Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-UA-Compatible
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
X-Xss-Protection
CF-Ray
Alt-Svc
X-Served-By
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
P3p
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Backend
X-Cache-Group
X-Server
X-Hacker
X-Amz-Request-Id
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
X-Template
EagleId
Request-Context
X-Proxy-Cache
X-Language
X-UA-Device
X-Turbo-Charged-By
X-Server-Powered-By
X-Dns-Prefetch-Control
Server-Timing
X-Nginx-Cache-Status
Grace
Host-Header
Report-To
X-Rq
X-Page-Speed
Xkey
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-Buckets
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
X-Vhost
X-WebKit-CSP
X-Host
X-Backend-Server
NEL
X-Dispatcher
X-Device
X-Server-Id
Surrogate-Control
X-Node
X-Ruxit-JS-Agent
Accept-CH-Lifetime
Request-Id
Content-Location
Accept-CH
X-Response-Time
EagleEye-TraceId
X-Cache-Lookup
X-Akam-SW-Version
X-Origin-Cache
X-Ac
X-Ua-Compatible
X-Readtime
Allow
Rating
X-HW
X-Mod-Pagespeed
X-Country
X-Cloud-Trace-Context
X-Application-Context
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Pinterest-Generated-By
Edge-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Vname
X-PC
X-TtlSet
X-DataDome
X-Cnection
X-Country-Code
X-MS-InvokeApp
X-Varnish-TTL
X-Content-Type
X-GitHub-Request-Id
X-ASPNET-VERSION
X-D2id
X-CST
X-Origin-Upstream-Status
X-Clacks-Overhead
X-Trace
Display
X-Middleton-Display
Pagespeed
Response
X-Middleton-Response
X-Sol
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Source
Fusion-Content-Id
X-Pinterest-Rid
X-Server-Name
Pinterest-Version
Fusion-Template-Id
Fusion-Component-Id
X-Url
MS-Author-Via
X-Vcap-Request-Id
X-Abt-Application-Version
X-Px
X-B3-TraceId
X-Navigation-Version
X-Rack-Cache
X-FastCGI-Cache
Service-Worker-Allowed
Verso
X-ESI
X-Fastly-Request-ID
X-Client-IP
Arr-Disable-Session-Affinity
Cf-Bgj
X-Cached
X-Webkit-CSP
X-Element-Page-Cache
X-DynaTrace
X-FTR-Request-ID
X-Cache-TTL
X-TTL
X-Dw-Request-Base-Id
SPRequestGuid
X-Powered-By-Plesk
X-SharePointHealthScore
X-VARITI-CCR
X-Kinja-Revision
X-Kinja-Server
X-Goog-Hash
X-Kinja-Build
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-Kinja
X-Upstream
X-Use-Magma
X-GoogleNews-Bot
X-NF-Request-ID
Fastly-Restarts
AR-CACHE
AR-PoweredBy
AR-Request-ID
AR-ATIME
X-Debug
Ar-Sid
Content-MD5
X-Forwarded-Proto
X-MSEdge-Ref
X-Version
X-Powered-CMS
X-Pinterest-Direct
SPIisLatency
SPRequestDuration
X-T
Access-Control-Request-Method
X-Release
X-Jurisdiction
X-Amz-Rid
S
X-Content-Digest
X-Edge
X-XRDS-Location
TCN
X-Ttl
TP-Cache
TP-L2-Cache
RTSS
Cache-Tag
X-Litespeed-Cache
Public-Key-Pins
X-Ezoic-Cdn
X-Node-Name
X-Mid
X-MCACHE
Front-End-Https
X-Yandex-Sdch-Disable
X-Request-Received
X-Request-Processing-Time
Server-Node
Fastcgi-Cache
X-Cache-Key
X-Mg-S
X-Recruiting
X-Amzn-Trace-Id
X-Accel-Expires
X-Ser
X-NWS-LOG-UUID
X-Amz-Server-Side-Encryption
Mrf-Cache-Status
X-Kinsta-Cache
X-B3-TraceId-Primal
MRF-Tech
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-PressLabs-Stats
Accept-Ch
X-HP-Webp
X-Grace
X-Microsite
X-Request-Handler-Origin-Region
X-Origin-Server
Accept-Charset
X-Logged-In
ServerID
X-Varnish-Age
X-Page-Id
X-Cache-Hit
X-DIS-Request-ID
X-Ratelimit-Remaining
Host
X-Shield-Request-Id
Nginx-Cache
MicrosoftSharePointTeamServices
X-ECACHE
Edge-Cache-Tag
X-Content-Security-Policy-Report-Only
X-B
X-Server-ID
X-Hits
X-Hostname
X-Mobile-URL
X-F-Cache
Cache-Tags
X-LB-Cache
X-Activity-Id
Powered-By-ChinaCache
Realpath
X-Az
X-AppVersion
Alternate-Protocol
X-Git-Hash
X-Ratelimit-Limit
X-N
Cleartype
X-Content-Options
X-Cached-By
X-Forwarded-For
X-Respond-Thread
X-Type
X-Load-Cache
X-Upgrade-Enabled
DynaTrace
X-Varnish-Backend
X-Rid
X-Request-Guid
X-Jobs
Paypal-Debug-Id
X-Cache-Age
X-App-Environment
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-Country-Code-Real
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-Seen-By
X-FTR-Expires
X-Correlation-ID
Fastcgi-Useragent
X-Amz-Meta-S3cmd-Attrs
Access-Control-Allow-Method
X-Proxy
X-FireWall-Port
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-WebKit-CSP-Report-Only
X-Zen-Fury
Filterid
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Akamai-Edgescape
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-FB-Debug
X-Varnish-Grace
X-HS-Cache-Config
X-Daa-Tunnel
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-B3-Sampled
X-VCache
X-IPLB-Instance
Charset
X-B-Cache
X-Host-Name
DC
X-Signature
Healthy
X-AOL-HN
MS-CV
X-Mobile
X-Debug-Info
X-Whom
X-Region
X-App-Server
X-User-Agent
X-Geo-Country
Filters
AMP-Access-Control-Allow-Source-Origin
X-URL
X-Cache-Rule
X-Cache-Operation
X-Accel-Buffering
Viewport
X-Response-Served-From
X-Original-Request-Id
X-Frontend
Payment
X-XRDS-LOCATION
X-Id
Liferay-Portal
Accept-Ch-Lifetime
X-Content-Powered-By
X-Distributor
X-UUID
X-Instance
X-HTML-Minification-Powered-By
X-Tumblr-User
X-Cache-Time
X-FW-Static
X-FW-Type
X-Tumblr-Pixel-2
X-Tumblr-Pixel
X-FW-Serve
X-FW-Hash
X-Acc-Debug-Context
X-Rule
X-Cacheable-TTL
X-FW-Dynamic
X-FW-Server
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Protected-By
Refresh
Surrogate-Key
Content-Disposition
X-Is-Bot
X-Rendered-As
S-Cnection
X-Via-JSL
X-Wix-Request-Id
X-Amz-Replication-Status
X-Cache-Expired-At
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Hyper-Cache
Nel
Section-Io-Cache
Datacenter
X-Backend-Name
X-Sucuri-ID
X-Endurance-Cache-Level
GEO-INFO
Version
X-Cache-Action
X-Ua
X-Ah-Environment
X-Tec-Api-Version
PB-RID
X-Oneagent-Js-Injection
Arc-Version
X-Tec-Api-Root
X-Tec-Api-Origin
PB-PID
X-App-Version
X-Cache-Server
Retry-After
Akamai-Age-Ms
Server-Name
X-Pinterest-Sli-Response-Type
X-Pinterest-Sli-Latency-Threshold
X-Air-Hostname
X-Source
X-Pinterest-Sli-Endpoint-Name
NGB
X-EdgeConnect-Cache-Status
X-Varnish-Server
X-Unique-Id
X-Real-IP
Referer-Policy
Eomportal-Instance
Countrycode
X-Framework
X-Environment-Context
CACHE
X-L-Path
X-RemovedCookies
X-ProcessESI
X-Yottaa-Optimizations
Frame-Options
X-Sucuri-Cache
X-RTag
X-Revision
Ms-Operation-Id
X-Yottaa-Metrics
X-Drupal-Cache-Contexts
X-Esi
X-Cache-Control
X-DynaTrace-JS-Agent
X-Azure-Ref
X-Proxy-Cache-Status
X-WA-Info
Meta-Geo
X-ES-SERVER
X-Cache-Var-Map
X-RN-RSRV
X-Cache-Var
X-Drupal-Cache-Tags
Webserver
X-GeoIP
X-NewRelic-App-Data
X-Mode
X-Ua-Device
X-BYPASS-REASON
X-R9-Blue-Green-Version
X-Cache-Host
X-Xfnlog-Site
DB-Nickname
Cache-Tv-Group
X-ProxyCache-Status
X-Qloud-Router
X-ProxyCache-Key
X-Time-Microsecs
X-Cache-TTL-Remaining
TWC-GeoIP-Country
X-Hl-Ver
X-VWS-Id
X-TNCMS
X-Hosted-By
X-AWS-Id
X-Amzn-Remapped-Content-Length
X-NYM-Debug-Backend
X-Handled-By
X-FW-Version
X-From
X-Cluster
X-Redis-Cache
X-Server-W
X-Status
X-PHP-Host
X-Human
Webcakes-Region
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Connection-Speed
Property-Id
Ec-Rule-Version
Mn-Server-Ip
TWC-Privacy
X-Loop
X-PCL
X-Labrador-Cache-Channel
X-Origin-Hint
X-LJ-Flow-ID
Webcakes-App-Name
X-OCL
Cross-Origin-Window-Policy
Webcakes-App-Version
X-Site-Version
X-Section
X-Routing-Service
X-Detected-As
X-Timing-Wait
X-Be
Selected-Fe
X-Access
X-Zipkin-Id
X-Via-Fastly
X-FB-TRIP-ID
X-ServerID
X-Locale
X-Proxy-Build
X-No-Session
X-Format
X-Proto
X-Proxied
X-PHP-Backend
X-Contextid
Uber-Trace-Id
FSS-Cache
X-Cache-PHP
X-CDN-Forward
X-Debug-Cache
X-Device-Type
X-ATG-Version
X-Generated-By
X-BCube-Filmed-By
X-TIME
X-AIR-PT
X-Adobe-Content
X-Adobe-Loc
X-Ratelimit-Reset
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Flags
X-Is-Crawler
X-Route-Name
X-NC
X-TT
X-Varnish-Cache-Hits
X-CSRF-Token
VIX-Pulpo-Upstream-Status
X-Tt-Trace-Host
Cache
VIX-Pulpo-Node
X-Tt-Trace-Tag
Azure-SlotName
X-Correlation-Id
Azure-RegionName
Azure-InstanceId
Azure-Version
Azure-SiteName
Upgrade-Insecure-Requests
From-Origin
Powered
OT-Force-Account-Verify
Access-Control-Request-Headers
X-Time
X-NCache
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Request-Id
X-JoinUs
CF-Cached-On
X-COUNTRY
X-Origin
X-Oss-Hash-Crc64ecma
X-SaId
X-Varnish-Ttl
X-Akamai-Transformed
X-GoCache-CacheStatus
X-Cache-2
X-FTR-Cache-Host
X-CCM
SD-X-WS
X-UPSTREAM-Address
X-Fastcgi-Cache
X-Adobe-Source
X-Backend-TTL
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-APP-VERSION
X-Backend-Host
X-Storefront-Renderer-Rendered
X-LLID
X-Varnishpool
X-ShardId
X-LAGOON
X-ShopId
X-Alternate-Cache-Key
X-Pubstack
X-ApacheServer
Country
X-Cache-Grace
X-Soup
X-PERF
X-Forwarded-Host
X-Page-View
X-Web-Node
X-SayCDN-TTL
Decoy-Debug-Status
Decoy-Debug-Key
Cache-Status
Fastly-SSL
X-Cluster-Name
X-Say-TTL
X-Say-Cacheable
X-Storage
Decoy-Debug-TTL
X-NWS-UUID-VERIFY
X-ECache
X-G
X-IP
Node
X-TA-CDN-Provider
X-Ruxit-Js-Agent
X-Cache-Enabled
X-TX-ID
X-Viewer-Country
X-Cdn
X-Tumblr-Pixel-3
X-IPS-LoggedIn
X-Cache-Spec
Apple-News-Services-Request-Url
X-ScT
Apple-News-Services-Parsed-Url
X-Processor
DCR-Decision-By
X-PBS-Appsvrname
DCR-Processing-Time-Ms
X-External-Request-Id
X-S-Cookie
Apple-News-Services-Host
X-Rojux
X-Rewrite-Enabled
Xc-Version
X-Request-UUID
X-PAYTM-SRV-ID
Apple-News-Services-Handled
X-Destination
X-S
X-Worker
Host-ID
X-Aed
X-A-Wwc
X-D
X-A-Dgt
X-Connection-Hash
X-Application
X-CF-Lambda-Fn
X-Cache-NE
X-B-Cookie
X-ARC
X-A-Dcw
X-A-Dam
X-Trv-Group
MD5-Digest
Machine
X-CF-Lambda-Version
Meta-Geo-Continent
Mobile-Detection-Method
X-A-Ccd
X-A
Rendered-Blocks
Fastcgi-X-Cache-Version
X-RCS-CacheZone
X-VG-WebCache
X-Vdms-Path
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Bc-Bl
X-Vdms-Version
X-VG-WebServer
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-EC-Lua
X-Cache-Config
X-Clara-WADP
X-Cms-Context
CloudFront-Viewer-Country
X-Platform-Server
CDN-RequestId
CDN-Uid
X-Generation-Time
X-Core-Value
X-DefHash
X-Variation
X-DefElseHash
Platform
X-WADP-Cache
CDN-RequestCountryCode
X-Cache-Debug
Adler-Geo
X-Auto-Login
X-Rebelmouse-Surrogate-Control
X-Varnish-Remaining-TTL
X-Rebelmouse-Cache-Control
X-VG-TLSProxy
CDN-Cache
X-Cache-Bucket
CDN-PullZone
X-Varnish-CookieINHashed-On
CDN-EdgeStorageId
CDN-CachedAt
X-Cache-Backend
X-CUA
Gh-Request-Id
X-Session-Fingerprint
X-Varnish-CookieHashed-On
Fastly-SWR
X-Servername
X-Micro-Cache
X-Envoy-Decorator-Operation
Is-Eu
X-Ms-Version
X-Ms-Request-Id
X-Fmm-Version
X-Fastly-Cache
X-DPWN-IS-SECURE
Fastly-SIE
X-Microcachable
X-GEO
X-ID
X-B3-Spanid
X-UA
Backend
X-Location
X-OVcl
X-Old-Content-Length
C-Via
CacheControlHeader
L
X-VarnishDD-TTL
X-Policy
Wxu-Next-Region
X-EIG-Tracking-Id
X-Platform
Rt-Fastcgi-Cache
Fastly-Backend-Name
Fastly-Drupal-HTML
X-Owner
NM-Fastcgi-Cache
Origin
X-Method
Wxu-Next-Commit
Wxu-Next-Hostname
X-OVcl-Cache
PFcat
X-Cache-Date
X-Esi-Check
SRV
X-Varnish-Cacheable
X-Fastly-Backend
X-Hash
X-Wikidot-Static-Cache
X-HN
X-Is-Gdpr
X-Irp-Debug
X-Has-Esi
X-HS-Content-Campaign-Id
X-Skip-Cache
X-Slack-Backend
X-Generated-On
X-Geo-Header
X-Twitter-Response-Tags
X-Gzip
X-Webstats-RespID
X-Transaction
X-SN
X-Gamma-Serve
X-Wikidot-Backend
X-Thanos
X-LI-UUID
X-Dispatcher-Server
X-Cache-NGX
X-JWT-State
X-Render-Time
X-Cache-Id
X-Backend-State
X-Branch-Name
X-Request-Start
X-Bip
X-Request-Host
X-Li-Fabric
X-Li-Pop
X-Level-Front-Cache
X-Developers
X-Via-CDN
X-Core-Mission
X-Clientip
Akamai-GRN
AKAMAI
X-Hp-Webp
X-Cache-Tags
X-Content-Age
X-Csrf-Jwt
X-CGP
X-Eu-Site
Pagetype
X-Minions-Version
Ha-Gx-Prefs
L5d-Success-Class
X-Reqid
X-Mvc-Supplant-Cachable
HA-Ipaddr
X-CS
X-B3-Traceid
X-Refresh
FSS-Proxy
X-Amz-Meta-Cb-Modifiedtime
Country-Code
X-PF-Uncompressing
UCS
X-DC
X-Accel-Expires-Debug
X-Date
X-Aicache-OS
X-Wa
Surrogated-Key
X-NGENIX-Cache
X-NODE
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Variations-Key
X-Via-Poph
X-Up
X-LB-ID
X-Req
X-Cache-Remote
X-Sql-Duration-Ms
X-Via-Popn
X-Sql-Count
X-Edge-Location
X-RateLimit-Remaining
X-Ftr-Cache-Host
NGX
X-Cdn-Srv
X-Cache-URL
Time
X-Mvc-Supplant-OutputCached
Memcached
Group
X-Presslabs-Stats
Ufe-Result
Mail-Subject
We-Hiring
X-Dc
X-Debug-Cache-Fetch
X-Proxy-Upstream
X-SRV
Now
X-NU-AKA-ACS-Version
Hostname
X-Debug-Cache-Store
HostName
X-Www-Served-By
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
XServer
X-LI-Proto
X-ZONE
X-BC
X-FPC
X-FORWARDED-FOR
X-Servedbyhost
X-Nginx-Cache
X-CACHE-AGE
X-S-Maxage
X-Check-Cacheable
Cache-Hits
X-Varnish-Hostname
X-Via-SSL
X-Via-Edge
X-Agile-Id
Edge-Copy-Time
X-Agile
X-Agile-Age
Protected
On-Server
ServedBy
X-Request-Time
Geoip-Latitude
X-Svr
GeoIp-Country-Code
X-Cdn-Forward
M-TraceId
X-CSRF-TOKEN
X-LiteSpeed-Cache-Control
X-Cs
Xserver
X-NGINX-Cache
X-VCL-Version
T-Server
X-Cluster-Node
X-Pass-Why
SID
X-UnsetCookies
X-HS-Status
X-Via-Popv
X-MP-GENERATED-AT
X-APP
X-Acc-Rdl
Arc-Country
X-CF-Powered-By
X-Datadome
NtCoent-Length
X-Zone
X-Bc
Srv
Cdn-Host
Cdn-Request-Time
Viewtype
X-Srv
X-Erf-Stays-Bingo-Pdp-Web
VivaBuild
N-Cache
Server-Host
X-Edge-Server
Ohc-File-Size
X-Uri
X-Varnish-Hits
WZWS-RAY
Pics-Label
X-Via-Ucdn
X-Action
X-SB
X-VC
X-RunCloud-Cache
Magicmarker
X-We-Are-Hiring
Memory
Processtime
Apigw-Requestid
ProcessTime
X-Dynatrace-Js-Agent
User-Agent
X-RSL
X-RPS
X-RPM
WebServer
W
X-MSEdge-Features
X-MSEdge-Flight
X-Info
Sid
Section-Io-Origin-Status
Section-Io-Id
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-DB
X-DI
WWW-Authenticate
X-DW
X-Oss-Cdn-Auth
X-DSS
LB
Ohc-Cache-HIT
X-TT-LOGID
X-CACHE-KEY
X-Vgn-Hpd-Ssi
CF-IPCountry
Server-Info
DSUID
Cache-Name
X-Newrelic-App-Data
X-UA-Device-Type
Odigeo-Trace-Id
X-SERVER-NAME
X-HOST
Cteonnt-Length
S-Rt
X-Tb
CDN
X-Vcl-Version
User-Cache-Control
Tracecode
X-Origin-Date
X-Hit
X-Dynatrace
X-HITS
X-Geo
Ssr
Geo-Info
X-Unique-ID
X-Cache-Hm
X-Cache-Hfrom
X-Pjax-Url
Amp-Access-Control-Allow-Source-Origin
X-Webkit-CSP-Report-Only
CountryCode
X-Magnolia-Registration
X-Fastly-Country-Code
A
GeoIP-Latitude
X-Akamai-Request-ID2
X-Newrelic-Synthetics
Lfy
GeoIP-Country-Code
Path
Release
Locid
X-Cache-Expires
Sever-Int
X-Block-Status
X-Cache-ASPX
X-Varnish-Url
X-Developer
X-Gdpr
X-Gen-Mode
Server-Hostname
X-FC-Vary-Parameters
SR-User-Adfree
X-Cache-Info
X-Contensis-Viewer-Groups
Server-Ext
X-VServer
X-Cc-Req-Id
X-Cc-Via
Web-Mar-Node
Vix-Hermes-Req-Id
V-Age
D-Cc-Upstream
Thinkindot-CacheControl-Type
True-Client-Country-4JS
X-API-Version
X-BBC-Edge-Cache-Status
Thinkindot-Control
CDCHOST
Instruction
Thinkindot-CacheControl
X-Scheme
X-BBXSRF
X-Epic-Correlation-Id
X-Envoy-Upstream-Healthchecked-Cluster
IsBot
X-Loc
X-Origin-Time
X-Thinkindot-L3
X-Origin-TTL
X-User
X-Origin-CC
X-Nyt-Route
Lb
X-Request-URI
X-Response-By
X-Server-IP
X-SIPLIST1
X-SD-PageType
X-SRCache-Key
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Node-Id
X-Origin-Expires
X-Hnp-Log
X-Varnish-Authentication
X-Matched-Rule
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Nginx-Cache-Key
X-GeoIP-City
X-Provided-By
Pramga
X-NodeID
X-Swa-Ws
X-Cdn-Origin
X-Device-Os
Cache-Host
MIME-Version
Server-ID
X-Sn-Servicetimems
X-Fetched-On
X-Trace-Id
Cdn
X-Generated-In
X-Var-Ttl
X-Li-Proto
X-Via-NSCOPI
Accept-Language
X-Fpc
X-Nc
X-Azure-Ref-OriginShield
X-ServedByHost
X-Traceid
X-Cache-Tag
X-ORACLE-APMCS-REQUEST-ID
Actual-Object-TTL
X-StackifyID
Esi-Enabled
X-Amzn-Remapped-Date
X-Instart-Request-ID
X-Men
X-Amzn-Remapped-Connection
FNAC-ModuleRouting
X-Vcache
Cf-Device-Type
X-Sigma-Backend
X-Rocket-Build-Number
X-Sigma
Server-Ttl
Cache-Key
X-Key
X-Served-From
X-TH-Server
X-Lb-Id
X-Akamai-Pragma-Client-IP
Kp-EeAlive
Source
X-Mobile-Rewrite
X-WA
X-Via-PopH
Cache-Provider
X-Via-PopN
X-Parent-Response-Time
X-Via-PopV
X-No-Cache
X-Origin-Response-Time
X-Batcache
X-Instart-Info
Req-Svc-Chain
Content-Script-Type
X-MiniProfiler-Ids
Expiry
Content-Style-Type
X-Dispatch
X-RateLimit-Limit-Second
X-Agile-Brick-Ok
Origin-Edge-Control
Proxy-Firewall
X-ServiceProvider
X-Geo-Region
X-VC-Cache
Origin-Cache-Control
X-RateLimit-Remaining-Second
X-Tt-Logid
X-ElasticPress-Query
X-Yottaa-OS
X-B3-SpanId
Tcn
X-BBC-Origin-Response-Status
X-Apw-Access-Object
X-Varnish-Beresp-TTL
Cf-Alt-Svc
X-Apw-Hits
PICS-Label
X-Apw-Access-Action
Powered-By
X-RAMCache
Mime-Version
HitType
X-B3-Parentspanid
X-Request-URL
X-HostName
X-RateLimit-Limit
Who
Url
X-PJAX-URL
X-Apw-Access-Token
Location
Inserted-Into-Cache-At
X-Selected-Host-Header
X-Selected-Scheme
X-Selected-Name
X-Akamai-Request-ID
X-Request-Url
X-TraceId
Xkeyi7
X-Proxy-Cachei7
X-Miniprofiler-Ids
EpKe-Alive
Server-Id
NnCoection
Vha6-Origin
X-Vgn-Hpd-Reason
Pragrma
Resin-Trace
X-Dw-Trace-Id
X-C
Xet-Cookie
Dnion-Transfer-Encoding
X-LiteSpeed-Tag
Fastcgi-Cache-TTL
X-Pf-Uncompressing
X-Snapshot-Date