Threat Level: green Handler on Duty: Remco Verhoef

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
CF-RAY
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-UA-Compatible
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-Served-By
CF-Ray
X-Xss-Protection
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
P3p
X-Content-Security-Policy
Status
Content-Encoding
X-AspNetMvc-Version
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Cache-Group
X-Server
X-Backend
X-Amz-Request-Id
X-Hacker
X-Robots-Tag
X-Amz-Id-2
X-UA-Device
X-AH-Environment
Request-Context
X-Proxy-Cache
EagleId
X-Turbo-Charged-By
X-Dns-Prefetch-Control
X-Server-Powered-By
X-Template
Server-Timing
X-Language
X-Nginx-Cache-Status
Grace
Host-Header
Report-To
X-Rq
X-Page-Speed
Xkey
X-Ua-Compatible
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-Buckets
X-Vhost
X-Host
X-WebKit-CSP
X-Backend-Server
NEL
X-Server-Id
X-Dispatcher
X-Device
Surrogate-Control
X-Node
Accept-CH-Lifetime
X-Ruxit-JS-Agent
Request-Id
Content-Location
Accept-CH
X-Response-Time
EagleEye-TraceId
X-Cache-Lookup
X-Akam-SW-Version
X-Origin-Cache
X-Ac
Allow
X-Readtime
Rating
X-Mod-Pagespeed
X-HW
X-Country
X-Application-Context
X-Cloud-Trace-Context
X-ORACLE-DMS-ECID
Edge-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Pinterest-Generated-By
X-ORACLE-DMS-RID
X-MS-InvokeApp
X-PC
X-TtlSet
X-Vname
X-Cnection
X-Country-Code
X-DataDome
X-Varnish-TTL
X-CST
X-ASPNET-VERSION
X-GitHub-Request-Id
X-Content-Type
X-D2id
X-Clacks-Overhead
X-Server-Name
X-Trace
Response
Display
X-Middleton-Display
Pagespeed
X-Middleton-Response
X-Sol
X-Origin-Upstream-Status
Pinterest-Version
X-Pinterest-Rid
MS-Author-Via
X-FastCGI-Cache
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Deployment-Id
X-Vcap-Request-Id
X-Px
X-Abt-Application-Version
X-B3-TraceId
X-TTL
X-Rack-Cache
X-Navigation-Version
X-ESI
Service-Worker-Allowed
X-Url
Verso
Arr-Disable-Session-Affinity
X-Client-IP
X-Webkit-CSP
X-Element-Page-Cache
X-Cached
X-Cache-TTL
X-Fastly-Request-ID
X-DynaTrace
X-FTR-Request-ID
X-Dw-Request-Base-Id
SPRequestGuid
X-VARITI-CCR
X-SharePointHealthScore
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Kinja
X-Kinja-Build
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Server
X-Powered-By-Plesk
X-Kinja-Revision
X-Upstream
X-Goog-Hash
Fastly-Restarts
X-NF-Request-ID
AR-ATIME
AR-Request-ID
AR-PoweredBy
AR-CACHE
Ar-Sid
X-Debug
Content-MD5
X-MSEdge-Ref
X-Pinterest-Direct
X-Forwarded-Proto
SPIisLatency
SPRequestDuration
X-Powered-CMS
X-Version
Access-Control-Request-Method
X-Release
X-T
X-Amz-Rid
X-XRDS-Location
X-Jurisdiction
S
X-Edge
X-Content-Digest
TCN
RTSS
TP-L2-Cache
TP-Cache
Public-Key-Pins
X-Litespeed-Cache
Cache-Tag
X-Ezoic-Cdn
X-Cache-Key
Front-End-Https
X-Node-Name
X-Mid
X-MCACHE
X-Yandex-Sdch-Disable
Server-Node
X-Request-Processing-Time
X-Request-Received
X-Mg-S
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-Recruiting
X-Accel-Expires
X-HP-Webp
X-Amzn-Trace-Id
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ser
X-Ttl
X-Kinsta-Cache
X-PressLabs-Stats
X-Grace
Accept-Ch
X-NWS-LOG-UUID
X-Microsite
X-Request-Handler-Origin-Region
X-Origin-Server
Accept-Charset
X-Varnish-Age
ServerID
X-Logged-In
MicrosoftSharePointTeamServices
Cf-Bgj
X-DIS-Request-ID
X-Page-Id
Host
Edge-Cache-Tag
Nginx-Cache
X-Shield-Request-Id
X-Ratelimit-Remaining
X-Cache-Hit
X-ECACHE
X-Content-Security-Policy-Report-Only
X-Server-ID
X-Hits
X-B
Powered-By-ChinaCache
X-Hostname
Cache-Tags
X-Forwarded-For
X-Mobile-URL
X-F-Cache
X-LB-Cache
X-Respond-Thread
Cleartype
Realpath
X-AppVersion
X-Az
X-Activity-Id
X-Git-Hash
X-Cached-By
X-N
X-Content-Options
Alternate-Protocol
X-Ratelimit-Limit
X-Upgrade-Enabled
X-Cache-Age
DynaTrace
X-Type
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-App-Environment
Paypal-Debug-Id
X-Request-Guid
X-Rid
X-Load-Cache
X-Varnish-Backend
X-Amz-Meta-S3cmd-Attrs
X-Jobs
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-FTR-Backend
X-FTR-Backend-Server
Fastcgi-Useragent
X-Country-Code-Real
X-FTR-Expires
X-Seen-By
Access-Control-Allow-Method
X-Proxy
X-URL
X-WebKit-CSP-Report-Only
X-Zen-Fury
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-FireWall-Port
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-HS-Combine-CSS
X-Akamai-Edgescape
X-B3-Sampled
Charset
Filterid
X-Daa-Tunnel
X-TEC-API-VERSION
X-VCache
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Correlation-ID
X-FB-Debug
X-Varnish-Grace
X-IPLB-Instance
X-B-Cache
Filters
X-Signature
X-Host-Name
Healthy
X-AOL-HN
X-Debug-Info
X-Mobile
DC
MS-CV
X-Whom
X-Region
Viewport
X-User-Agent
X-Geo-Country
AMP-Access-Control-Allow-Source-Origin
X-App-Server
X-Response-Served-From
X-Accel-Buffering
Payment
Liferay-Portal
X-Cache-Rule
X-Original-Request-Id
X-Cache-Operation
X-Frontend
Accept-Ch-Lifetime
X-HTML-Minification-Powered-By
X-Distributor
X-Instance
X-UUID
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Rule
X-Tumblr-User
X-Tumblr-Pixel
X-FW-Hash
X-FW-Dynamic
X-Cacheable-TTL
X-Cache-Time
X-FW-Static
X-FW-Type
X-Tumblr-Pixel-0
X-FW-Server
X-FW-Serve
Surrogate-Key
X-Acc-Debug-Context
X-Content-Powered-By
X-Protected-By
Refresh
X-Id
X-Amz-Replication-Status
S-Cnection
X-Via-JSL
X-Tec-Api-Origin
X-Tec-Api-Version
CACHE
X-Tec-Api-Root
X-Cache-Expired-At
X-Is-Bot
Section-Io-Cache
X-Wix-Request-Id
X-Rendered-As
Content-Disposition
Version
X-Hyper-Cache
X-XRDS-LOCATION
Nel
X-Backend-Name
X-Sucuri-ID
X-Amz-Apigw-Id
GEO-INFO
X-Amzn-RequestId
X-Cache-Action
X-Ah-Environment
X-Endurance-Cache-Level
X-Oneagent-Js-Injection
Server-Name
PB-PID
Arc-Version
Datacenter
PB-RID
X-App-Version
Retry-After
X-Cache-Server
X-Ua
X-Air-Hostname
X-Source
X-Pinterest-Sli-Response-Type
X-Pinterest-Sli-Latency-Threshold
X-Pinterest-Sli-Endpoint-Name
X-Unique-Id
X-EdgeConnect-Cache-Status
Eomportal-Instance
X-Real-IP
X-RemovedCookies
X-Framework
X-L-Path
X-ProcessESI
Referer-Policy
X-Environment-Context
X-Revision
X-Varnish-Server
Frame-Options
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Sucuri-Cache
X-RTag
X-Drupal-Cache-Contexts
Ms-Operation-Id
NGB
Webserver
Countrycode
Akamai-Age-Ms
X-Cache-Control
X-Correlation-Id
X-TIME
X-WA-Info
X-Cache-Var
X-ES-SERVER
X-Cache-Var-Map
X-Proxy-Cache-Status
Meta-Geo
X-RN-RSRV
X-Drupal-Cache-Tags
X-Mode
X-Azure-Ref
X-ProxyCache-Status
X-Qloud-Router
X-Cache-TTL-Remaining
X-Time-Microsecs
X-Xfnlog-Site
DB-Nickname
X-ProxyCache-Key
X-R9-Blue-Green-Version
Cache-Tv-Group
X-GeoIP
X-Cache-Host
X-BYPASS-REASON
X-Server-W
X-Handled-By
TWC-Device-Class
X-AWS-Id
X-Redis-Cache
X-Cluster
X-FW-Version
X-PHP-Host
X-Labrador-Cache-Channel
X-OCL
X-Origin-Hint
X-Amzn-Remapped-Content-Length
X-Hl-Ver
Ec-Rule-Version
Cross-Origin-Window-Policy
Webcakes-App-Version
Webcakes-App-Name
TWC-GeoIP-Country
X-Status
X-NYM-Debug-Backend
Property-Id
X-PCL
TWC-Connection-Speed
TWC-Locale-Group
X-Human
TWC-Privacy
X-LJ-Flow-ID
X-VWS-Id
Mn-Server-Ip
TWC-GeoIP-LatLong
Webcakes-Region
X-CDN-Forward
X-Zipkin-Id
X-Via-Fastly
X-TNCMS
X-ServerID
X-From
X-Be
X-Proto
X-No-Session
X-Loop
X-Contextid
X-Hosted-By
X-Timing-Wait
X-FB-TRIP-ID
X-Format
X-Proxy-Build
X-Access
X-Proxied
X-Section
X-Routing-Service
X-Locale
Selected-Fe
X-Site-Version
X-Flags
X-Detected-As
X-NewRelic-App-Data
X-Route-Name
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Providence-Cookie
FSS-Cache
X-DynaTrace-JS-Agent
X-Adobe-Content
X-Adobe-Loc
Uber-Trace-Id
X-AIR-PT
X-Debug-Cache
X-Cache-PHP
X-Device-Type
X-ATG-Version
X-PHP-Backend
X-Generated-By
X-TT
X-Ratelimit-Reset
X-BCube-Filmed-By
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-NC
X-Esi
Upgrade-Insecure-Requests
VIX-Pulpo-Upstream-Status
X-Aspnetmvc-Version
X-Cache-Spec
VIX-Pulpo-Node
Azure-RegionName
Azure-SlotName
Azure-Version
Azure-SiteName
X-Varnish-Cache-Hits
Azure-InstanceId
X-LLID
X-CSRF-Token
OT-Force-Account-Verify
Access-Control-Request-Headers
From-Origin
X-UPSTREAM-Address
X-COUNTRY
X-NCache
X-Oss-Storage-Class
X-Akamai-Transformed
CF-Cached-On
X-Origin
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-GoCache-CacheStatus
X-Oss-Request-Id
X-CCM
SD-X-WS
X-Cache-2
X-Adobe-Source
X-Backend-TTL
X-JoinUs
X-Page-View
Powered
Cache-Status
X-SaId
X-LAGOON
X-Varnishpool
X-Storefront-Renderer-Rendered
X-Pubstack
X-ApacheServer
X-Cache-Grace
X-Alternate-Cache-Key
X-Backend-Host
Country
X-Forwarded-Host
X-PERF
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-ShopId
X-ShardId
X-Soup
X-ID
X-G
X-FTR-Cache-Host
X-Say-TTL
X-Storage
Decoy-Debug-Key
X-Cluster-Name
Decoy-Debug-Status
Decoy-Debug-TTL
X-Web-Node
X-Say-Cacheable
X-SayCDN-TTL
Fastly-SSL
Node
SRV
Cache
X-APP-VERSION
X-ECache
X-IP
X-Ruxit-Js-Agent
X-Viewer-Country
X-EC-Lua
X-Cdn
X-TX-ID
X-Cache-Enabled
X-Time
X-NWS-UUID-VERIFY
Xc-Version
X-Request-UUID
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Processor
X-RCS-CacheZone
X-Worker
X-Rewrite-Enabled
X-Vtex-Processado-Em
X-Trv-Group
X-Vdms-Path
X-VG-WebServer
X-VG-WebCache
X-Session-Fingerprint
X-Vtex-Remote-Cache
X-Rojux
X-S
X-S-Cookie
X-ScT
X-Vdms-Version
X-Cache-NE
Machine
Host-ID
MD5-Digest
Meta-Geo-Continent
Rendered-Blocks
Mobile-Detection-Method
Fastcgi-X-Cache-Version
DCR-Processing-Time-Ms
Apple-News-Services-Host
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
DCR-Decision-By
X-A
X-A-Ccd
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Connection-Hash
X-D
X-Destination
X-B-Cookie
X-ARC
X-A-Dcw
X-A-Dam
X-A-Dgt
X-A-Wwc
X-Aed
X-External-Request-Id
X-Application
X-Tumblr-Pixel-3
X-GEO
X-Via-CDN
X-IPS-LoggedIn
X-Cache-Config
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Fastly-Cache
X-Cms-Context
X-Variation
CDN-Cache
CDN-CachedAt
CDN-EdgeStorageId
X-CUA
X-DefElseHash
X-Varnish-Remaining-TTL
X-Fastcgi-Cache
Platform
X-Cache-Bucket
Is-Eu
X-Microcachable
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Cache-Debug
Adler-Geo
X-Micro-Cache
Gh-Request-Id
X-Clara-WADP
X-Platform-Server
X-Servername
X-Fmm-Version
X-DefHash
X-Core-Value
X-Envoy-Decorator-Operation
X-WADP-Cache
X-VG-TLSProxy
CloudFront-Viewer-Country
X-Ms-Version
X-Ms-Request-Id
X-Generation-Time
X-Auto-Login
Fastly-SWR
Fastly-SIE
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-DPWN-IS-SECURE
CDN-PullZone
CDN-RequestId
CDN-RequestCountryCode
X-Varnish-Beresp-Grace
X-B3-Spanid
CDN-Uid
X-Bc-Bl
X-Cache-Backend
Backend
X-B3-Traceid
X-UA
AKAMAI
Akamai-GRN
Fastly-Backend-Name
X-Policy
X-OVcl
X-Geo-Header
X-Old-Content-Length
Fastly-Drupal-HTML
X-Cache-Date
X-Owner
C-Via
CacheControlHeader
X-OVcl-Cache
X-Irp-Debug
X-Branch-Name
L
X-Bip
X-Gzip
X-Backend-State
X-SN
X-Dispatcher-Server
X-Is-Gdpr
X-Platform
Rt-Fastcgi-Cache
X-HS-Content-Campaign-Id
X-LI-UUID
X-Developers
X-Esi-Check
X-Webstats-RespID
X-Wikidot-Backend
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-Level-Front-Cache
X-Li-Fabric
X-JWT-State
X-Li-Pop
X-Wikidot-Static-Cache
X-Location
X-Fastly-Backend
X-Gamma-Serve
X-Skip-Cache
X-Thanos
X-Has-Esi
X-Cache-NGX
X-Request-Start
X-Cache-Id
X-Generated-On
X-Request-Host
X-Varnish-Ttl
X-Method
PFcat
X-VarnishDD-TTL
X-Varnish-Cacheable
X-HN
Origin
X-Clientip
NM-Fastcgi-Cache
X-Hash
X-Render-Time
X-Csrf-Jwt
X-Reqid
X-Core-Mission
X-PF-Uncompressing
X-Twitter-Response-Tags
X-CGP
X-Cache-Tags
Pagetype
L5d-Success-Class
HA-Ipaddr
Ha-Gx-Prefs
X-Transaction
X-Content-Age
X-Eu-Site
X-Mvc-Supplant-Cachable
X-Slack-Backend
X-EIG-Tracking-Id
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-CS
X-Minions-Version
X-Wa
X-Refresh
X-TA-CDN-Provider
X-Cache-Remote
X-DC
FSS-Proxy
X-Sql-Count
X-Sql-Duration-Ms
X-Amz-Meta-Cb-Modifiedtime
UCS
XServer
X-Aicache-OS
Country-Code
X-NODE
X-Accel-Expires-Debug
Surrogated-Key
X-Date
X-Ftr-Cache-Host
X-Hp-Webp
X-NGENIX-Cache
X-SRV
Hostname
X-Up
X-Req
X-Vgn-Hpd-Variations-Key
X-Via-Poph
X-Www-Served-By
X-RateLimit-Remaining
X-Vgn-Hpd-Cached
X-NU-AKA-ACS-Version
NGX
X-Edge-Location
X-Via-Popn
X-Presslabs-Stats
X-Cdn-Srv
Ufe-Result
X-Dc
X-Debug-Cache-Fetch
X-Cache-URL
X-Debug-Cache-Store
X-Servedbyhost
X-LI-Proto
Cache-Hits
X-LB-ID
Mail-Subject
Group
Memcached
X-Mvc-Supplant-OutputCached
We-Hiring
X-S-Maxage
Time
X-Check-Cacheable
X-Proxy-Upstream
X-Nginx-Cache
X-FPC
X-Ua-Device
X-Via-SSL
X-Via-Edge
Edge-Copy-Time
HostName
Protected
Now
X-CACHE-AGE
Geoip-Latitude
GeoIp-Country-Code
X-Svr
On-Server
ServedBy
X-Varnish-Hostname
X-BC
X-ZONE
X-Agile-Id
X-Agile-Age
X-Agile
X-Request-Time
X-Webkit-Csp
T-Server
X-CSRF-TOKEN
X-VCL-Version
X-FORWARDED-FOR
X-Cs
X-Dynatrace-Js-Agent
X-Pass-Why
M-TraceId
X-Acc-Rdl
X-Cluster-Node
X-NGINX-Cache
SID
X-UnsetCookies
X-LiteSpeed-Cache-Control
X-Datadome
N-Cache
X-MP-GENERATED-AT
X-Cdn-Forward
X-Uri
Server-Host
Pics-Label
X-Bc
X-Zone
WZWS-RAY
X-Varnish-Hits
X-CF-Powered-By
Magicmarker
Section-Io-Id
Arc-Country
Section-Io-Origin-Time-Seconds
X-VC
X-HS-Status
Section-Io-Origin-Status
Section-Origin-Responded
X-Erf-Stays-Bingo-Pdp-Web
X-APP
ProcessTime
X-SB
X-Via-Popv
X-Srv
Ohc-File-Size
Xserver
NtCoent-Length
X-We-Are-Hiring
X-Edge-Server
X-TT-LOGID
Cdn-Host
Cdn-Request-Time
Viewtype
VivaBuild
Apigw-Requestid
X-Info
DSUID
User-Agent
Ohc-Cache-HIT
Processtime
X-UA-Device-Type
X-Via-Ucdn
X-MSEdge-Flight
Memory
W
Cache-Name
X-Action
X-MSEdge-Features
X-RunCloud-Cache
Odigeo-Trace-Id
Cteonnt-Length
LB
Srv
User-Cache-Control
WWW-Authenticate
Sid
Tracecode
X-DI
X-Origin-Date
X-RSL
X-RPS
X-RPM
X-Oss-Cdn-Auth
CF-IPCountry
X-DB
X-DSS
X-DW
CountryCode
X-HOST
X-Newrelic-App-Data
Server-Info
S-Rt
CDN
X-Tb
Ssr
WebServer
X-Vgn-Hpd-Ssi
X-Dynatrace
X-HITS
X-Magnolia-Registration
X-Vcl-Version
Lfy
X-Pjax-Url
Amp-Access-Control-Allow-Source-Origin
Geo-Info
X-Cache-Hfrom
X-Unique-ID
X-Cache-Hm
X-Webkit-CSP-Report-Only
X-Geo
X-Hit
True-Client-Country-4JS
V-Age
Thinkindot-Control
Thinkindot-CacheControl
Vix-Hermes-Req-Id
Thinkindot-CacheControl-Type
X-API-Version
X-Block-Status
X-Cache-ASPX
X-BBXSRF
X-BBC-Edge-Cache-Status
SR-User-Adfree
Web-Mar-Node
Sever-Int
X-Scheme
CDCHOST
X-Cc-Via
X-Cc-Req-Id
D-Cc-Upstream
IsBot
Locid
Server-Hostname
Server-ID
Server-Ext
Path
MIME-Version
X-Cache-Expires
X-Cache-Info
X-SIPLIST1
X-SRCache-Key
X-Server-IP
X-SD-PageType
X-Response-By
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Varnish-Url
X-VServer
X-Varnish-Authentication
X-User
X-Thinkindot-L3
X-Request-URI
X-Origin-TTL
X-Hnp-Log
X-Loc
X-Gen-Mode
X-Gdpr
X-Developer
X-Matched-Rule
X-Nginx-Cache-Key
X-Origin-Expires
X-Origin-Time
X-Origin-CC
X-Nyt-Route
X-Node-Id
X-Contensis-Viewer-Groups
Instruction
X-Newrelic-Synthetics
A
X-Fastly-Country-Code
X-CACHE-KEY
X-Fetched-On
X-Generated-In
Pramga
X-Azure-Ref-OriginShield
Release
X-GeoIP-City
X-Device-Os
X-Akamai-Request-ID2
X-Swa-Ws
X-Trace-Id
X-Traceid
X-Var-Ttl
X-Sn-Servicetimems
X-FC-Vary-Parameters
Cache-Host
Lb
X-NodeID
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Cdn-Origin
GeoIP-Country-Code
GeoIP-Latitude
X-Oracle-Dms-Rid
X-Provided-By
X-Epic-Correlation-Id
X-Nc
Cdn
X-Via-NSCOPI
X-Envoy-Upstream-Healthchecked-Cluster
X-Lb-Id
X-Fpc
X-Cache-Tag
X-ServedByHost
Accept-Language
Cf-Device-Type
X-Li-Proto
X-Men
FNAC-ModuleRouting
Source
X-Fastly-Request-Id
Cache-Key
X-Sigma
X-Akamai-Pragma-Client-IP
X-Sigma-Backend
X-StackifyID
X-SERVER-NAME
X-Amzn-Remapped-Date
X-TH-Server
Esi-Enabled
X-Via-PopN
X-Served-From
Server-Ttl
Kp-EeAlive
X-Rocket-Build-Number
X-Via-PopH
X-Via-PopV
X-Amzn-Remapped-Connection
X-Browser-Type
X-Origin-Response-Time
Actual-Object-TTL
X-ORACLE-APMCS-REQUEST-ID
X-Key
Expiry
Content-Script-Type
X-Parent-Response-Time
Cache-Provider
X-Instart-Request-ID
Content-Style-Type
X-No-Cache
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-WA
Req-Svc-Chain
X-Request-URL
Url
X-VC-Cache
X-Mobile-Rewrite
X-Agile-Brick-Ok
X-ServiceProvider
X-B3-SpanId
X-Batcache
X-ElasticPress-Query
X-Tt-Logid
X-Vgn-Hpd-Reason
X-MiniProfiler-Ids
X-Yottaa-OS
X-Vcache
Tcn
X-B3-Parentspanid
X-Apw-Access-Token
X-Apw-Access-Object
X-BBC-Origin-Response-Status
X-HostName
X-Apw-Access-Action
X-RateLimit-Limit
X-Apw-Hits
X-Akamai-Request-ID
X-Proxy-Cachei7
Xkeyi7
URI
EpKe-Alive
Location
Content-Secure-Policy
Origin-Cache-Control
Inserted-Into-Cache-At
Proxy-Firewall
Who
X-PJAX-URL
X-Dispatch
X-Varnish-Beresp-TTL
Origin-Edge-Control
X-Instart-Info
X-Selected-Host-Header
X-Selected-Name
X-Geo-Region
X-Selected-Scheme
X-Dw-Trace-Id
Xet-Cookie
BehaviorPad-Version
X-TraceId
X-ND-Cache
DataCenter
PICS-Label
HitType
Pragrma
X-C
Powered-By
Cf-Alt-Svc
Resin-Trace
Mime-Version
NnCoection
X-Snapshot-Date
X-RAMCache
Vha6-Origin