Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
CF-RAY
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-UA-Compatible
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
X-Xss-Protection
Alt-Svc
X-Served-By
CF-Ray
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
P3p
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
Upgrade
X-CDN
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Template
X-Ws-Request-Id
X-Language
X-Dns-Prefetch-Control
Feature-Policy
X-Age
X-Backend
X-Cache-Group
X-Hacker
X-Server
X-Amz-Request-Id
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
X-UA-Device
EagleId
X-Proxy-Cache
Request-Context
X-Turbo-Charged-By
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Host-Header
Grace
X-Buckets
Report-To
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Cf-Railgun
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-Vhost
Cf-Bgj
X-Host
X-WebKit-CSP
X-Dispatcher
X-Backend-Server
X-Device
X-Node
NEL
Surrogate-Control
X-Server-Id
X-Ruxit-JS-Agent
Content-Location
X-Response-Time
X-Cache-Lookup
Request-Id
X-Origin-Cache
X-Akam-SW-Version
X-Ac
Accept-CH-Lifetime
EagleEye-TraceId
X-ASPNET-VERSION
X-Ua-Compatible
X-Country
Accept-CH
X-HW
X-Mod-Pagespeed
Rating
X-Readtime
X-Cloud-Trace-Context
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Application-Context
Allow
Pinterest-Generated-By
Edge-Control
X-Country-Code
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Vname
X-TtlSet
X-PC
X-DataDome
X-Url
X-Varnish-TTL
X-Cnection
X-Origin-Upstream-Status
X-MS-InvokeApp
X-GitHub-Request-Id
X-Content-Type
Fusion-Deployment-Id
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Template-Id
X-D2id
X-Clacks-Overhead
X-Trace
X-Abt-Application-Version
X-Middleton-Display
Display
Pagespeed
Response
X-Sol
X-Middleton-Response
X-Server-Name
X-Pinterest-Rid
Pinterest-Version
X-ESI
X-Vcap-Request-Id
X-Px
X-Navigation-Version
X-FTR-Request-ID
X-Rack-Cache
X-B3-TraceId
Verso
Service-Worker-Allowed
MS-Author-Via
X-Cached
X-Fastly-Request-ID
X-Element-Page-Cache
X-DynaTrace
X-Client-IP
X-Webkit-CSP
Arr-Disable-Session-Affinity
X-Cache-TTL
Accept-Ch
X-Dw-Request-Base-Id
X-Powered-By-Plesk
X-CST
X-Upstream
Content-MD5
SPRequestGuid
X-SharePointHealthScore
X-Version
X-TTL
Fastly-Restarts
AR-ATIME
AR-PoweredBy
AR-Request-ID
AR-CACHE
Ar-Sid
X-NF-Request-ID
X-Forwarded-Proto
X-Debug
X-VARITI-CCR
X-Exp-Variant
X-Exp-Id
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
X-Cdn-Fetch
X-Goog-Hash
X-FastCGI-Cache
X-T
X-Jurisdiction
Access-Control-Request-Method
X-Powered-CMS
X-MSEdge-Ref
X-Release
X-Ttl
X-XRDS-Location
TP-Cache
X-Content-Digest
TP-L2-Cache
X-Edge
SPRequestDuration
SPIisLatency
S
X-Amz-Rid
X-Pinterest-Direct
RTSS
TCN
Cache-Tag
Public-Key-Pins
X-NWS-LOG-UUID
X-Ezoic-Cdn
X-Node-Name
X-Server-ID
Fastcgi-Cache
X-PressLabs-Stats
X-Yandex-Sdch-Disable
X-Request-Received
X-Request-Processing-Time
X-MCACHE
X-Mid
X-Cache-Key
Server-Node
Front-End-Https
X-Accel-Expires
Accept-Ch-Lifetime
X-Amzn-Trace-Id
X-Recruiting
X-Logged-In
X-Kinsta-Cache
X-Ser
X-Microsite
X-Request-Handler-Origin-Region
X-Cache-Hit
ServerID
X-B3-TraceId-Primal
X-Ratelimit-Remaining
Mrf-Cache-Status
X-Origin-Server
MRF-Tech
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Page-Id
Accept-Charset
X-Mg-S
Host
X-Amz-Server-Side-Encryption
X-Grace
X-ECACHE
X-Varnish-Age
X-B
Alternate-Protocol
X-Content-Security-Policy-Report-Only
X-DIS-Request-ID
X-Shield-Request-Id
X-Hostname
X-Mobile-URL
Nginx-Cache
Edge-Cache-Tag
X-HP-Webp
X-Forwarded-For
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Realm
X-FTR-Expires
Realpath
X-Ratelimit-Limit
X-Hits
X-Content-Options
X-Seen-By
X-Git-Hash
X-F-Cache
X-FireWall-Port
X-LB-Cache
Filterid
X-Load-Cache
X-Az
X-Activity-Id
X-AppVersion
MicrosoftSharePointTeamServices
X-Jobs
X-N
X-Request-Guid
X-App-Environment
X-Type
X-Varnish-Backend
X-Rid
Cache-Tags
Paypal-Debug-Id
Fastcgi-Useragent
X-WebKit-CSP-Report-Only
X-Varnish-Grace
X-Upgrade-Enabled
Cleartype
X-Zen-Fury
DynaTrace
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Access-Control-Allow-Method
X-Daa-Tunnel
X-Cached-By
X-Proxy
X-FB-Debug
X-Id
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Litespeed-Cache
Nel
X-Akamai-Edgescape
Powered-By-ChinaCache
X-Cache-Age
X-Amz-Meta-S3cmd-Attrs
X-App-Server
X-Geo-Country
DC
X-HS-Cache-Config
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-HS-Content-Id
X-Goog-Stored-Content-Encoding
X-Cache-Rule
X-Cache-Operation
X-Respond-Thread
X-HS-Hub-Id
X-HS-Combine-CSS
X-Host-Name
X-B3-Sampled
X-Content-Powered-By
X-IPLB-Instance
X-User-Agent
Content-Disposition
X-B-Cache
X-AOL-HN
X-Signature
Healthy
X-Response-Served-From
X-Debug-Info
X-Original-Request-Id
X-Whom
X-Accel-Buffering
MS-CV
X-Correlation-ID
X-Region
X-Wix-Request-Id
AMP-Access-Control-Allow-Source-Origin
Payment
X-HTML-Minification-Powered-By
X-Frontend
X-FW-Serve
X-FW-Hash
X-VCache
X-FW-Server
X-FW-Type
X-FW-Static
X-FW-Dynamic
X-Rule
X-Mobile
X-UUID
X-Cacheable-TTL
X-Distributor
X-Instance
X-XRDS-LOCATION
X-Is-Bot
X-Cache-Time
X-Rendered-As
X-Ua
Akamai-Age-Ms
X-Endurance-Cache-Level
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
Refresh
Datacenter
X-Amz-Apigw-Id
Surrogate-Key
X-Amzn-RequestId
NGB
Filters
X-Fastcgi-Cache
Charset
X-Acc-Debug-Context
X-Via-JSL
Countrycode
X-App-Version
X-Tec-Api-Origin
Liferay-Portal
S-Cnection
Viewport
X-Tec-Api-Root
X-Tec-Api-Version
X-Protected-By
PB-PID
X-Backend-Name
Arc-Version
PB-RID
X-Varnish-Server
X-Hyper-Cache
X-Cache-Expired-At
X-Cache-Server
X-Ah-Environment
X-Oneagent-Js-Injection
X-Amz-Replication-Status
Section-Io-Cache
Retry-After
X-PHP-Backend
X-Cache-Action
X-NewRelic-App-Data
X-Azure-Ref
X-Sucuri-ID
Referer-Policy
X-Source
X-WA-Info
X-EdgeConnect-Cache-Status
Version
X-Correlation-Id
X-Cache-Control
X-Proxy-Cache-Status
Eomportal-Instance
X-ProcessESI
X-RemovedCookies
X-Real-IP
X-L-Path
X-Environment-Context
X-Framework
X-Yottaa-Metrics
X-Time
X-Yottaa-Optimizations
Server-Name
X-Revision
X-RN-RSRV
Meta-Geo
GEO-INFO
X-ES-SERVER
X-Air-Hostname
X-RTag
X-Cache-Var
X-DynaTrace-JS-Agent
X-Cache-Var-Map
Frame-Options
Ms-Operation-Id
X-GeoIP
X-From
Powered
Cache
X-Mode
X-BYPASS-REASON
X-Cache-Host
X-Cache-TTL-Remaining
X-R9-Blue-Green-Version
X-Xfnlog-Site
X-Time-Microsecs
X-Qloud-Router
X-ProxyCache-Status
X-ProxyCache-Key
X-PCL
X-Human
X-Cluster
X-FW-Version
X-Hosted-By
X-LJ-Flow-ID
Uber-Trace-Id
X-PHP-Host
Mn-Server-Ip
Cache-Tv-Group
X-Server-W
X-Loop
X-OCL
Ec-Rule-Version
X-Labrador-Cache-Channel
X-TNCMS
Cross-Origin-Window-Policy
DB-Nickname
X-VWS-Id
X-AWS-Id
X-FB-TRIP-ID
X-Drupal-Cache-Contexts
Webcakes-App-Version
Webcakes-App-Name
Webcakes-Region
X-Proxied
X-Zipkin-Id
X-Origin-Hint
X-Amzn-Remapped-Content-Length
X-Redis-Cache
TWC-Privacy
TWC-Connection-Speed
Selected-Fe
Property-Id
TWC-Device-Class
TWC-GeoIP-Country
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Routing-Service
X-Status
X-Site-Version
X-Proxy-Build
X-Ruxit-Js-Agent
X-Detected-As
X-CSRF-Token
X-Handled-By
X-Locale
X-Unique-Id
X-Hl-Ver
X-Debug-Cache
X-NYM-Debug-Backend
X-Timing-Wait
X-Via-Fastly
X-Be
X-Format
X-Sucuri-Cache
X-Section
X-Proto
X-Access
X-ServerID
X-Generated-By
X-BCube-Filmed-By
X-Cache-PHP
X-Ratelimit-Reset
X-Hp-Webp
X-Device-Type
X-FTR-Cache-Host
X-No-Session
X-Drupal-Cache-Tags
X-Contextid
X-ATG-Version
Webserver
FSS-Cache
X-SaId
From-Origin
X-JoinUs
X-Varnish-Cache-Hits
X-CDN-Forward
X-Esi
X-Adobe-Loc
X-Adobe-Content
X-NCache
X-URL
CF-Cached-On
X-Origin
OT-Force-Account-Verify
X-AIR-PT
X-NWS-UUID-VERIFY
X-Oss-Object-Type
X-Oss-Server-Time
X-TT
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-GoCache-CacheStatus
X-Tt-Trace-Host
Azure-Version
Azure-InstanceId
Azure-SlotName
X-Tt-Trace-Tag
X-NC
Azure-SiteName
Azure-RegionName
CACHE
X-Akamai-Transformed
X-IPS-LoggedIn
X-TA-CDN-Provider
X-IP
X-Cache-Enabled
X-EIG-Tracking-Id
X-EC-Lua
Access-Control-Request-Headers
SD-X-WS
X-Bc-Bl
X-Adobe-Source
X-CCM
X-TIME
X-Cache-2
Upgrade-Insecure-Requests
X-Backend-Host
X-ShopId
X-Aspnet-Duration-Ms
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-Route-Name
X-Shopify-Stage
X-Providence-Cookie
X-Flags
X-Is-Crawler
X-ShardId
X-Soup
X-Pubstack
X-Cache-Grace
X-Forwarded-Host
X-PERF
X-APP-VERSION
X-Backend-TTL
X-ApacheServer
X-Tumblr-Pixel-3
X-Cache-Backend
Node
X-ECache
X-Pinterest-Sli-Endpoint-Name
X-Pinterest-Sli-Response-Type
Fastly-SSL
Decoy-Debug-TTL
Cache-Status
Decoy-Debug-Key
Decoy-Debug-Status
X-Web-Node
X-G
X-Storage
X-Say-Cacheable
X-Say-TTL
X-Pinterest-Sli-Latency-Threshold
X-Varnishpool
X-SayCDN-TTL
X-Cluster-Name
X-Viewer-Country
DCR-Processing-Time-Ms
X-Rewrite-Enabled
X-Request-UUID
X-Rojux
X-S
X-S-Cookie
X-RCS-CacheZone
X-Processor
X-Destination
X-External-Request-Id
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-ScT
X-Transaction
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Worker
Xc-Version
X-VG-WebServer
X-VG-WebCache
X-Trv-Group
X-Twitter-Response-Tags
X-Vdms-Path
X-Vdms-Version
X-D
X-Connection-Hash
MD5-Digest
Machine
Meta-Geo-Continent
Mobile-Detection-Method
Rendered-Blocks
Host-ID
Fastcgi-X-Cache-Version
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
DCR-Decision-By
X-A
X-A-Ccd
X-B-Cookie
X-Cache-NE
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-ARC
X-Application
X-A-Dam
X-A-Dcw
X-A-Dgt
X-Aed
Apple-News-Services-Handled
X-A-Wwc
X-LAGOON
X-Cdn
X-Vgn-Hpd-Cached
X-TX-ID
X-Cache-Config
X-Vgn-Hpd-Variations-Key
X-DPWN-IS-SECURE
Country
X-Micro-Cache
CDN-EdgeStorageId
Fastly-SIE
X-Rebelmouse-Cache-Control
CDN-CachedAt
CDN-Cache
Platform
X-Cache-Bucket
Adler-Geo
Is-Eu
X-Variation
CDN-PullZone
X-Ms-Request-Id
X-Fmm-Version
X-Rebelmouse-Surrogate-Control
X-WADP-Cache
X-Clara-WADP
X-Fastly-Cache
Fastly-SWR
CloudFront-Viewer-Country
X-Generation-Time
X-Ms-Version
X-Envoy-Decorator-Operation
CDN-RequestCountryCode
CDN-RequestId
CDN-Uid
X-VG-TLSProxy
X-Varnish-Beresp-Grace
X-UPSTREAM-Address
Backend
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Servername
X-Clientip
X-Cms-Context
L
X-Esi-Check
X-Wikidot-Backend
Fastly-Drupal-HTML
X-Webstats-RespID
X-Fastly-Backend
Country-Code
X-Platform-Server
X-Core-Value
X-Slack-Backend
Akamai-GRN
Gh-Request-Id
X-Cache-NGX
C-Via
X-Wikidot-Static-Cache
X-CUA
X-Core-Mission
X-Dispatcher-Server
X-Skip-Cache
X-Date
X-Cache-Id
X-Microcachable
Surrogated-Key
X-Minions-Version
X-Thanos
X-Method
X-Auto-Login
Rt-Fastcgi-Cache
X-Li-Pop
X-LI-UUID
X-Old-Content-Length
X-OVcl
X-Request-Host
Wxu-Next-Region
X-Platform
X-Request-Start
Wxu-Next-Hostname
X-OVcl-Cache
X-Owner
Wxu-Next-Commit
X-Backend-State
X-Li-Fabric
X-Render-Time
NM-Fastcgi-Cache
Origin
X-Accel-Expires-Debug
X-Gzip
X-SN
X-Policy
X-HS-Content-Campaign-Id
X-Hash
X-Bip
X-Varnish-Cacheable
X-Irp-Debug
X-UA
Time
X-NGENIX-Cache
X-CS
HA-Ipaddr
L5d-Success-Class
X-Cache-Tags
Ha-Gx-Prefs
X-CGP
X-VarnishDD-TTL
X-Cache-Date
X-Amz-Meta-Cb-Modifiedtime
PFcat
AKAMAI
X-Generated-On
X-Has-Esi
X-Gamma-Serve
X-Varnish-Ttl
X-Level-Front-Cache
X-Varnish-CookieHashed-On
X-HN
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-JWT-State
X-Is-Gdpr
Fastly-Backend-Name
X-DefElseHash
X-DefHash
X-Csrf-Jwt
X-Up
X-Content-Age
CacheControlHeader
X-Req
X-Eu-Site
X-Reqid
X-Mvc-Supplant-Cachable
X-Developers
Now
Ufe-Result
X-Aicache-OS
UCS
We-Hiring
X-Location
Pagetype
Mail-Subject
X-Edge-Location
X-Cdn-Srv
Group
Memcached
X-Cache-URL
X-Geo-Header
X-CACHE-AGE
X-RateLimit-Remaining
X-Wa
X-Proxy-Upstream
X-Page-View
X-Refresh
X-Branch-Name
X-LB-ID
X-Cache-Debug
X-Session-Fingerprint
FSS-Proxy
X-DC
X-PF-Uncompressing
X-Via-Popn
X-Via-Poph
X-NODE
HostName
X-Agile-Age
SRV
X-Agile-Id
X-Agile
X-ZONE
X-BC
NGX
X-Mvc-Supplant-OutputCached
X-B3-Spanid
X-B3-Traceid
X-Dc
X-GEO
X-Nginx-Cache
X-Debug-Cache-Fetch
X-Servedbyhost
X-LI-Proto
X-Via-CDN
M-TraceId
X-Debug-Cache-Store
Xserver
X-Ftr-Cache-Host
X-Datadome
X-Cdn-Forward
X-Ua-Device
Hostname
X-Request-Time
X-Instart-Request-ID
X-Check-Cacheable
Arc-Country
X-Varnish-Hostname
X-Sql-Duration-Ms
X-Sql-Count
X-LLID
X-SERVER
Cdn-Host
Viewtype
VivaBuild
X-Webkit-Csp
X-SRV
Cdn-Request-Time
X-NU-AKA-ACS-Version
X-Edge-Server
X-FPC
X-Zone
X-Via-Ucdn
X-Cluster-Node
X-Cache-Remote
X-Bc
X-SERVER-NAME
X-RunCloud-Cache
X-VCL-Version
X-LiteSpeed-Cache-Control
Srv
X-COUNTRY
X-APP
X-CF-Powered-By
Memory
X-Via-Popv
WebServer
Edge-Copy-Time
X-Www-Served-By
X-Via-SSL
X-Action
X-Via-Edge
X-FORWARDED-FOR
X-UnsetCookies
X-S-Maxage
X-ID
WWW-Authenticate
Geo-Info
On-Server
X-Svr
X-Geo
X-Vgn-Hpd-Ssi
X-MP-GENERATED-AT
X-DSS
NtCoent-Length
ServedBy
X-DW
X-RPM
X-Dynatrace-Js-Agent
X-RSL
X-RPS
X-DB
X-DI
Cache-Hits
X-Cs
X-HS-Status
Geoip-Latitude
GeoIp-Country-Code
SID
X-Unique-ID
X-NGINX-Cache
X-CSRF-TOKEN
X-Srv
X-Oss-Cdn-Auth
X-ORACLE-APMCS-REQUEST-ID
Actual-Object-TTL
ProcessTime
XServer
X-Presslabs-Stats
Apigw-Requestid
X-Vcache
T-Server
Server-Info
Sid
Processtime
X-We-Are-Hiring
X-Pass-Why
Ohc-File-Size
X-Hit
User-Agent
Amp-Access-Control-Allow-Source-Origin
X-MSEdge-Flight
X-MSEdge-Features
GeoIP-Country-Code
X-Akamai-Request-ID2
GeoIP-Latitude
W
LB
CF-IPCountry
X-Epic-Correlation-Id
X-Erf-Stays-Bingo-Pdp-Web
S-Rt
Server-Host
Pics-Label
N-Cache
X-Tb
X-HOST
X-Nc
Protected
X-Varnish-Hits
WZWS-RAY
X-SB
X-Envoy-Upstream-Healthchecked-Cluster
Magicmarker
X-VC
Cdn
X-Vcl-Version
X-HITS
X-Dynatrace
X-FC-Vary-Parameters
X-Erf-Bev-Bev-Is-Generated
X-Info
X-Cache-Hfrom
X-Erf-Bev-Bev
Accept-Language
X-Cache-Hm
X-Fpc
X-Uri
X-Mobile-Rewrite
X-Pjax-Url
Ohc-Cache-HIT
X-Webkit-CSP-Report-Only
X-Fastly-Country-Code
Cteonnt-Length
Esi-Enabled
A
X-Key
CDN
X-Acc-Rdl
X-CACHE-KEY
X-Newrelic-Synthetics
X-TT-LOGID
Origin-Cache-Control
Origin-Edge-Control
User-Cache-Control
X-Newrelic-App-Data
Tracecode
Lb
Section-Io-Id
Odigeo-Trace-Id
DSUID
Section-Io-Origin-Status
X-Provided-By
X-B3-SpanId
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-Li-Proto
X-UA-Device-Type
Ssr
Proxy-Firewall
X-Dispatch
X-Via-NSCOPI
X-ServedByHost
X-Instart-Info
Cache-Name
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
Tcn
Lfy
X-Magnolia-Registration
X-Geo-Region
X-Origin-Date
X-StackifyID
Powered-By
X-Cache-Tag
D-Cc-Upstream
X-RAMCache
X-Block-Status
X-Cache-Expires
X-Cache-Info
X-Contensis-Viewer-Groups
X-BBXSRF
X-Developer
X-Cache-ASPX
IsBot
True-Client-Country-4JS
Server-Ext
Release
V-Age
Path
Server-Hostname
Server-ID
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
SR-User-Adfree
Sever-Int
MIME-Version
Locid
X-Scheme
X-API-Version
X-Men
X-Cc-Via
X-Cc-Req-Id
Web-Mar-Node
CDCHOST
Vix-Hermes-Req-Id
X-Gdpr
Instruction
FNAC-ModuleRouting
X-BBC-Edge-Cache-Status
X-Origin-Time
X-SD-PageType
X-Server-IP
X-Sigma
X-Sigma-Backend
X-Rocket-Build-Number
X-Response-By
Thinkindot-Control
X-Gen-Mode
X-Request-URI
X-SIPLIST1
X-SRCache-Key
X-Varnish-Authentication
X-Varnish-Url
X-VServer
HitType
X-User
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Thinkindot-L3
X-Origin-Expires
X-Origin-TTL
X-Akamai-Pragma-Client-IP
X-Served-From
Server-Ttl
X-Matched-Rule
X-Loc
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hnp-Log
X-GeoIP-City
X-Nginx-Cache-Key
X-TH-Server
Cache-Key
X-Nyt-Route
X-Origin-CC
X-Node-Id
X-Fetched-On
X-Var-Ttl
X-Traceid
X-Generated-In
X-Sn-Servicetimems
X-Parent-Response-Time
X-Azure-Ref-OriginShield
X-NodeID
X-Cdn-Origin
X-Device-Os
X-Swa-Ws
X-Trace-Id
X-TrackingId
X-Via-PopN
X-Via-PopV
X-WA
X-Via-PopH
Fastcgi-Cache-TTL
X-Generated
BehaviorPad-Version
X-Lb-Id
X-RateLimit-Limit
Cache-Provider
Kp-EeAlive
Cache-Host
X-Cache-Spec
Pramga
CountryCode
X-No-Cache
X-RateLimit-Limit-Second
X-App
X-RateLimit-Remaining-Second
X-Batcache
Xet-Cookie
X-LiteSpeed-Tag
X-VC-Cache
X-ServiceProvider
X-Agile-Brick-Ok
Req-Svc-Chain
X-Tt-Logid
X-ElasticPress-Query
Source
X-Planisys-CDN-TTL
Dnion-Transfer-Encoding
X-Varnish-Beresp-TTL
X-Dw-Trace-Id
Who
X-Pf-Uncompressing
X-HostName
Cf-Device-Type
X-PJAX-URL
X-Planisys-CDN-Cache
X-Yottaa-OS
X-Planisys-CDN-Rules
Cf-Alt-Svc
Inserted-Into-Cache-At
X-Path-Route
X-Selected-Scheme
X-Selected-Name
X-Selected-Host-Header
X-B3-Parentspanid
X-ServerName
X-BBC-Origin-Response-Status
X-TraceId
X-Request-Url
Mime-Version
X-Apw-Access-Object
X-Apw-Access-Action
X-Apw-Access-Token
X-Apw-Hits
X-Snapshot-Date
X-Request-URL
X-Vgn-Hpd-Reason
PICS-Label
X-MiniProfiler-Ids
Vha6-Origin
Resin-Trace
X-C
Pragrma
X-Proxy-Cachei7