Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
Age
CF-RAY
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-UA-Compatible
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
X-Xss-Protection
CF-Ray
Alt-Svc
X-Served-By
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
P3p
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Cache-Group
X-Backend
X-Server
X-Hacker
X-Amz-Request-Id
X-Robots-Tag
X-Amz-Id-2
X-Template
X-AH-Environment
EagleId
Request-Context
X-Proxy-Cache
X-Language
X-UA-Device
X-Turbo-Charged-By
X-Server-Powered-By
X-Dns-Prefetch-Control
Server-Timing
X-Nginx-Cache-Status
Grace
Host-Header
Report-To
X-Rq
Xkey
X-Page-Speed
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-Buckets
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-Vhost
X-WebKit-CSP
X-Host
X-Backend-Server
NEL
X-Dispatcher
X-Device
X-Server-Id
Surrogate-Control
X-Node
X-Ruxit-JS-Agent
Accept-CH-Lifetime
Request-Id
Content-Location
X-Response-Time
Accept-CH
EagleEye-TraceId
X-Cache-Lookup
X-Akam-SW-Version
X-Origin-Cache
X-Ac
X-Ua-Compatible
X-Readtime
Allow
Rating
X-HW
X-Mod-Pagespeed
X-Country
X-Cloud-Trace-Context
X-Application-Context
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
Pinterest-Generated-By
Edge-Control
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Vname
X-TtlSet
X-PC
X-DataDome
X-MS-InvokeApp
X-Country-Code
X-Cnection
X-Varnish-TTL
X-GitHub-Request-Id
X-Content-Type
X-ASPNET-VERSION
X-D2id
X-Origin-Upstream-Status
X-CST
X-Clacks-Overhead
X-Trace
Pagespeed
Response
X-Middleton-Display
X-Middleton-Response
X-Sol
Display
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
X-Server-Name
Fusion-Component-Id
X-Pinterest-Rid
Pinterest-Version
X-Url
MS-Author-Via
X-Vcap-Request-Id
X-Abt-Application-Version
X-Navigation-Version
X-Px
X-B3-TraceId
X-Rack-Cache
X-FastCGI-Cache
Service-Worker-Allowed
Verso
X-Fastly-Request-ID
X-ESI
Arr-Disable-Session-Affinity
X-Webkit-CSP
Cf-Bgj
X-Element-Page-Cache
X-Client-IP
X-Cached
X-DynaTrace
X-FTR-Request-ID
X-Cache-TTL
X-TTL
X-Dw-Request-Base-Id
X-SharePointHealthScore
SPRequestGuid
X-VARITI-CCR
X-Powered-By-Plesk
X-Cdn-Fetch
X-Kinja-Server
X-Use-Magma
X-Exp-Id
X-Kinja-Revision
X-Goog-Hash
X-Exp-Variant
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja
X-Upstream
X-NF-Request-ID
AR-Request-ID
AR-PoweredBy
Fastly-Restarts
AR-CACHE
AR-ATIME
X-Debug
Ar-Sid
Content-MD5
X-Forwarded-Proto
X-MSEdge-Ref
X-Version
SPRequestDuration
X-Pinterest-Direct
SPIisLatency
X-T
X-Powered-CMS
Access-Control-Request-Method
X-Release
X-Jurisdiction
X-Amz-Rid
X-Content-Digest
S
X-Edge
X-XRDS-Location
TCN
TP-Cache
TP-L2-Cache
X-Ttl
RTSS
X-Litespeed-Cache
Cache-Tag
X-Ezoic-Cdn
Public-Key-Pins
X-Node-Name
X-MCACHE
X-Mid
Front-End-Https
X-Request-Received
X-Request-Processing-Time
Fastcgi-Cache
X-Cache-Key
X-Yandex-Sdch-Disable
Server-Node
X-Mg-S
X-Accel-Expires
X-Amzn-Trace-Id
X-Ser
X-Recruiting
X-NWS-LOG-UUID
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Kinsta-Cache
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-PressLabs-Stats
X-HP-Webp
Accept-Ch
X-Amz-Server-Side-Encryption
X-Grace
X-Request-Handler-Origin-Region
X-Microsite
X-Origin-Server
Accept-Charset
X-Logged-In
ServerID
X-Varnish-Age
X-Page-Id
X-DIS-Request-ID
X-Cache-Hit
X-Ratelimit-Remaining
Host
X-Shield-Request-Id
Nginx-Cache
MicrosoftSharePointTeamServices
X-ECACHE
Edge-Cache-Tag
X-Content-Security-Policy-Report-Only
X-Server-ID
X-B
X-Hits
X-Hostname
X-Mobile-URL
X-F-Cache
X-LB-Cache
X-AppVersion
Realpath
Powered-By-ChinaCache
X-Az
X-Activity-Id
Alternate-Protocol
Cache-Tags
Cleartype
X-N
X-Git-Hash
X-Ratelimit-Limit
X-Forwarded-For
X-Content-Options
X-Cached-By
X-Respond-Thread
X-Upgrade-Enabled
DynaTrace
X-Load-Cache
X-Request-Guid
X-Jobs
X-Varnish-Backend
X-App-Environment
X-Rid
Paypal-Debug-Id
X-Kong-Proxy-Latency
X-Country-Code-Real
X-FTR-Backend-Server
X-Cache-Age
X-FTR-Backend
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Realm
X-Type
X-Kong-Upstream-Latency
X-FTR-Balancer
X-FTR-Expires
X-Seen-By
Fastcgi-Useragent
X-Correlation-ID
Access-Control-Allow-Method
X-FireWall-Port
X-Proxy
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Amz-Meta-S3cmd-Attrs
Filterid
X-WebKit-CSP-Report-Only
X-Zen-Fury
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Generation
X-GUploader-UploadID
X-Akamai-Edgescape
X-Varnish-Grace
X-HS-Cache-Config
X-Daa-Tunnel
X-HS-Content-Id
X-HS-Hub-Id
X-FB-Debug
X-HS-Combine-CSS
X-B3-Sampled
X-VCache
X-IPLB-Instance
DC
X-Mobile
X-B-Cache
X-Host-Name
X-Signature
X-AOL-HN
MS-CV
Healthy
X-Whom
X-App-Server
X-Debug-Info
Filters
X-Region
X-User-Agent
AMP-Access-Control-Allow-Source-Origin
X-URL
X-Geo-Country
X-Cache-Rule
Charset
X-Cache-Operation
X-Original-Request-Id
X-Response-Served-From
Viewport
X-Accel-Buffering
X-XRDS-LOCATION
X-Frontend
Liferay-Portal
Accept-Ch-Lifetime
Payment
X-Id
X-HTML-Minification-Powered-By
X-UUID
X-Distributor
X-Content-Powered-By
X-Tumblr-Pixel-2
X-Tumblr-Pixel-0
X-Cacheable-TTL
X-Cache-Time
X-Rule
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Tumblr-User
X-Instance
X-FW-Server
Refresh
X-FW-Hash
X-FW-Dynamic
X-Acc-Debug-Context
X-FW-Serve
X-Protected-By
X-FW-Type
X-FW-Static
Surrogate-Key
Content-Disposition
S-Cnection
X-Via-JSL
X-Wix-Request-Id
X-Rendered-As
X-Is-Bot
X-Amz-Replication-Status
X-Amzn-RequestId
X-Cache-Expired-At
X-Amz-Apigw-Id
Nel
X-Hyper-Cache
X-Backend-Name
Datacenter
Section-Io-Cache
X-Endurance-Cache-Level
X-Sucuri-ID
Version
X-Ah-Environment
X-Cache-Action
X-Ua
Arc-Version
GEO-INFO
X-Tec-Api-Version
X-Tec-Api-Root
PB-RID
X-Tec-Api-Origin
X-Oneagent-Js-Injection
PB-PID
X-Cache-Server
X-App-Version
Akamai-Age-Ms
Retry-After
X-Air-Hostname
X-Source
X-Pinterest-Sli-Response-Type
NGB
X-Pinterest-Sli-Endpoint-Name
X-Pinterest-Sli-Latency-Threshold
Server-Name
X-EdgeConnect-Cache-Status
X-Varnish-Server
X-Real-IP
Countrycode
Eomportal-Instance
X-ProcessESI
X-L-Path
X-Environment-Context
CACHE
X-Framework
Referer-Policy
X-RemovedCookies
X-Revision
X-Sucuri-Cache
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-RTag
Ms-Operation-Id
Frame-Options
X-Esi
X-Unique-Id
X-Drupal-Cache-Contexts
X-Cache-Control
X-WA-Info
X-Proxy-Cache-Status
X-DynaTrace-JS-Agent
X-Azure-Ref
Meta-Geo
X-Cache-Var
X-ES-SERVER
X-Cache-Var-Map
X-RN-RSRV
X-GeoIP
Webserver
X-Cache-Host
X-ProxyCache-Status
X-BYPASS-REASON
X-Drupal-Cache-Tags
X-R9-Blue-Green-Version
X-NewRelic-App-Data
Cache-Tv-Group
X-ProxyCache-Key
X-Time-Microsecs
DB-Nickname
X-TNCMS
X-Hl-Ver
X-Hosted-By
X-Human
X-Qloud-Router
Ec-Rule-Version
X-Cache-TTL-Remaining
X-From
Cross-Origin-Window-Policy
X-Loop
X-Redis-Cache
X-Xfnlog-Site
X-Handled-By
X-Amzn-Remapped-Content-Length
X-Labrador-Cache-Channel
X-PHP-Host
X-Proxy-Build
X-No-Session
X-Locale
X-NYM-Debug-Backend
X-OCL
X-PCL
X-Origin-Hint
X-Proto
X-Site-Version
TWC-Connection-Speed
Selected-Fe
X-AWS-Id
X-Be
Webcakes-App-Version
Webcakes-App-Name
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
X-LJ-Flow-ID
Property-Id
X-Status
TWC-GeoIP-Country
X-ServerID
X-Server-W
X-FB-TRIP-ID
X-Timing-Wait
X-VWS-Id
X-Via-Fastly
X-Cluster
X-Detected-As
X-FW-Version
Webcakes-Region
X-Mode
X-PHP-Backend
FSS-Cache
X-Contextid
Mn-Server-Ip
X-Routing-Service
X-Section
X-Debug-Cache
X-CDN-Forward
X-Access
X-Zipkin-Id
X-Format
X-Proxied
X-ATG-Version
X-Generated-By
X-Device-Type
Uber-Trace-Id
X-AIR-PT
X-Adobe-Loc
X-Cache-PHP
X-TIME
X-Adobe-Content
X-Ratelimit-Reset
X-BCube-Filmed-By
X-Flags
X-Aspnet-Duration-Ms
X-Route-Name
X-Providence-Cookie
X-Is-Crawler
X-Ua-Device
X-TT
X-NC
X-CSRF-Token
X-Varnish-Cache-Hits
Cache
Azure-SlotName
Azure-Version
Azure-RegionName
Upgrade-Insecure-Requests
Azure-InstanceId
Azure-SiteName
X-Correlation-Id
X-Tt-Trace-Tag
X-Tt-Trace-Host
From-Origin
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
OT-Force-Account-Verify
Powered
X-Time
X-NCache
Access-Control-Request-Headers
X-Oss-Storage-Class
X-JoinUs
CF-Cached-On
X-Oss-Server-Time
X-Origin
X-Oss-Request-Id
X-SaId
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-COUNTRY
X-GoCache-CacheStatus
X-Akamai-Transformed
X-Cache-2
X-FTR-Cache-Host
X-UPSTREAM-Address
X-Varnish-Ttl
X-Fastcgi-Cache
X-Adobe-Source
SD-X-WS
X-Backend-TTL
X-CCM
X-ShardId
X-Alternate-Cache-Key
X-ShopId
X-Sorting-Hat-ShopId
X-Backend-Host
X-Storefront-Renderer-Rendered
X-Varnishpool
X-Sorting-Hat-PodId
X-Shopify-Stage
X-LAGOON
X-LLID
X-APP-VERSION
X-Soup
X-Cache-Grace
Country
X-NWS-UUID-VERIFY
X-G
X-Web-Node
X-ECache
X-Forwarded-Host
X-Page-View
X-Cluster-Name
X-IP
X-Pubstack
X-TA-CDN-Provider
Fastly-SSL
X-Ruxit-Js-Agent
X-Storage
Decoy-Debug-Status
Decoy-Debug-Key
Node
X-Say-TTL
Cache-Status
X-Say-Cacheable
X-SayCDN-TTL
Decoy-Debug-TTL
X-PERF
X-ApacheServer
X-Cache-Enabled
X-Cdn
X-Tumblr-Pixel-3
X-TX-ID
X-Cache-NE
Xc-Version
Mobile-Detection-Method
X-External-Request-Id
X-D
MD5-Digest
X-B-Cookie
Meta-Geo-Continent
X-Destination
X-PBS-Appsvrname
X-Bc-Bl
X-Rojux
X-S
X-Vdms-Path
X-Vdms-Version
X-Request-UUID
X-Rewrite-Enabled
Rendered-Blocks
X-S-Cookie
X-ScT
X-A
X-Trv-Group
Host-ID
X-A-Ccd
X-CF-Lambda-Version
X-Connection-Hash
X-A-Dam
X-VG-WebCache
Fastcgi-X-Cache-Version
X-PAYTM-SRV-ID
DCR-Decision-By
X-Worker
X-Aed
X-Application
X-ARC
Machine
X-Vtex-Remote-Cache
DCR-Processing-Time-Ms
X-VG-WebServer
X-A-Dgt
X-A-Dcw
X-CF-Lambda-Fn
X-A-Wwc
X-Vtex-Processado-Em
X-Processor
X-RCS-CacheZone
X-Viewer-Country
X-Cache-Config
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-EC-Lua
X-Cache-Spec
X-Varnish-Beresp-Ttl
X-IPS-LoggedIn
CloudFront-Viewer-Country
X-Clara-WADP
X-Platform-Server
CDN-Uid
X-Microcachable
CDN-RequestId
X-Ms-Request-Id
X-Ms-Version
X-WADP-Cache
X-Rebelmouse-Cache-Control
X-Cms-Context
Fastly-SWR
X-Varnish-CookieHashed-On
Gh-Request-Id
Is-Eu
X-Variation
X-Varnish-CookieINHashed-On
X-Servername
Platform
X-Rebelmouse-Surrogate-Control
X-Cache-Backend
X-Varnish-Remaining-TTL
Fastly-SIE
X-CUA
X-Core-Value
X-Cache-Bucket
X-Generation-Time
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-DPWN-IS-SECURE
X-Micro-Cache
X-Fastly-Cache
X-Fmm-Version
Apple-News-Services-Request-Url
CDN-Cache
X-DefHash
X-Auto-Login
CDN-RequestCountryCode
Apple-News-Services-Handled
CDN-PullZone
CDN-EdgeStorageId
X-Session-Fingerprint
X-DefElseHash
CDN-CachedAt
Adler-Geo
X-UA
X-ID
Backend
X-Branch-Name
C-Via
CacheControlHeader
X-Cache-Id
AKAMAI
Rt-Fastcgi-Cache
Fastly-Backend-Name
X-Bip
X-Cache-Date
X-Cache-Debug
Fastly-Drupal-HTML
X-Location
X-Render-Time
X-Platform
X-EIG-Tracking-Id
X-Request-Host
X-Request-Start
X-Owner
X-OVcl-Cache
X-LI-UUID
NM-Fastcgi-Cache
X-Old-Content-Length
X-Clientip
SRV
X-Skip-Cache
X-VG-TLSProxy
X-B3-Spanid
X-Via-CDN
X-Webstats-RespID
X-Varnish-Cacheable
X-Twitter-Response-Tags
X-Slack-Backend
X-SN
X-Thanos
X-Transaction
X-Li-Pop
X-OVcl
X-Li-Fabric
X-Geo-Header
X-Gzip
X-Has-Esi
X-Gamma-Serve
X-Fastly-Backend
X-Core-Mission
X-Dispatcher-Server
X-Envoy-Decorator-Operation
X-Esi-Check
X-Hash
X-Generated-On
X-GEO
X-JWT-State
X-Level-Front-Cache
X-Irp-Debug
X-Is-Gdpr
X-HS-Content-Campaign-Id
X-Hp-Webp
X-Cache-Tags
X-Cache-NGX
PFcat
X-Wikidot-Static-Cache
Pagetype
X-VarnishDD-TTL
X-Wikidot-Backend
Origin
X-Content-Age
Wxu-Next-Hostname
X-Mvc-Supplant-Cachable
X-Policy
X-Reqid
X-Minions-Version
Wxu-Next-Region
X-Method
Wxu-Next-Commit
X-HN
X-Developers
X-Backend-State
Akamai-GRN
L
UCS
X-CGP
Country-Code
Ha-Gx-Prefs
FSS-Proxy
X-Csrf-Jwt
L5d-Success-Class
X-Amz-Meta-Cb-Modifiedtime
HA-Ipaddr
X-CS
X-B3-Traceid
X-Eu-Site
X-PF-Uncompressing
X-Refresh
X-DC
X-Wa
X-Aicache-OS
X-Accel-Expires-Debug
X-Date
Surrogated-Key
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-NGENIX-Cache
X-NODE
X-Sql-Count
X-Req
X-Up
X-Cache-Remote
X-LB-ID
X-Via-Popn
X-Sql-Duration-Ms
X-Via-Poph
X-Edge-Location
X-RateLimit-Remaining
X-Presslabs-Stats
Mail-Subject
X-Cache-URL
X-Cdn-Srv
Group
NGX
We-Hiring
Ufe-Result
X-Ftr-Cache-Host
X-Mvc-Supplant-OutputCached
Time
Memcached
X-Dc
Now
X-Proxy-Upstream
Hostname
HostName
X-NU-AKA-ACS-Version
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-SRV
X-Www-Served-By
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Nginx-Cache
X-ZONE
X-BC
X-Servedbyhost
X-FPC
X-FORWARDED-FOR
X-LI-Proto
XServer
X-CACHE-AGE
X-S-Maxage
X-Check-Cacheable
Cache-Hits
X-Varnish-Hostname
X-Agile-Age
X-Agile-Id
X-Via-SSL
X-Agile
X-Via-Edge
Edge-Copy-Time
Protected
X-Request-Time
GeoIp-Country-Code
X-Svr
Geoip-Latitude
On-Server
ServedBy
M-TraceId
X-Cdn-Forward
X-LiteSpeed-Cache-Control
X-CSRF-TOKEN
T-Server
X-VCL-Version
X-NGINX-Cache
X-Cluster-Node
X-Cs
SID
X-UnsetCookies
Xserver
X-HS-Status
X-CF-Powered-By
X-Pass-Why
X-APP
Arc-Country
X-Via-Popv
NtCoent-Length
X-MP-GENERATED-AT
X-Datadome
X-Acc-Rdl
X-Zone
X-Bc
VivaBuild
Viewtype
Server-Host
N-Cache
X-Srv
Cdn-Request-Time
Cdn-Host
X-Edge-Server
X-Erf-Stays-Bingo-Pdp-Web
X-Uri
X-Varnish-Hits
Ohc-File-Size
X-SB
X-VC
Processtime
X-RunCloud-Cache
X-We-Are-Hiring
Pics-Label
WZWS-RAY
X-Via-Ucdn
Memory
ProcessTime
X-Action
User-Agent
Srv
X-Dynatrace-Js-Agent
X-DB
X-RSL
X-RPS
X-Info
WebServer
Sid
X-DSS
Apigw-Requestid
X-DW
X-DI
X-RPM
X-MSEdge-Flight
X-MSEdge-Features
WWW-Authenticate
X-Oss-Cdn-Auth
W
Magicmarker
Ohc-Cache-HIT
Section-Io-Id
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
LB
DSUID
X-TT-LOGID
X-CACHE-KEY
Server-Info
X-Vgn-Hpd-Ssi
CF-IPCountry
X-HOST
X-UA-Device-Type
Cache-Name
X-Newrelic-App-Data
X-SERVER-NAME
Odigeo-Trace-Id
Tracecode
User-Cache-Control
S-Rt
X-Vcl-Version
X-Tb
CDN
Cteonnt-Length
X-HITS
X-Origin-Date
X-Geo
X-Hit
X-Dynatrace
Geo-Info
X-Cache-Hm
Amp-Access-Control-Allow-Source-Origin
X-Cache-Hfrom
Ssr
X-Pjax-Url
X-Unique-ID
X-Webkit-CSP-Report-Only
CountryCode
GeoIP-Latitude
GeoIP-Country-Code
X-Magnolia-Registration
A
X-Fastly-Country-Code
X-Akamai-Request-ID2
Lfy
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Response-By
X-Hnp-Log
X-Loc
Server-Hostname
X-Thinkindot-L3
X-SIPLIST1
Server-Ext
Release
X-VServer
Web-Mar-Node
X-FC-Vary-Parameters
X-Request-URI
X-Matched-Rule
Thinkindot-Control
X-Origin-CC
X-Nyt-Route
Sever-Int
X-Origin-Expires
X-Origin-TTL
X-Origin-Time
SR-User-Adfree
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-SRCache-Key
X-Node-Id
X-API-Version
X-GeoIP-City
X-Cache-ASPX
X-Cache-Expires
Lb
X-Scheme
X-Gdpr
Instruction
X-Varnish-Url
D-Cc-Upstream
X-Developer
X-Newrelic-Synthetics
X-Contensis-Viewer-Groups
X-Gen-Mode
X-Cc-Req-Id
IsBot
X-Block-Status
X-Envoy-Upstream-Healthchecked-Cluster
X-Epic-Correlation-Id
X-Server-IP
X-SD-PageType
X-Varnish-Authentication
X-BBXSRF
Path
X-BBC-Edge-Cache-Status
X-Cc-Via
X-Provided-By
Server-ID
Cdn
X-Fpc
MIME-Version
CDCHOST
Locid
Cache-Host
Pramga
X-Cache-Info
X-Cdn-Origin
X-Li-Proto
X-Sn-Servicetimems
Accept-Language
X-Device-Os
X-Nginx-Cache-Key
X-Nc
X-Fetched-On
X-Azure-Ref-OriginShield
X-Via-NSCOPI
X-Var-Ttl
X-Swa-Ws
True-Client-Country-4JS
X-ServedByHost
X-Trace-Id
V-Age
X-Traceid
X-User
Vix-Hermes-Req-Id
X-Cache-Tag
Actual-Object-TTL
X-ORACLE-APMCS-REQUEST-ID
X-NodeID
X-Generated-In
Esi-Enabled
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
FNAC-ModuleRouting
X-StackifyID
X-Instart-Request-ID
X-Men
X-Vcache
Server-Ttl
X-Served-From
Cache-Key
Cf-Device-Type
X-Key
X-TH-Server
X-Akamai-Pragma-Client-IP
X-Lb-Id
X-Rocket-Build-Number
X-Sigma-Backend
X-Sigma
Source
Kp-EeAlive
X-Mobile-Rewrite
X-Parent-Response-Time
X-WA
Cache-Provider
X-Via-PopH
X-Via-PopV
X-Via-PopN
X-No-Cache
X-Origin-Response-Time
X-Agile-Brick-Ok
X-B3-SpanId
X-Instart-Info
Expiry
X-RateLimit-Limit-Second
Content-Style-Type
Content-Script-Type
X-Geo-Region
X-ElasticPress-Query
X-Yottaa-OS
X-MiniProfiler-Ids
Origin-Cache-Control
Origin-Edge-Control
Proxy-Firewall
X-RateLimit-Remaining-Second
X-ServiceProvider
X-VC-Cache
X-Dispatch
X-Tt-Logid
Req-Svc-Chain
X-Batcache
Tcn
X-B3-Parentspanid
X-BBC-Origin-Response-Status
Who
Inserted-Into-Cache-At
X-PJAX-URL
Location
Mime-Version
Cf-Alt-Svc
X-RAMCache
X-HostName
X-RateLimit-Limit
Powered-By
HitType
X-Apw-Hits
X-Varnish-Beresp-TTL
X-Request-URL
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Access-Action
X-Selected-Name
X-Selected-Scheme
X-Selected-Host-Header
Url
Xkeyi7
X-TraceId
EpKe-Alive
X-Miniprofiler-Ids
NnCoection
X-Proxy-Cachei7
Vha6-Origin
X-Request-Url
Server-Id
X-Akamai-Request-ID
PICS-Label
X-C
X-Dw-Trace-Id
X-Pf-Uncompressing
X-LiteSpeed-Tag
Dnion-Transfer-Encoding
Fastcgi-Cache-TTL
X-Snapshot-Date
X-Vgn-Hpd-Reason
Xet-Cookie
Pragrma
Resin-Trace