Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
CF-RAY
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-UA-Compatible
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-Served-By
CF-Ray
X-Xss-Protection
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-DNS-Prefetch-Control
P3p
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
Upgrade
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
Keep-Alive
X-Template
X-Via
X-Language
X-Ws-Request-Id
Feature-Policy
X-Age
X-Dns-Prefetch-Control
X-Backend
X-Cache-Group
X-Hacker
X-Server
X-Amz-Request-Id
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
X-UA-Device
EagleId
X-Proxy-Cache
Request-Context
X-Turbo-Charged-By
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Host-Header
Grace
X-Buckets
Report-To
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Vhost
X-Amz-Version-Id
Cf-Bgj
X-WebKit-CSP
X-Host
X-Dispatcher
X-Backend-Server
X-Device
NEL
X-Node
Surrogate-Control
X-Ruxit-JS-Agent
X-Cache-Lookup
X-Server-Id
Content-Location
X-Response-Time
Request-Id
X-Origin-Cache
X-Akam-SW-Version
Accept-CH-Lifetime
X-Ac
X-ASPNET-VERSION
EagleEye-TraceId
X-Ua-Compatible
X-Country
Accept-CH
X-HW
X-Mod-Pagespeed
Rating
X-Readtime
X-Cloud-Trace-Context
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Application-Context
Pinterest-Generated-By
Edge-Control
Allow
X-Country-Code
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-TtlSet
X-PC
X-Vname
X-DataDome
X-Url
X-Varnish-TTL
X-Cnection
X-Origin-Upstream-Status
X-MS-InvokeApp
X-GitHub-Request-Id
Fusion-Component-Id
Fusion-Content-Id
X-Content-Type
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
Fusion-Deployment-Id
X-D2id
X-Clacks-Overhead
X-Trace
X-ESI
X-Abt-Application-Version
X-Server-Name
Display
Pinterest-Version
X-Pinterest-Rid
Response
Pagespeed
X-Middleton-Display
X-Sol
X-Middleton-Response
X-Vcap-Request-Id
X-Px
X-Navigation-Version
X-FTR-Request-ID
X-Rack-Cache
Verso
X-DynaTrace
X-Cached
Service-Worker-Allowed
X-Webkit-CSP
MS-Author-Via
X-Element-Page-Cache
X-Fastly-Request-ID
X-B3-TraceId
X-Client-IP
Arr-Disable-Session-Affinity
X-Cache-TTL
X-Dw-Request-Base-Id
X-Powered-By-Plesk
X-TTL
X-Upstream
Content-MD5
X-Version
AR-ATIME
AR-PoweredBy
X-SharePointHealthScore
SPRequestGuid
AR-CACHE
AR-Request-ID
X-Forwarded-Proto
Ar-Sid
X-FastCGI-Cache
Fastly-Restarts
X-NF-Request-ID
X-Debug
X-CST
X-VARITI-CCR
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja
X-Kinja-Revision
X-Exp-Id
X-Use-Magma
X-Kinja-Build
X-Kinja-Server
X-Cdn-Fetch
Accept-Ch
X-T
X-Goog-Hash
X-Jurisdiction
X-XRDS-Location
Access-Control-Request-Method
X-Powered-CMS
X-MSEdge-Ref
TP-Cache
TP-L2-Cache
X-Release
X-Content-Digest
X-Edge
S
SPRequestDuration
SPIisLatency
TCN
X-Amz-Rid
X-Ttl
X-Pinterest-Direct
RTSS
X-NWS-LOG-UUID
Cache-Tag
X-Server-ID
X-PressLabs-Stats
Public-Key-Pins
X-Ezoic-Cdn
X-Node-Name
Fastcgi-Cache
X-Yandex-Sdch-Disable
X-Request-Received
X-Request-Processing-Time
X-Cache-Key
X-MCACHE
X-Mid
Server-Node
X-Accel-Expires
Front-End-Https
X-Amzn-Trace-Id
X-Logged-In
X-Ratelimit-Remaining
X-Ser
X-Microsite
X-Kinsta-Cache
X-Recruiting
X-Request-Handler-Origin-Region
X-Cache-Hit
ServerID
X-Origin-Server
X-Page-Id
Accept-Charset
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Host
X-Mg-S
Alternate-Protocol
X-B
Accept-Ch-Lifetime
X-Varnish-Age
X-Content-Security-Policy-Report-Only
X-Grace
X-ECACHE
X-Mobile-URL
X-Shield-Request-Id
X-Forwarded-For
Nginx-Cache
X-Hostname
X-DIS-Request-ID
X-Amz-Server-Side-Encryption
X-Ratelimit-Limit
Edge-Cache-Tag
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Backend
X-FTR-Realm
Filterid
X-FTR-DC
X-FTR-Cache-Status
X-FireWall-Port
X-FTR-Expires
Realpath
X-HP-Webp
X-Content-Options
X-Seen-By
X-Hits
X-Load-Cache
X-F-Cache
X-Git-Hash
X-LB-Cache
X-Activity-Id
X-Az
X-AppVersion
X-Jobs
X-N
X-App-Environment
X-Request-Guid
MicrosoftSharePointTeamServices
X-Type
X-Varnish-Backend
X-Rid
Paypal-Debug-Id
Fastcgi-Useragent
X-Varnish-Grace
X-Daa-Tunnel
Cache-Tags
X-Zen-Fury
X-WebKit-CSP-Report-Only
DynaTrace
X-TEC-API-ORIGIN
Cleartype
X-Proxy
X-Upgrade-Enabled
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Litespeed-Cache
Access-Control-Allow-Method
X-Cached-By
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-FB-Debug
X-Akamai-Edgescape
X-App-Server
X-Id
X-Cache-Age
Powered-By-ChinaCache
X-Amz-Meta-S3cmd-Attrs
X-Geo-Country
DC
X-Cache-Rule
X-Cache-Operation
Content-Disposition
X-Content-Powered-By
X-Correlation-ID
X-Host-Name
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-Respond-Thread
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Generation
X-GUploader-UploadID
X-HS-Combine-CSS
X-User-Agent
X-IPLB-Instance
X-B3-Sampled
X-Original-Request-Id
X-Response-Served-From
X-Wix-Request-Id
X-AOL-HN
X-B-Cache
X-Accel-Buffering
X-Signature
X-Debug-Info
X-Whom
MS-CV
Healthy
X-Region
AMP-Access-Control-Allow-Source-Origin
Akamai-Age-Ms
Payment
X-HTML-Minification-Powered-By
X-Is-Bot
X-FW-Dynamic
X-UUID
X-FW-Server
X-FW-Type
X-FW-Static
X-Frontend
X-Rendered-As
X-Rule
X-Distributor
X-FW-Hash
X-Cacheable-TTL
X-Ua
X-FW-Serve
X-VCache
X-Mobile
X-Instance
X-Cache-Time
X-Endurance-Cache-Level
NGB
Refresh
Datacenter
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-2
X-Amzn-RequestId
X-Amz-Apigw-Id
Surrogate-Key
X-Via-JSL
Countrycode
X-Protected-By
X-XRDS-LOCATION
S-Cnection
X-App-Version
Nel
X-Acc-Debug-Context
Filters
Viewport
Liferay-Portal
PB-RID
Arc-Version
PB-PID
X-Varnish-Server
X-Backend-Name
Charset
X-Ah-Environment
X-Hyper-Cache
X-Tec-Api-Root
X-Tec-Api-Origin
X-Oneagent-Js-Injection
X-Tec-Api-Version
X-Cache-Expired-At
X-PHP-Backend
X-Cache-Server
X-Azure-Ref
Section-Io-Cache
X-NewRelic-App-Data
Retry-After
X-Amz-Replication-Status
X-Cache-Action
X-Fastcgi-Cache
Referer-Policy
X-WA-Info
X-Sucuri-ID
X-Source
X-Proxy-Cache-Status
X-EdgeConnect-Cache-Status
X-Cache-Control
Version
GEO-INFO
Eomportal-Instance
Powered
X-RemovedCookies
X-ProcessESI
X-L-Path
X-Real-IP
X-Environment-Context
X-Framework
X-Yottaa-Metrics
Meta-Geo
X-RN-RSRV
X-DynaTrace-JS-Agent
X-Cache-Var-Map
X-ES-SERVER
X-Yottaa-Optimizations
X-Cache-Var
X-Unique-Id
X-Time
Ms-Operation-Id
X-RTag
X-Revision
X-GeoIP
X-From
Frame-Options
X-Mode
X-Air-Hostname
X-ProxyCache-Key
X-Cache-Host
X-Cache-TTL-Remaining
X-ProxyCache-Status
X-BYPASS-REASON
X-Xfnlog-Site
X-R9-Blue-Green-Version
X-Time-Microsecs
X-Qloud-Router
X-Correlation-Id
Uber-Trace-Id
X-FW-Version
Ec-Rule-Version
Mn-Server-Ip
X-OCL
X-PCL
X-PHP-Host
DB-Nickname
Cross-Origin-Window-Policy
Cache-Tv-Group
X-Server-W
X-TNCMS
X-Human
X-Hosted-By
X-Cluster
X-VWS-Id
X-Labrador-Cache-Channel
X-Loop
X-LJ-Flow-ID
X-Debug-Cache
X-AWS-Id
X-FB-TRIP-ID
Server-Name
X-Hp-Webp
Webcakes-App-Version
Webcakes-App-Name
X-Amzn-Remapped-Content-Length
TWC-Privacy
Webcakes-Region
TWC-Locale-Group
TWC-Connection-Speed
Property-Id
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Detected-As
X-Hl-Ver
X-Redis-Cache
X-Proxy-Build
X-Routing-Service
X-Site-Version
X-Timing-Wait
X-Proxied
X-Origin-Hint
X-Locale
X-Status
X-NYM-Debug-Backend
X-Zipkin-Id
X-Handled-By
Selected-Fe
X-CSRF-Token
X-Drupal-Cache-Contexts
X-BCube-Filmed-By
X-Be
X-Device-Type
X-Generated-By
X-Format
X-Via-Fastly
X-Proto
X-Section
X-ServerID
X-Ratelimit-Reset
X-Access
X-Sucuri-Cache
Cache
FSS-Cache
X-Cache-PHP
X-No-Session
X-ATG-Version
X-SaId
X-JoinUs
X-FTR-Cache-Host
X-Drupal-Cache-Tags
X-Contextid
From-Origin
Webserver
X-Varnish-Cache-Hits
X-CDN-Forward
X-URL
X-NCache
X-Origin
CF-Cached-On
X-NWS-UUID-VERIFY
OT-Force-Account-Verify
X-Adobe-Loc
X-Adobe-Content
X-NC
CACHE
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-AIR-PT
X-GoCache-CacheStatus
X-TA-CDN-Provider
X-IPS-LoggedIn
Azure-SiteName
Azure-SlotName
X-TT
Azure-Version
Azure-InstanceId
X-Tt-Trace-Host
Azure-RegionName
X-Tt-Trace-Tag
X-EIG-Tracking-Id
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Akamai-Transformed
X-IP
X-Bc-Bl
X-TIME
X-Cache-Enabled
X-EC-Lua
X-Esi
X-CCM
SD-X-WS
X-Adobe-Source
X-ECache
X-Backend-Host
Access-Control-Request-Headers
X-APP-VERSION
X-Cache-2
X-Ruxit-Js-Agent
X-B3-Traceid
Upgrade-Insecure-Requests
X-ShardId
X-Sorting-Hat-PodId
X-ShopId
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-Storefront-Renderer-Rendered
X-Cache-Backend
X-Tumblr-Pixel-3
X-Alternate-Cache-Key
X-Cdn
X-Forwarded-Host
X-ApacheServer
X-Cache-Grace
X-Viewer-Country
X-PERF
X-Soup
X-Backend-TTL
Node
X-Vgn-Hpd-Cached
X-Pubstack
X-Vgn-Hpd-Variations-Key
Apple-News-Services-Handled
X-SayCDN-TTL
Fastly-SSL
Cache-Status
X-Storage
DCR-Decision-By
Apple-News-Services-Request-Url
X-Varnishpool
X-Cluster-Name
X-Say-TTL
X-Say-Cacheable
Apple-News-Services-Parsed-Url
X-Web-Node
Host-ID
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
DCR-Processing-Time-Ms
Fastcgi-X-Cache-Version
Apple-News-Services-Host
X-A-Wwc
X-Twitter-Response-Tags
X-Rojux
X-RCS-CacheZone
X-Destination
X-Is-Crawler
X-Vdms-Path
X-Providence-Cookie
X-D
X-Request-UUID
X-Vdms-Version
X-Route-Name
X-Flags
X-External-Request-Id
X-ScT
X-S-Cookie
X-S
X-PAYTM-SRV-ID
X-Processor
X-G
X-Aspnet-Duration-Ms
Machine
X-Trv-Group
X-Transaction
X-PBS-Appsvrname
X-Connection-Hash
X-A
X-Rewrite-Enabled
X-A-Ccd
X-A-Dam
X-Vtex-Remote-Cache
X-Worker
Rendered-Blocks
MD5-Digest
Meta-Geo-Continent
Mobile-Detection-Method
Xc-Version
X-Vtex-Processado-Em
X-A-Dcw
X-VG-WebServer
X-Cache-NE
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-VG-WebCache
X-B-Cookie
X-Aed
X-ARC
X-Application
X-A-Dgt
X-Cache-Config
X-VG-TLSProxy
X-WADP-Cache
X-Variation
X-LAGOON
X-Servername
X-Fmm-Version
CDN-Uid
CloudFront-Viewer-Country
CDN-RequestId
CDN-RequestCountryCode
CDN-PullZone
X-Clara-WADP
X-Cache-Bucket
Is-Eu
Platform
Surrogated-Key
Fastly-SWR
Fastly-SIE
CDN-EdgeStorageId
CDN-CachedAt
X-Micro-Cache
X-Generation-Time
X-Ms-Request-Id
X-Ms-Version
X-Rebelmouse-Cache-Control
X-TX-ID
Adler-Geo
X-Date
CDN-Cache
X-DPWN-IS-SECURE
X-Envoy-Decorator-Operation
X-Fastly-Cache
X-Rebelmouse-Surrogate-Control
X-Accel-Expires-Debug
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Country
Time
Backend
X-Varnish-Beresp-Ttl
X-NGENIX-Cache
X-UA
X-Dispatcher-Server
X-CUA
Country-Code
X-Esi-Check
X-Fastly-Backend
X-HS-Content-Campaign-Id
X-Irp-Debug
NM-Fastcgi-Cache
X-Hash
C-Via
X-Gzip
X-Core-Value
Fastly-Drupal-HTML
Wxu-Next-Hostname
Wxu-Next-Region
L
Wxu-Next-Commit
Rt-Fastcgi-Cache
Origin
X-Varnish-Ttl
X-Auto-Login
X-Backend-State
X-Clientip
X-Cms-Context
Akamai-GRN
Gh-Request-Id
X-Cache-NGX
X-Bip
X-Cache-Id
X-Core-Mission
X-UPSTREAM-Address
X-Render-Time
X-Req
X-Policy
X-Platform
X-OVcl
X-OVcl-Cache
X-Varnish-Cacheable
X-Request-Host
X-Up
X-Thanos
X-SN
X-Slack-Backend
X-Request-Start
X-Skip-Cache
X-Webstats-RespID
X-Owner
X-Li-Fabric
X-Minions-Version
X-Wikidot-Static-Cache
X-Old-Content-Length
X-LI-UUID
X-Method
X-Li-Pop
X-Microcachable
X-Platform-Server
X-Wikidot-Backend
Now
PFcat
X-Varnish-CookieINHashed-On
X-Cache-Date
X-VarnishDD-TTL
We-Hiring
X-Varnish-Remaining-TTL
X-DefHash
Ufe-Result
X-DefElseHash
X-Amz-Meta-Cb-Modifiedtime
X-Varnish-CookieHashed-On
X-Csrf-Jwt
X-Mvc-Supplant-Cachable
X-Generated-On
X-Gamma-Serve
X-Has-Esi
X-HN
X-JWT-State
X-Is-Gdpr
X-Eu-Site
X-Edge-Location
X-CGP
X-Cache-URL
X-Content-Age
X-Level-Front-Cache
X-Developers
X-Reqid
X-Cache-Tags
X-Cdn-Srv
CacheControlHeader
Mail-Subject
Fastly-Backend-Name
X-CS
Ha-Gx-Prefs
AKAMAI
L5d-Success-Class
Memcached
HA-Ipaddr
Group
X-CACHE-AGE
X-Aicache-OS
X-Wa
X-Proxy-Upstream
X-Location
X-Geo-Header
FSS-Proxy
UCS
Pagetype
X-Pinterest-Sli-Latency-Threshold
X-Pinterest-Sli-Response-Type
X-DC
X-Pinterest-Sli-Endpoint-Name
X-Refresh
X-Branch-Name
X-Session-Fingerprint
X-Cache-Debug
X-NODE
X-Via-Popn
X-Agile-Id
X-PF-Uncompressing
X-Via-Poph
X-Page-View
X-LB-ID
X-Agile
X-Agile-Age
X-BC
X-ZONE
X-B3-Spanid
HostName
X-RateLimit-Remaining
X-GEO
X-Servedbyhost
SRV
NGX
M-TraceId
X-LI-Proto
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Datadome
X-Ftr-Cache-Host
X-Ua-Device
X-Mvc-Supplant-OutputCached
Hostname
X-Dc
X-Nginx-Cache
Arc-Country
X-Via-CDN
X-Instart-Request-ID
X-SERVER
X-Cdn-Forward
Xserver
X-Varnish-Hostname
Cdn-Host
X-Edge-Server
Cdn-Request-Time
X-Check-Cacheable
Viewtype
VivaBuild
X-Request-Time
X-Sql-Duration-Ms
X-NU-AKA-ACS-Version
X-VCL-Version
X-Zone
X-SERVER-NAME
X-FPC
X-Via-Ucdn
X-Sql-Count
X-RunCloud-Cache
X-Bc
Srv
X-Action
X-SRV
Memory
X-Cluster-Node
WebServer
X-APP
X-LiteSpeed-Cache-Control
X-UnsetCookies
X-RPS
X-Via-SSL
WWW-Authenticate
X-RSL
X-CF-Powered-By
X-HS-Status
X-Dynatrace-Js-Agent
X-DW
X-ID
X-DSS
X-Vgn-Hpd-Ssi
X-Cache-Remote
X-Cs
X-Via-Popv
X-DB
X-Via-Edge
X-RPM
X-DI
Edge-Copy-Time
X-NGINX-Cache
X-Www-Served-By
SID
X-Svr
NtCoent-Length
X-Srv
X-CSRF-TOKEN
Actual-Object-TTL
X-LLID
Geoip-Latitude
X-MP-GENERATED-AT
On-Server
X-Oss-Cdn-Auth
XServer
ProcessTime
X-ORACLE-APMCS-REQUEST-ID
GeoIp-Country-Code
X-S-Maxage
X-Vcache
Cache-Hits
ServedBy
X-Geo
X-We-Are-Hiring
Apigw-Requestid
X-Unique-ID
Geo-Info
User-Agent
X-Hit
Processtime
X-Akamai-Request-ID2
W
Amp-Access-Control-Allow-Source-Origin
Sid
Server-Info
GeoIP-Country-Code
GeoIP-Latitude
T-Server
Ohc-File-Size
X-Pass-Why
X-FORWARDED-FOR
LB
X-Epic-Correlation-Id
X-MSEdge-Features
X-MSEdge-Flight
X-HOST
Server-Host
Pics-Label
X-Presslabs-Stats
X-Envoy-Upstream-Healthchecked-Cluster
CF-IPCountry
S-Rt
N-Cache
X-Tb
X-Varnish-Hits
X-FC-Vary-Parameters
X-HITS
X-VC
X-Mobile-Rewrite
WZWS-RAY
X-Cache-Hfrom
Cdn
Accept-Language
X-Pjax-Url
Protected
X-Vcl-Version
X-Cache-Hm
X-SB
Magicmarker
X-Fpc
X-Nc
X-Webkit-CSP-Report-Only
Esi-Enabled
X-Key
A
X-Info
CDN
X-Fastly-Country-Code
Cteonnt-Length
X-Erf-Stays-Bingo-Pdp-Web
X-COUNTRY
X-CACHE-KEY
X-Uri
Ohc-Cache-HIT
Lb
X-Erf-Bev-Bev
X-Newrelic-App-Data
X-Erf-Bev-Bev-Is-Generated
Origin-Cache-Control
X-Newrelic-Synthetics
Origin-Edge-Control
X-TT-LOGID
X-Amzn-Remapped-Date
X-Dispatch
X-Via-NSCOPI
X-Amzn-Remapped-Connection
User-Cache-Control
X-Instart-Info
Tracecode
Proxy-Firewall
X-Acc-Rdl
X-Geo-Region
Section-Io-Origin-Time-Seconds
X-ServedByHost
Powered-By
Ssr
Section-Origin-Responded
X-Li-Proto
X-StackifyID
X-Provided-By
X-B3-SpanId
Section-Io-Origin-Status
DSUID
Odigeo-Trace-Id
Section-Io-Id
X-Dynatrace
X-UA-Device-Type
Cache-Name
X-Served-From
X-TH-Server
Lfy
Server-Ttl
Cache-Key
X-Akamai-Pragma-Client-IP
HitType
X-Magnolia-Registration
X-Lb-Id
X-RAMCache
X-Cache-Tag
X-Origin-Date
Web-Mar-Node
Vix-Hermes-Req-Id
True-Client-Country-4JS
Thinkindot-Control
V-Age
X-User
X-SRCache-Key
X-API-Version
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Traceid
X-Thinkindot-L3
X-Varnish-Authentication
Thinkindot-CacheControl
Path
Release
MIME-Version
Locid
Instruction
IsBot
Server-Ext
Server-Hostname
X-Varnish-Url
SR-User-Adfree
Sever-Int
X-VServer
Server-ID
Thinkindot-CacheControl-Type
X-SIPLIST1
FNAC-ModuleRouting
X-Origin-TTL
X-Request-URI
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Rocket-Build-Number
X-Response-By
X-Hnp-Log
X-Loc
X-Origin-CC
X-Node-Id
X-Nginx-Cache-Key
X-Matched-Rule
X-Origin-Time
X-Origin-Expires
X-GeoIP-City
X-Gen-Mode
X-Cache-ASPX
X-Cache-Expires
X-Block-Status
X-BBXSRF
X-Nyt-Route
X-Sigma-Backend
X-Cache-Info
X-Contensis-Viewer-Groups
X-Developer
X-Gdpr
X-SD-PageType
X-Server-IP
X-Sigma
X-BBC-Edge-Cache-Status
D-Cc-Upstream
X-Via-PopV
X-Via-PopN
X-Via-PopH
Cache-Provider
BehaviorPad-Version
X-Generated
CDCHOST
Fastcgi-Cache-TTL
X-Cc-Req-Id
X-TrackingId
X-Cc-Via
X-Men
X-Scheme
X-No-Cache
CountryCode
X-NodeID
X-Device-Os
X-Cdn-Origin
Pramga
X-ElasticPress-Query
X-Fetched-On
Kp-EeAlive
X-Generated-In
Cache-Host
X-ServiceProvider
X-Parent-Response-Time
X-Sn-Servicetimems
X-Tt-Logid
X-RateLimit-Remaining-Second
X-Var-Ttl
X-LiteSpeed-Tag
X-VC-Cache
Xet-Cookie
X-Trace-Id
X-App
X-WA
X-Agile-Brick-Ok
X-RateLimit-Limit-Second
X-Azure-Ref-OriginShield
X-Batcache
X-Cache-Spec
X-Swa-Ws
Tcn
X-Planisys-CDN-TTL
X-HostName
Dnion-Transfer-Encoding
Req-Svc-Chain
X-RateLimit-Limit
X-Planisys-CDN-Rules
X-Pf-Uncompressing
X-Planisys-CDN-Cache
Cf-Alt-Svc
X-Yottaa-OS
Who
X-Varnish-Beresp-TTL
Inserted-Into-Cache-At
X-PJAX-URL
X-Path-Route
X-Selected-Host-Header
X-Selected-Scheme
X-Selected-Name
X-Request-URL
X-B3-Parentspanid
Source
X-Proxy-Cachei7
Cf-Device-Type
X-BBC-Origin-Response-Status
X-Snapshot-Date
X-Apw-Hits
Resin-Trace
PICS-Label
Pragrma
X-C
X-Dw-Trace-Id
Mime-Version
Vha6-Origin
X-MiniProfiler-Ids
X-Apw-Access-Object
X-Apw-Access-Action
X-Vgn-Hpd-Reason
X-Apw-Access-Token