CSS
X-Wix-Request-Id
X-IPLB-Instance
X-B-Cache
X-AOL-HN
X-B3-Sampled
X-Signature
X-Response-Served-From
X-Accel-Buffering
X-Respond-Thread
X-Original-Request-Id
X-Debug-Info
Healthy
MS-CV
X-Ua
X-Whom
AMP-Access-Control-Allow-Source-Origin
X-Region
Akamai-Age-Ms
X-Rendered-As
X-Is-Bot
X-HTML-Minification-Powered-By
Payment
X-Distributor
X-UUID
X-VCache
X-FW-Type
X-FW-Dynamic
X-FW-Static
X-FW-Server
X-FW-Serve
X-Rule
X-FW-Hash
X-Frontend
X-Cacheable-TTL
X-Mobile
X-Instance
X-Cache-Time
X-Endurance-Cache-Level
Datacenter
Refresh
NGB
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-2
Countrycode
X-Amz-Apigw-Id
X-Amzn-RequestId
Surrogate-Key
X-Via-JSL
X-App-Version
X-XRDS-LOCATION
Nel
X-Acc-Debug-Context
X-Protected-By
S-Cnection
PB-RID
Filters
Liferay-Portal
PB-PID
Arc-Version
X-Varnish-Server
Viewport
X-Backend-Name
Charset
X-Ah-Environment
X-Tec-Api-Origin
X-Tec-Api-Version
X-Oneagent-Js-Injection
X-Tec-Api-Root
X-Hyper-Cache
X-Cache-Expired-At
X-PHP-Backend
X-Cache-Server
X-NewRelic-App-Data
X-Azure-Ref
X-Amz-Replication-Status
Section-Io-Cache
X-Proxy-Cache-Status
X-Fastcgi-Cache
X-Litespeed-Cache
X-Cache-Action
Referer-Policy
Retry-After
X-DynaTrace-JS-Agent
X-Sucuri-ID
X-Source
X-WA-Info
X-Time
GEO-INFO
Version
X-EdgeConnect-Cache-Status
X-Cache-Control
Eomportal-Instance
Cache
Powered
X-RemovedCookies
X-Environment-Context
X-ProcessESI
X-L-Path
X-Real-IP
X-Framework
X-RN-RSRV
X-Yottaa-Metrics
X-Cache-Var-Map
X-Cache-Var
X-ES-SERVER
X-Yottaa-Optimizations
Meta-Geo
Uber-Trace-Id
X-Mode
X-GeoIP
X-Air-Hostname
X-CSRF-Token
X-Revision
Frame-Options
X-From
Ms-Operation-Id
X-RTag
X-Xfnlog-Site
X-Correlation-Id
X-R9-Blue-Green-Version
X-Cache-Host
X-ProxyCache-Status
X-Qloud-Router
X-Time-Microsecs
X-ProxyCache-Key
X-Cache-TTL-Remaining
X-BYPASS-REASON
Mn-Server-Ip
Cross-Origin-Window-Policy
Ec-Rule-Version
Cache-Tv-Group
DB-Nickname
X-Labrador-Cache-Channel
X-Loop
X-OCL
X-Human
X-Hosted-By
Server-Name
X-PCL
X-PHP-Host
X-Server-W
X-TNCMS
X-VWS-Id
X-Hp-Webp
X-FW-Version
X-LJ-Flow-ID
X-AWS-Id
X-Cluster
X-Debug-Cache
X-FB-TRIP-ID
X-Proxied
X-Proxy-Build
X-SaId
X-Origin-Hint
X-Detected-As
X-BCube-Filmed-By
Webcakes-App-Name
X-Amzn-Remapped-Content-Length
Webcakes-Region
X-Timing-Wait
X-Routing-Service
X-Redis-Cache
Property-Id
X-Zipkin-Id
X-Site-Version
X-NYM-Debug-Backend
X-Status
TWC-Privacy
X-Hl-Ver
X-Handled-By
TWC-Locale-Group
TWC-Device-Class
X-JoinUs
Selected-Fe
X-Locale
Webcakes-App-Version
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Connection-Speed
X-ServerID
X-Generated-By
X-Format
X-Ratelimit-Reset
X-Proto
X-Section
X-Access
X-Drupal-Cache-Contexts
X-Via-Fastly
X-Be
X-Device-Type
X-Unique-Id
X-Sucuri-Cache
X-Cache-PHP
FSS-Cache
X-No-Session
X-ATG-Version
X-Contextid
X-Drupal-Cache-Tags
X-Varnish-Cache-Hits
From-Origin
Webserver
X-FTR-Cache-Host
X-CDN-Forward
CF-Cached-On
X-Origin
OT-Force-Account-Verify
X-NWS-UUID-VERIFY
X-NCache
X-Adobe-Loc
X-Adobe-Content
X-ECache
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Object-Type
X-AIR-PT
X-Oss-Storage-Class
X-GoCache-CacheStatus
Azure-Version
X-TT
Azure-SlotName
X-IPS-LoggedIn
X-Tt-Trace-Host
X-Akamai-Transformed
Azure-InstanceId
X-Tt-Trace-Tag
Azure-SiteName
Azure-RegionName
X-TA-CDN-Provider
X-EIG-Tracking-Id
X-NC
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Bc-Bl
X-IP
X-EC-Lua
X-Cache-Enabled
X-Esi
X-Adobe-Source
X-Backend-Host
Access-Control-Request-Headers
X-APP-VERSION
SD-X-WS
X-CCM
CACHE
X-Ruxit-Js-Agent
X-Cache-2
X-ShopId
X-Storefront-Renderer-Rendered
X-Viewer-Country
X-ShardId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
Upgrade-Insecure-Requests
X-Tumblr-Pixel-3
X-Cache-Backend
X-Shopify-Stage
X-URL
X-Soup
X-Vgn-Hpd-Variations-Key
X-Pubstack
X-ApacheServer
X-Forwarded-Host
X-PERF
X-Cache-Grace
Node
X-TIME
X-Vgn-Hpd-Cached
X-Cdn
X-Storage
X-Cache-Config
X-Cluster-Name
X-Say-Cacheable
Cache-Status
Decoy-Debug-Key
X-SayCDN-TTL
X-Say-TTL
Decoy-Debug-TTL
Decoy-Debug-Status
Fastly-SSL
MD5-Digest
X-RCS-CacheZone
X-Processor
X-Request-UUID
X-Rewrite-Enabled
X-Rojux
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-Date
X-D
X-Destination
X-External-Request-Id
X-G
X-S
X-S-Cookie
X-Vtex-Processado-Em
X-VG-WebServer
X-Vtex-Remote-Cache
X-Worker
Xc-Version
X-VG-WebCache
X-Vdms-Version
X-Transaction
X-ScT
X-Trv-Group
X-Twitter-Response-Tags
X-Vdms-Path
X-Connection-Hash
X-CF-Lambda-Fn
Host-ID
Fastcgi-X-Cache-Version
Machine
Meta-Geo-Continent
Mobile-Detection-Method
DCR-Processing-Time-Ms
DCR-Decision-By
Apple-News-Services-Handled
X-Web-Node
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Rendered-Blocks
Surrogated-Key
X-Application
X-Aed
X-ARC
X-B-Cookie
X-Cache-NE
X-Accel-Expires-Debug
X-A-Wwc
X-A-Ccd
X-A
X-A-Dam
X-A-Dcw
X-A-Dgt
X-Varnishpool
X-CF-Lambda-Version
X-Providence-Cookie
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Route-Name
X-Flags
CloudFront-Viewer-Country
CDN-Uid
CDN-RequestId
Fastly-SIE
Fastly-SWR
X-Req
Is-Eu
CDN-RequestCountryCode
CDN-PullZone
CDN-Cache
Adler-Geo
X-LAGOON
CDN-CachedAt
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
CDN-EdgeStorageId
Platform
X-WADP-Cache
X-Micro-Cache
X-Generation-Time
X-Fmm-Version
X-Ms-Request-Id
X-Ms-Version
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Fastly-Cache
X-Envoy-Decorator-Operation
X-VG-TLSProxy
X-Backend-TTL
X-Variation
X-Servername
X-DPWN-IS-SECURE
X-Clara-WADP
X-Varnish-Beresp-Grace
X-UA
X-TX-ID
X-NGENIX-Cache
Time
Backend
Country
X-Bip
X-Cache-Bucket
X-Auto-Login
Wxu-Next-Region
X-Backend-State
X-Cache-NGX
X-Cms-Context
X-Core-Mission
X-Clientip
X-Cache-URL
Wxu-Next-Hostname
X-Cache-Id
We-Hiring
Gh-Request-Id
Group
X-UPSTREAM-Address
Fastly-Drupal-HTML
Country-Code
L
Mail-Subject
Ufe-Result
X-Core-Value
Rt-Fastcgi-Cache
Origin
NM-Fastcgi-Cache
Wxu-Next-Commit
X-Dispatcher-Server
X-Request-Host
X-Request-Start
X-Render-Time
X-Policy
X-Platform
X-Slack-Backend
X-SN
X-Webstats-RespID
X-Platform-Server
X-Varnish-Cacheable
X-Up
X-Thanos
X-Owner
X-OVcl-Cache
X-Hash
X-HS-Content-Campaign-Id
X-Gzip
X-Fastly-Backend
X-Esi-Check
X-Li-Fabric
X-Li-Pop
X-Minions-Version
X-OVcl
X-Microcachable
X-Method
X-LI-UUID
X-CUA
X-Skip-Cache
Akamai-GRN
C-Via
X-Varnish-Ttl
Now
X-JWT-State
X-Csrf-Jwt
X-Gamma-Serve
X-Mvc-Supplant-Cachable
X-Is-Gdpr
X-Irp-Debug
Memcached
X-Old-Content-Length
X-Reqid
X-Level-Front-Cache
X-CS
X-Content-Age
X-CGP
CacheControlHeader
X-Cdn-Srv
X-Cache-Tags
AKAMAI
X-VarnishDD-TTL
PFcat
X-Developers
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Cache-Date
Fastly-Backend-Name
X-Generated-On
X-Eu-Site
X-Amz-Meta-Cb-Modifiedtime
X-Edge-Location
X-DefHash
X-Wikidot-Backend
X-HN
L5d-Success-Class
X-Has-Esi
X-Wikidot-Static-Cache
X-DefElseHash
HA-Ipaddr
Ha-Gx-Prefs
X-CACHE-AGE
X-Aicache-OS
X-Proxy-Upstream
X-Location
Pagetype
X-Wa
X-Geo-Header
FSS-Proxy
X-Pinterest-Sli-Endpoint-Name
X-Pinterest-Sli-Response-Type
X-Pinterest-Sli-Latency-Threshold
X-Cache-Debug
X-Session-Fingerprint
UCS
X-Refresh
X-Branch-Name
X-LB-ID
HostName
X-NODE
X-PF-Uncompressing
X-Via-Poph
X-Agile-Id
X-Agile-Age
X-Via-Popn
X-Agile
X-BC
X-ZONE
X-Ftr-Cache-Host
X-DC
X-Page-View
X-RateLimit-Remaining
X-B3-Traceid
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Dc
X-GEO
NGX
X-B3-Spanid
M-TraceId
X-LI-Proto
X-Servedbyhost
SRV
X-Datadome
X-Cdn-Forward
Xserver
X-Mvc-Supplant-OutputCached
X-Ua-Device
X-Nginx-Cache
X-Via-CDN
Arc-Country
X-Instart-Request-ID
X-SERVER
X-Edge-Server
Cdn-Request-Time
Cdn-Host
X-Varnish-Hostname
VivaBuild
Viewtype
X-Check-Cacheable
X-Request-Time
Hostname
X-NU-AKA-ACS-Version
X-Via-Ucdn
X-SERVER-NAME
X-RunCloud-Cache
X-UnsetCookies
X-Zone
X-Bc
X-Sql-Count
X-Sql-Duration-Ms
Srv
X-VCL-Version
X-APP
X-Action
WebServer
X-Cluster-Node
X-FPC
X-Srv
Memory
X-CF-Powered-By
X-Cs
X-Vgn-Hpd-Ssi
X-RSL
X-Cache-Remote
X-RPS
X-RPM
X-HS-Status
X-DW
X-DI
X-DSS
X-Via-Edge
WWW-Authenticate
Edge-Copy-Time
X-DB
X-LiteSpeed-Cache-Control
X-Via-SSL
X-Via-Popv
X-Unique-ID
X-Www-Served-By
X-NGINX-Cache
X-LLID
X-SRV
ProcessTime
X-Svr
On-Server
X-ORACLE-APMCS-REQUEST-ID
Actual-Object-TTL
X-MP-GENERATED-AT
X-Oss-Cdn-Auth
X-S-Maxage
Cache-Hits
NtCoent-Length
X-Geo
X-Vcache
ServedBy
SID
X-Hit
Sid
X-Dynatrace-Js-Agent
Apigw-Requestid
GeoIp-Country-Code
Geoip-Latitude
GeoIP-Latitude
GeoIP-Country-Code
X-We-Are-Hiring
Geo-Info
User-Agent
X-CSRF-TOKEN
W
T-Server
Amp-Access-Control-Allow-Source-Origin
XServer
Processtime
Server-Info
X-Akamai-Request-ID2
X-Webkit-CSP-Report-Only
LB
X-FORWARDED-FOR
X-Pass-Why
Ohc-File-Size
X-MSEdge-Features
X-ID
X-MSEdge-Flight
X-Epic-Correlation-Id
X-HOST
X-Nc
X-Fpc
X-Pjax-Url
X-Envoy-Upstream-Healthchecked-Cluster
Server-Host
X-Presslabs-Stats
Cdn
N-Cache
S-Rt
X-Tb
Pics-Label
X-Vcl-Version
X-Varnish-Hits
X-HITS
X-FC-Vary-Parameters
X-SB
Magicmarker
WZWS-RAY
Protected
X-VC
Accept-Language
X-Cache-Hfrom
X-Cache-Hm
CF-IPCountry
X-Mobile-Rewrite
X-Key
X-Info
X-Erf-Stays-Bingo-Pdp-Web
X-Fastly-Country-Code
Cteonnt-Length
A
Esi-Enabled
X-Uri
X-CACHE-KEY
Ohc-Cache-HIT
X-COUNTRY
CDN
Origin-Edge-Control
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Via-NSCOPI
Origin-Cache-Control
Lb
X-Instart-Info
Proxy-Firewall
X-Newrelic-Synthetics
X-Amzn-Remapped-Date
X-Dispatch
X-Amzn-Remapped-Connection
Tracecode
X-TT-LOGID
X-Acc-Rdl
Ssr
X-Newrelic-App-Data
Section-Io-Origin-Status
X-B3-SpanId
DSUID
Section-Io-Id
X-Li-Proto
X-Provided-By
X-Geo-Region
X-ServedByHost
Section-Io-Origin-Time-Seconds
X-StackifyID
Section-Origin-Responded
User-Cache-Control
Powered-By
Odigeo-Trace-Id
Cache-Name
X-Dynatrace
X-UA-Device-Type
Cache-Key
X-Akamai-Pragma-Client-IP
X-Magnolia-Registration
Lfy
X-RAMCache
X-TH-Server
Server-Ttl
HitType
X-Served-From
X-Origin-Date
X-Cache-Tag
X-Origin-Time
Vix-Hermes-Req-Id
X-Origin-Expires
True-Client-Country-4JS
X-Origin-TTL
V-Age
X-Scheme
Release
X-Matched-Rule
X-BBC-Edge-Cache-Status
Path
Locid
MIME-Version
Server-Ext
Server-Hostname
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
SR-User-Adfree
Sever-Int
Server-ID
IsBot
Instruction
X-Node-Id
X-Cache-ASPX
D-Cc-Upstream
X-Cache-Expires
X-Cache-Info
X-Nyt-Route
X-Cc-Req-Id
X-Cc-Via
FNAC-ModuleRouting
Thinkindot-Control
CDCHOST
X-Nginx-Cache-Key
X-Men
X-Origin-CC
X-ServiceProvider
X-SVT-ORM-RULES
BehaviorPad-Version
X-SVT-ORM-VERSION
X-SRCache-Key
X-VServer
X-Developer
X-RateLimit-Limit-Second
X-SIPLIST1
X-ElasticPress-Query
X-TrackingId
X-GeoIP-City
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Varnish-Authentication
X-User
X-VC-Cache
X-Gdpr
X-Thinkindot-L3
X-Varnish-Url
X-Sigma-Backend
X-Response-By
X-Rocket-Build-Number
X-Loc
Cache-Provider
X-Request-URI
X-Contensis-Viewer-Groups
X-RateLimit-Remaining-Second
X-Generated
Fastcgi-Cache-TTL
X-SD-PageType
X-Lb-Id
X-Sigma
X-Server-IP
X-API-Version
X-Via-PopN
X-Via-PopH
X-Via-PopV
X-No-Cache
X-Azure-Ref-OriginShield
X-Hnp-Log
X-Block-Status
X-Device-Os
X-Cdn-Origin
X-BBXSRF
X-Fetched-On
X-Gen-Mode
X-Generated-In
X-App
X-Swa-Ws
X-LiteSpeed-Tag
X-Sn-Servicetimems
X-Trace-Id
X-Traceid
X-Agile-Brick-Ok
Xet-Cookie
X-Var-Ttl
Web-Mar-Node
X-Batcache
Cache-Host
Kp-EeAlive
Pramga
X-Cache-Spec
X-NodeID
X-WA
X-Tt-Logid
Tcn
X-Parent-Response-Time
Who
X-Planisys-CDN-Cache
X-Pf-Uncompressing
X-Yottaa-OS
X-PJAX-URL
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-HostName
Inserted-Into-Cache-At
Dnion-Transfer-Encoding
X-RateLimit-Limit
Cf-Alt-Svc
X-Varnish-Beresp-TTL
X-Selected-Host-Header
X-Selected-Name
CountryCode
X-Selected-Scheme
X-BACKEND-TTL
X-Path-Route
Source
X-Request-URL
X-TraceId
X-CacheTTL
Cf-Ipcountry
X-Snapshot-Date
X-BBC-Origin-Response-Status
Cf-Device-Type
Req-Svc-Chain
X-Proxy-Cachei7
X-C
Mime-Version
X-Apw-Access-Action
Pragrma
X-Vgn-Hpd-Reason
X-MiniProfiler-Ids
X-Dw-Trace-Id
PICS-Label
X-Apw-Access-Token
Vha6-Origin
X-Apw-Access-Object
Resin-Trace
X-Apw-Hits