Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
CF-RAY
Via
Age
X-XSS-Protection
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-Served-By
CF-Ray
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
P3p
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Template
X-Language
X-Backend
X-Cache-Group
X-Hacker
X-Amz-Request-Id
X-Server
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
X-UA-Device
EagleId
X-Dns-Prefetch-Control
X-Proxy-Cache
Request-Context
X-Turbo-Charged-By
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Grace
Host-Header
Report-To
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Buckets
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-Vhost
X-WebKit-CSP
X-Host
X-Backend-Server
NEL
X-Dispatcher
X-Device
X-Server-Id
X-Node
Surrogate-Control
X-Ruxit-JS-Agent
Accept-CH-Lifetime
Content-Location
Request-Id
X-Response-Time
Accept-CH
X-Cache-Lookup
X-Akam-SW-Version
X-Origin-Cache
EagleEye-TraceId
X-Ac
Cf-Bgj
X-ASPNET-VERSION
X-Readtime
Rating
X-HW
X-Mod-Pagespeed
Allow
X-Cloud-Trace-Context
X-Country
X-Application-Context
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Edge-Control
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DataDome
X-Country-Code
X-PC
X-TtlSet
X-Vname
X-Cnection
X-Varnish-TTL
X-MS-InvokeApp
X-Origin-Upstream-Status
X-Content-Type
X-GitHub-Request-Id
X-Clacks-Overhead
X-D2id
Fusion-Source
Fusion-Content-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Deployment-Id
X-Trace
X-Url
Pagespeed
Response
X-Middleton-Display
X-Middleton-Response
Display
X-Sol
Pinterest-Version
X-Pinterest-Rid
X-Abt-Application-Version
X-Server-Name
X-Vcap-Request-Id
X-B3-TraceId
X-Px
X-CST
X-Rack-Cache
X-Navigation-Version
MS-Author-Via
Verso
Service-Worker-Allowed
X-FTR-Request-ID
X-DynaTrace
X-FastCGI-Cache
X-Fastly-Request-ID
X-Cached
X-Client-IP
X-Element-Page-Cache
Arr-Disable-Session-Affinity
X-TTL
X-Cache-TTL
X-Webkit-CSP
X-Dw-Request-Base-Id
X-ESI
X-Powered-By-Plesk
X-SharePointHealthScore
SPRequestGuid
X-Upstream
X-VARITI-CCR
Fastly-Restarts
X-Use-Magma
AR-CACHE
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-NF-Request-ID
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
AR-PoweredBy
X-Goog-Hash
AR-Request-ID
AR-ATIME
Ar-Sid
X-Debug
Content-MD5
X-Version
X-Forwarded-Proto
X-MSEdge-Ref
X-T
X-Powered-CMS
X-XRDS-Location
Access-Control-Request-Method
X-Jurisdiction
SPRequestDuration
SPIisLatency
X-Pinterest-Direct
X-Release
X-Amz-Rid
S
X-Content-Digest
X-Edge
TP-Cache
TP-L2-Cache
TCN
RTSS
Cache-Tag
X-Ttl
Public-Key-Pins
X-Ezoic-Cdn
X-Litespeed-Cache
X-Node-Name
X-Cache-Key
X-Yandex-Sdch-Disable
X-Mid
Fastcgi-Cache
X-MCACHE
X-Request-Processing-Time
X-Request-Received
Server-Node
Front-End-Https
Accept-Ch
X-NWS-LOG-UUID
X-Amzn-Trace-Id
X-Accel-Expires
X-Recruiting
X-Ser
X-Kinsta-Cache
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Mg-S
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Amz-Server-Side-Encryption
X-Request-Handler-Origin-Region
X-PressLabs-Stats
X-Microsite
ServerID
X-Logged-In
X-Origin-Server
X-Grace
X-Ratelimit-Remaining
Accept-Charset
X-Cache-Hit
X-Page-Id
X-HP-Webp
X-Varnish-Age
Host
X-Content-Security-Policy-Report-Only
X-ECACHE
X-DIS-Request-ID
Nginx-Cache
X-B
X-Shield-Request-Id
Edge-Cache-Tag
MicrosoftSharePointTeamServices
X-Hostname
X-Mobile-URL
Alternate-Protocol
X-Hits
X-Server-ID
X-F-Cache
X-Ratelimit-Limit
Realpath
X-LB-Cache
X-Git-Hash
X-Content-Options
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Realm
X-AppVersion
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-Az
X-Activity-Id
X-FTR-DC
X-N
X-FTR-Expires
Cache-Tags
X-Load-Cache
X-Type
X-Correlation-ID
X-Seen-By
X-Request-Guid
X-Jobs
Paypal-Debug-Id
X-Cache-Age
X-App-Environment
X-Varnish-Backend
DynaTrace
X-Rid
Cleartype
X-Cached-By
Powered-By-ChinaCache
X-FireWall-Port
Fastcgi-Useragent
X-Upgrade-Enabled
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-TEC-API-ROOT
X-TEC-API-VERSION
Filterid
X-TEC-API-ORIGIN
X-WebKit-CSP-Report-Only
Access-Control-Allow-Method
X-Amz-Meta-S3cmd-Attrs
X-Proxy
X-Zen-Fury
X-Respond-Thread
X-Forwarded-For
X-Varnish-Grace
X-Akamai-Edgescape
X-FB-Debug
X-GUploader-UploadID
X-Daa-Tunnel
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-B3-Sampled
X-App-Server
DC
X-IPLB-Instance
AMP-Access-Control-Allow-Source-Origin
X-Signature
X-B-Cache
X-Host-Name
X-Cache-Rule
X-Cache-Operation
X-Debug-Info
X-AOL-HN
X-Geo-Country
MS-CV
X-Region
X-Whom
X-User-Agent
Healthy
X-Response-Served-From
X-Accel-Buffering
X-Original-Request-Id
Charset
X-Mobile
X-Frontend
X-Content-Powered-By
X-VCache
Payment
X-HTML-Minification-Powered-By
Content-Disposition
Filters
X-URL
X-Esi
X-Instance
X-UUID
X-FW-Server
X-Distributor
X-FW-Type
X-Cacheable-TTL
X-FW-Serve
X-Rule
X-Id
X-Cache-Time
X-FW-Static
X-FW-Hash
X-FW-Dynamic
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Wix-Request-Id
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-2
Liferay-Portal
Accept-Ch-Lifetime
Refresh
Surrogate-Key
Viewport
X-Is-Bot
X-Protected-By
X-Rendered-As
X-Acc-Debug-Context
X-Amz-Apigw-Id
X-Via-JSL
X-Amzn-RequestId
S-Cnection
X-Ua
X-Endurance-Cache-Level
X-App-Version
Datacenter
X-Backend-Name
Akamai-Age-Ms
X-Amz-Replication-Status
X-Cache-Expired-At
X-Hyper-Cache
GEO-INFO
Arc-Version
PB-RID
PB-PID
X-XRDS-LOCATION
Nel
X-Cache-Server
NGB
Section-Io-Cache
X-Cache-Action
X-Ah-Environment
Version
Retry-After
X-Tec-Api-Origin
X-Tec-Api-Version
X-Oneagent-Js-Injection
X-Tec-Api-Root
X-Varnish-Server
X-Sucuri-ID
X-Source
X-Unique-Id
Countrycode
Server-Name
X-Air-Hostname
Referer-Policy
X-EdgeConnect-Cache-Status
Eomportal-Instance
X-Framework
X-ProcessESI
X-Environment-Context
X-RemovedCookies
X-Real-IP
X-L-Path
Frame-Options
X-Yottaa-Optimizations
X-Revision
X-WA-Info
X-Yottaa-Metrics
X-Azure-Ref
X-Cache-Control
X-Proxy-Cache-Status
Ms-Operation-Id
CACHE
X-RTag
X-RN-RSRV
X-ES-SERVER
X-Cache-Var-Map
X-Cache-Var
X-GeoIP
Meta-Geo
X-Drupal-Cache-Contexts
X-PHP-Backend
X-Mode
X-Sucuri-Cache
X-From
DB-Nickname
X-Cache-TTL-Remaining
X-Cache-Host
X-Xfnlog-Site
X-R9-Blue-Green-Version
X-Time-Microsecs
X-Qloud-Router
X-ProxyCache-Status
X-ProxyCache-Key
Cache-Tv-Group
X-BYPASS-REASON
X-NewRelic-App-Data
X-DynaTrace-JS-Agent
X-CDN-Forward
X-Hosted-By
X-Handled-By
X-Cluster
X-Human
X-FW-Version
X-Loop
X-Origin-Hint
X-PCL
X-OCL
X-NYM-Debug-Backend
X-AWS-Id
X-LJ-Flow-ID
Webcakes-Region
TWC-Connection-Speed
TWC-Device-Class
Property-Id
Mn-Server-Ip
Cross-Origin-Window-Policy
Ec-Rule-Version
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Webcakes-App-Version
X-PHP-Host
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
X-Amzn-Remapped-Content-Length
X-Labrador-Cache-Channel
X-TNCMS
X-Status
X-Server-W
X-VWS-Id
X-ServerID
X-Proxy-Build
X-Detected-As
X-Section
X-COUNTRY
X-Proxied
X-FB-TRIP-ID
X-Format
X-Access
X-Be
X-Routing-Service
X-Site-Version
Selected-Fe
X-Redis-Cache
X-Locale
X-Hl-Ver
X-Zipkin-Id
X-Proto
X-Drupal-Cache-Tags
X-Timing-Wait
Uber-Trace-Id
X-No-Session
X-Via-Fastly
X-Pinterest-Sli-Latency-Threshold
X-Contextid
X-Debug-Cache
X-Pinterest-Sli-Response-Type
X-Pinterest-Sli-Endpoint-Name
X-Device-Type
X-Cache-PHP
X-Ratelimit-Reset
Webserver
X-BCube-Filmed-By
X-ATG-Version
X-Generated-By
FSS-Cache
Powered
X-NC
X-FTR-Cache-Host
X-Adobe-Loc
X-TIME
X-Adobe-Content
X-Varnish-Cache-Hits
From-Origin
X-AIR-PT
X-CSRF-Token
X-Time
X-Fastcgi-Cache
X-JoinUs
X-SaId
VIX-Pulpo-Upstream-Status
Azure-Version
CF-Cached-On
Cache
VIX-Pulpo-Node
X-NCache
Azure-SlotName
X-TT
Azure-RegionName
Azure-SiteName
Azure-InstanceId
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Tt-Trace-Tag
X-Origin
OT-Force-Account-Verify
X-Oss-Storage-Class
X-Tt-Trace-Host
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Route-Name
X-Flags
X-Providence-Cookie
X-Correlation-Id
X-GoCache-CacheStatus
Upgrade-Insecure-Requests
Access-Control-Request-Headers
X-Akamai-Transformed
X-Hp-Webp
X-Cache-2
X-CCM
SD-X-WS
X-NWS-UUID-VERIFY
X-Adobe-Source
X-Backend-TTL
X-IP
X-Backend-Host
X-Sorting-Hat-ShopId
X-LAGOON
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
X-ShopId
X-ShardId
X-IPS-LoggedIn
X-Shopify-Stage
X-Soup
X-ApacheServer
X-Cache-Enabled
X-PERF
X-Forwarded-Host
X-Cache-Grace
X-Pubstack
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
Fastly-SSL
X-Storage
Cache-Status
X-Cluster-Name
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
X-TA-CDN-Provider
X-Varnishpool
X-UPSTREAM-Address
X-Web-Node
X-Tumblr-Pixel-3
X-ECache
X-APP-VERSION
Country
Node
X-EC-Lua
X-TX-ID
X-Bc-Bl
X-G
X-Viewer-Country
X-Ruxit-Js-Agent
X-CF-Lambda-Fn
Apple-News-Services-Host
X-CF-Lambda-Version
X-D
DCR-Decision-By
X-Cache-NE
X-Destination
Fastcgi-X-Cache-Version
Host-ID
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Connection-Hash
X-A-Dgt
Mobile-Detection-Method
X-A-Dcw
Rendered-Blocks
X-A-Dam
X-A-Ccd
X-A
X-A-Wwc
X-Aed
Machine
Apple-News-Services-Handled
MD5-Digest
Meta-Geo-Continent
X-Application
X-ARC
X-B-Cookie
X-External-Request-Id
DCR-Processing-Time-Ms
X-Vdms-Version
X-Trv-Group
X-EIG-Tracking-Id
X-VG-WebCache
X-VG-WebServer
X-Worker
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-ScT
X-PAYTM-SRV-ID
X-Rewrite-Enabled
X-Request-UUID
X-RCS-CacheZone
X-Processor
X-Rojux
X-S
X-PBS-Appsvrname
X-Cache-Backend
X-S-Cookie
Xc-Version
X-Vdms-Path
X-Cdn
X-Cache-Config
X-Servername
X-Varnish-Beresp-Status
X-DPWN-IS-SECURE
X-Varnish-Beresp-Ttl
Platform
X-DefHash
X-Envoy-Decorator-Operation
X-Twitter-Response-Tags
X-Varnish-Remaining-TTL
X-Fmm-Version
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Variation
X-Page-View
X-Generation-Time
Adler-Geo
CDN-RequestCountryCode
CDN-PullZone
Fastly-SIE
CDN-RequestId
CDN-Uid
X-Platform-Server
CloudFront-Viewer-Country
CDN-EdgeStorageId
CDN-CachedAt
X-Fastly-Cache
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
Is-Eu
Gh-Request-Id
CDN-Cache
Fastly-SWR
X-Ms-Version
X-Transaction
X-Ms-Request-Id
X-Auto-Login
X-Clara-WADP
X-WADP-Cache
X-Cache-Bucket
X-CUA
X-Cms-Context
X-DefElseHash
X-VG-TLSProxy
X-Varnish-Beresp-Grace
X-Micro-Cache
Backend
X-JWT-State
L
X-Backend-State
X-Request-Host
X-Bip
X-Fastly-Backend
X-Request-Start
X-Render-Time
X-Webstats-RespID
X-Clientip
Fastly-Drupal-HTML
Fastly-Backend-Name
X-Core-Value
X-Policy
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Is-Gdpr
X-Cache-Id
NM-Fastcgi-Cache
X-Cache-NGX
X-Microcachable
X-Li-Pop
X-Thanos
X-Core-Mission
X-SN
X-OVcl-Cache
X-Slack-Backend
X-HS-Content-Campaign-Id
X-Hash
X-OVcl
X-Old-Content-Length
X-Minions-Version
X-Varnish-Cacheable
X-Has-Esi
X-Amz-Meta-Cb-Modifiedtime
X-Skip-Cache
X-Owner
Rt-Fastcgi-Cache
Wxu-Next-Commit
X-Esi-Check
X-Li-Fabric
Origin
Wxu-Next-Hostname
X-LI-UUID
X-Developers
X-Irp-Debug
X-Dispatcher-Server
X-Method
X-Platform
X-Gzip
Wxu-Next-Region
X-CS
C-Via
CacheControlHeader
Akamai-GRN
Country-Code
AKAMAI
X-DC
X-FORWARDED-FOR
X-LLID
X-UA
X-Generated-On
X-Geo-Header
X-Level-Front-Cache
X-Branch-Name
X-HN
X-Cache-Date
X-CGP
X-Content-Age
X-Csrf-Jwt
X-Location
X-Mvc-Supplant-Cachable
X-VarnishDD-TTL
X-ID
PFcat
X-Cache-Tags
X-Session-Fingerprint
SRV
X-Varnish-Ttl
X-Reqid
X-Cache-Debug
X-Eu-Site
HA-Ipaddr
X-Gamma-Serve
Ha-Gx-Prefs
L5d-Success-Class
X-Vgn-Hpd-Variations-Key
X-B3-Spanid
X-Vgn-Hpd-Cached
X-Accel-Expires-Debug
Surrogated-Key
X-Wa
X-Presslabs-Stats
UCS
X-Date
Pagetype
X-GEO
X-NGENIX-Cache
X-Edge-Location
FSS-Proxy
X-Refresh
X-Up
X-Via-CDN
X-Req
X-LB-ID
Time
X-Via-Popn
X-PF-Uncompressing
Ufe-Result
Now
Hostname
X-Via-Poph
X-Cache-URL
We-Hiring
Memcached
Mail-Subject
Group
X-Cdn-Srv
X-NODE
X-Proxy-Upstream
X-Mvc-Supplant-OutputCached
X-Aicache-OS
X-B3-Traceid
NGX
X-Servedbyhost
X-RateLimit-Remaining
X-LI-Proto
X-Nginx-Cache
X-Sql-Count
X-Sql-Duration-Ms
X-Debug-Cache-Fetch
X-Agile-Age
X-Cache-Spec
X-Agile
X-Debug-Cache-Store
X-SRV
X-ZONE
X-BC
X-Agile-Id
X-Cache-Remote
X-Ftr-Cache-Host
X-Datadome
X-NU-AKA-ACS-Version
X-FPC
X-Varnish-Hostname
XServer
X-Ua-Device
X-CACHE-AGE
X-Check-Cacheable
HostName
X-Dc
X-Www-Served-By
M-TraceId
X-Request-Time
X-SERVER
X-CSRF-TOKEN
X-Via-Edge
X-Via-SSL
X-LiteSpeed-Cache-Control
Cache-Hits
Edge-Copy-Time
X-VCL-Version
X-S-Maxage
SID
X-Erf-Stays-Bingo-Pdp-Web
Arc-Country
X-SERVER-NAME
Geoip-Latitude
GeoIp-Country-Code
ServedBy
X-Cluster-Node
X-Svr
On-Server
Xserver
Cdn-Request-Time
X-APP
Viewtype
X-Edge-Server
X-Bc
WebServer
VivaBuild
X-MP-GENERATED-AT
Cdn-Host
NtCoent-Length
X-CF-Powered-By
X-Zone
X-Via-Popv
Protected
X-UnsetCookies
X-Dynatrace-Js-Agent
ProcessTime
X-RunCloud-Cache
T-Server
X-HS-Status
X-Action
X-Cs
X-Via-Ucdn
X-Cdn-Forward
X-Pass-Why
X-NGINX-Cache
Srv
Ohc-File-Size
X-Srv
X-RPM
X-RSL
X-RPS
WWW-Authenticate
X-DSS
X-Oss-Cdn-Auth
Memory
Apigw-Requestid
X-DW
X-DB
X-DI
X-We-Are-Hiring
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Acc-Rdl
Server-Host
N-Cache
X-Vgn-Hpd-Ssi
Pics-Label
X-Varnish-Hits
User-Agent
Server-Info
X-SB
X-VC
X-Newrelic-App-Data
CF-IPCountry
X-MSEdge-Features
Magicmarker
Processtime
W
X-Uri
X-MSEdge-Flight
X-Instart-Request-ID
WZWS-RAY
LB
X-Geo
X-Tb
X-Info
S-Rt
Sid
CDN
X-HOST
X-Hit
X-Vcache
Ohc-Cache-HIT
Cteonnt-Length
X-Akamai-Request-ID2
GeoIP-Country-Code
GeoIP-Latitude
X-TT-LOGID
DSUID
Section-Io-Id
Actual-Object-TTL
Odigeo-Trace-Id
X-Newrelic-Synthetics
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-HITS
Section-Io-Origin-Status
X-ORACLE-APMCS-REQUEST-ID
X-Cache-Hm
Tracecode
X-Vcl-Version
Cache-Name
X-UA-Device-Type
X-Pjax-Url
X-Envoy-Upstream-Healthchecked-Cluster
X-Epic-Correlation-Id
Geo-Info
X-Unique-ID
User-Cache-Control
X-Cache-Hfrom
Amp-Access-Control-Allow-Source-Origin
X-Webkit-CSP-Report-Only
CountryCode
A
Ssr
X-Origin-Date
Accept-Language
X-Fastly-Country-Code
X-CACHE-KEY
Lb
X-Magnolia-Registration
Lfy
Cdn
X-Fpc
X-FC-Vary-Parameters
Esi-Enabled
X-Provided-By
X-Mobile-Rewrite
Sever-Int
Server-ID
Server-Ext
Release
SR-User-Adfree
Server-Hostname
Thinkindot-CacheControl
Vix-Hermes-Req-Id
Web-Mar-Node
V-Age
True-Client-Country-4JS
Thinkindot-CacheControl-Type
Thinkindot-Control
Path
MIME-Version
X-Men
X-Varnish-Url
X-Cc-Via
X-Cc-Req-Id
D-Cc-Upstream
X-VServer
X-Amzn-Remapped-Date
X-Varnish-Authentication
IsBot
Locid
Instruction
FNAC-ModuleRouting
X-User
CDCHOST
X-API-Version
X-BBXSRF
X-Origin-CC
X-SVT-ORM-RULES
X-Nyt-Route
X-Node-Id
X-Matched-Rule
X-Nginx-Cache-Key
X-Origin-Expires
X-Origin-Time
X-Request-URI
X-Response-By
X-Server-IP
X-Origin-TTL
X-SRCache-Key
X-SIPLIST1
X-Loc
X-Hnp-Log
X-Traceid
X-Cache-Info
X-Cache-Expires
X-Cache-ASPX
X-SD-PageType
X-Block-Status
X-Thinkindot-L3
X-SVT-ORM-VERSION
X-GeoIP-City
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Gen-Mode
X-Gdpr
X-Contensis-Viewer-Groups
X-Developer
X-BBC-Edge-Cache-Status
X-Scheme
X-Key
X-Via-NSCOPI
X-Nc
X-Amzn-Remapped-Connection
X-Generated-In
X-Device-Os
X-ServedByHost
X-Azure-Ref-OriginShield
X-Cdn-Origin
X-NodeID
X-Trace-Id
X-Var-Ttl
X-Swa-Ws
X-Sn-Servicetimems
X-Li-Proto
X-StackifyID
Pramga
X-Fetched-On
Kp-EeAlive
Cache-Host
X-Cache-Tag
X-Dynatrace
Cache-Key
X-Dispatch
X-Sigma-Backend
X-Sigma
X-Akamai-Pragma-Client-IP
X-Geo-Region
Proxy-Firewall
X-Instart-Info
Origin-Cache-Control
X-Rocket-Build-Number
Origin-Edge-Control
X-TH-Server
Server-Ttl
X-Served-From
X-B3-SpanId
Source
X-RAMCache
Cf-Device-Type
X-Lb-Id
X-Via-PopV
Powered-By
X-Via-PopH
X-Via-PopN
Cache-Provider
X-Parent-Response-Time
X-No-Cache
X-LiteSpeed-Tag
X-RateLimit-Remaining-Second
X-Apw-Access-Action
X-ServiceProvider
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Hits
X-VC-Cache
HitType
X-Batcache
X-RateLimit-Limit-Second
Fastcgi-Cache-TTL
X-Agile-Brick-Ok
X-Tt-Logid
X-WA
X-ElasticPress-Query
Tcn
Xet-Cookie
X-Pf-Uncompressing
Cf-Alt-Svc
X-PJAX-URL
X-Request-URL
Req-Svc-Chain
Expiry
X-Origin-Response-Time
Content-Style-Type
Content-Script-Type
X-Varnish-Beresp-TTL
Who
X-HostName
X-TrackingId
X-Generated
BehaviorPad-Version
X-MiniProfiler-Ids
X-RateLimit-Limit
X-Yottaa-OS
X-Selected-Host-Header
X-Selected-Scheme
X-Selected-Name
X-B3-Parentspanid
X-Snapshot-Date
Mime-Version
X-Vgn-Hpd-Reason
Dnion-Transfer-Encoding
X-C
X-Dw-Trace-Id
Inserted-Into-Cache-At
PICS-Label
Pragrma
Vha6-Origin
Resin-Trace
X-BBC-Origin-Response-Status