Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
Age
CF-RAY
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-Served-By
CF-Ray
X-Xss-Protection
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Request-ID
X-Generator
P3p
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
Upgrade
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Template
X-Language
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Backend
X-Dns-Prefetch-Control
X-Hacker
X-Cache-Group
X-AH-Environment
X-Robots-Tag
X-Server
X-Amz-Request-Id
X-UA-Device
EagleId
X-Amz-Id-2
X-Proxy-Cache
X-Buckets
X-Turbo-Charged-By
Request-Context
X-Server-Powered-By
Server-Timing
Host-Header
X-Nginx-Cache-Status
Grace
Report-To
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Cf-Railgun
Ali-Swift-Global-Savetime
Cf-Bgj
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Vhost
X-Amz-Version-Id
X-Host
X-WebKit-CSP
NEL
X-Dispatcher
X-Device
X-Backend-Server
X-Node
Surrogate-Control
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Response-Time
Content-Location
X-Origin-Cache
Request-Id
X-Akam-SW-Version
X-ASPNET-VERSION
X-Ac
X-Server-Id
X-Country
EagleEye-TraceId
Accept-CH-Lifetime
X-HW
X-Mod-Pagespeed
Rating
X-Readtime
Accept-CH
X-ORACLE-DMS-ECID
X-Cloud-Trace-Context
X-Application-Context
Pinterest-Generated-By
X-ORACLE-DMS-RID
Edge-Control
X-Country-Code
X-DataDome
X-Url
X-PC
X-Vname
X-TtlSet
X-Varnish-TTL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Origin-Upstream-Status
X-Cnection
Allow
Fusion-Content-Id
Fusion-Component-Id
X-MS-InvokeApp
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Source
Fusion-Template-Id
X-D2id
X-GitHub-Request-Id
X-Content-Type
X-ESI
X-Clacks-Overhead
X-Server-Name
X-Abt-Application-Version
X-Trace
X-Navigation-Version
Pinterest-Version
X-Pinterest-Rid
X-FTR-Request-ID
Response
Pagespeed
X-Sol
Display
X-Vcap-Request-Id
X-Middleton-Response
X-Middleton-Display
X-Px
X-B3-TraceId
Verso
X-Cached
X-Rack-Cache
X-Webkit-CSP
Accept-Ch
X-Element-Page-Cache
X-Fastly-Request-ID
Service-Worker-Allowed
X-DynaTrace
X-Server-ID
X-Client-IP
MS-Author-Via
X-Cache-TTL
Arr-Disable-Session-Affinity
X-Powered-By-Plesk
X-Dw-Request-Base-Id
X-Upstream
Content-MD5
X-Version
AR-ATIME
X-Forwarded-Proto
AR-Request-ID
AR-CACHE
AR-PoweredBy
Ar-Sid
SPRequestGuid
X-SharePointHealthScore
X-NF-Request-ID
X-T
Fastly-Restarts
X-Debug
X-Ttl
X-VARITI-CCR
X-GoogleNews-Bot
X-Kinja
X-Use-Magma
X-Exp-Variant
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Exp-Id
X-Cdn-Fetch
X-Jurisdiction
X-XRDS-Location
X-Goog-Hash
Access-Control-Request-Method
X-TTL
TP-L2-Cache
X-Powered-CMS
TP-Cache
X-FastCGI-Cache
X-MSEdge-Ref
X-Content-Digest
X-Release
Accept-Ch-Lifetime
X-Edge
X-NWS-LOG-UUID
SPRequestDuration
SPIisLatency
TCN
S
X-CST
RTSS
X-Amz-Rid
X-Pinterest-Direct
Cache-Tag
X-PressLabs-Stats
X-Request-Received
X-Request-Processing-Time
Fastcgi-Cache
Public-Key-Pins
X-Ezoic-Cdn
X-Yandex-Sdch-Disable
X-Node-Name
X-Mid
Server-Node
X-MCACHE
X-Cache-Key
X-Accel-Expires
X-Amzn-Trace-Id
Front-End-Https
X-Logged-In
X-Cache-Hit
ServerID
X-Ser
X-Request-Handler-Origin-Region
X-Microsite
X-Ratelimit-Remaining
X-Recruiting
X-Kinsta-Cache
X-Origin-Server
X-Page-Id
Alternate-Protocol
Accept-Charset
Host
X-B
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ratelimit-Limit
X-Mobile-URL
X-Hostname
X-Varnish-Age
X-ECACHE
X-FireWall-Port
Nginx-Cache
X-Content-Security-Policy-Report-Only
Filterid
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Balancer
X-FTR-Backend-Server
X-DIS-Request-ID
X-Forwarded-For
X-FTR-Realm
X-Country-Code-Real
X-Shield-Request-Id
X-FTR-Expires
X-Mg-S
X-Seen-By
X-Load-Cache
X-Content-Options
Realpath
X-Grace
Edge-Cache-Tag
X-Daa-Tunnel
X-Jobs
X-Id
X-Amz-Server-Side-Encryption
Akamai-Age-Ms
X-F-Cache
X-Git-Hash
X-LB-Cache
X-AppVersion
X-Activity-Id
X-Hits
X-N
X-Type
X-Varnish-Backend
X-App-Environment
X-Az
Paypal-Debug-Id
X-Varnish-Grace
X-Request-Guid
X-Rid
X-HP-Webp
Fastcgi-Useragent
X-Proxy
X-Zen-Fury
MicrosoftSharePointTeamServices
DynaTrace
X-FB-Debug
Access-Control-Allow-Method
Cache-Tags
X-Upgrade-Enabled
Cleartype
X-App-Server
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-WebKit-CSP-Report-Only
X-Geo-Country
DC
X-Cached-By
Content-Disposition
X-Akamai-Edgescape
X-Content-Powered-By
X-Cache-Operation
X-Cache-Rule
AMP-Access-Control-Allow-Source-Origin
X-Correlation-ID
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Amz-Meta-S3cmd-Attrs
X-TEC-API-ORIGIN
X-Host-Name
X-Wix-Request-Id
X-User-Agent
X-IPLB-Instance
X-Accel-Buffering
Powered-By-ChinaCache
X-B3-Sampled
X-Response-Served-From
X-Original-Request-Id
Healthy
X-HS-Content-Id
X-HS-Cache-Config
X-HTML-Minification-Powered-By
X-HS-Hub-Id
X-Endurance-Cache-Level
X-Cache-Age
X-HS-Combine-CSS
NGB
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Metageneration
X-B-Cache
X-AOL-HN
X-Goog-Stored-Content-Encoding
X-VCache
X-Signature
X-Goog-Generation
X-Cacheable-TTL
X-Distributor
X-Respond-Thread
Payment
X-Tec-Api-Origin
X-Region
X-UUID
X-Tec-Api-Root
MS-CV
X-Rendered-As
X-Tec-Api-Version
X-Is-Bot
X-Debug-Info
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Serve
X-Whom
X-FW-Dynamic
X-FW-Hash
X-Cache-Time
Refresh
X-Rule
Datacenter
X-Instance
X-Tumblr-Pixel-0
X-Mobile
X-Tumblr-Pixel
X-Tumblr-Pixel-2
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Tumblr-User
X-Frontend
X-Tumblr-Pixel-1
Countrycode
X-Ua
X-XRDS-LOCATION
X-App-Version
PB-PID
Arc-Version
PB-RID
X-Fastcgi-Cache
Surrogate-Key
X-Varnish-Server
S-Cnection
X-Oneagent-Js-Injection
X-Protected-By
X-Acc-Debug-Context
X-PHP-Backend
X-Backend-Name
X-Via-JSL
X-Cache-Server
Viewport
X-Azure-Ref
Liferay-Portal
X-NewRelic-App-Data
X-Hyper-Cache
X-Cache-Expired-At
Powered
X-Litespeed-Cache
X-Hp-Webp
Filters
X-WA-Info
X-Proxy-Cache-Status
Charset
Retry-After
Referer-Policy
X-Cache-Control
X-Sucuri-ID
Section-Io-Cache
X-DynaTrace-JS-Agent
X-Amz-Replication-Status
X-EdgeConnect-Cache-Status
X-Source
X-Cache-Action
X-FB-TRIP-ID
Cache
X-FTR-Cache-Host
X-ProcessESI
X-RemovedCookies
X-RN-RSRV
X-ES-SERVER
X-Real-IP
X-Mode
X-Cache-Var
Meta-Geo
X-GeoIP
X-Cache-Var-Map
Eomportal-Instance
X-Debug-Cache
X-Site-Version
X-Framework
X-R9-Blue-Green-Version
X-Qloud-Router
X-From
X-Device-Type
X-Locale
X-Time
Version
X-AWS-Id
X-Cache-Host
X-L-Path
Mn-Server-Ip
X-Xfnlog-Site
X-BYPASS-REASON
X-ProxyCache-Key
X-Server-W
X-Human
X-LJ-Flow-ID
X-Via-Fastly
X-Time-Microsecs
X-Yottaa-Metrics
X-Environment-Context
X-VWS-Id
X-Yottaa-Optimizations
X-ProxyCache-Status
Cross-Origin-Window-Policy
X-RTag
Ec-Rule-Version
TWC-GeoIP-Country
Uber-Trace-Id
Webcakes-App-Name
Ms-Operation-Id
Webcakes-App-Version
Webcakes-Region
TWC-Privacy
TWC-Locale-Group
Selected-Fe
Property-Id
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-LatLong
X-Revision
X-OCL
X-Cache-TTL-Remaining
X-Loop
X-Ratelimit-Reset
X-Hl-Ver
X-Origin-Hint
X-PCL
X-Proxy-Build
X-Routing-Service
X-Proxied
X-Handled-By
FSS-Cache
Cache-Tv-Group
X-FW-Version
X-Timing-Wait
X-TNCMS
X-CSRF-Token
X-Cluster
X-Zipkin-Id
GEO-INFO
X-SaId
X-Status
X-Labrador-Cache-Channel
X-ServerID
DB-Nickname
X-Generated-By
X-Hosted-By
X-PHP-Host
X-Redis-Cache
Frame-Options
X-JoinUs
X-NYM-Debug-Backend
X-BCube-Filmed-By
X-Be
X-Detected-As
X-Air-Hostname
X-Amzn-Remapped-Content-Length
Webserver
X-Proto
X-Format
X-Section
X-Access
X-Unique-Id
Nel
X-No-Session
X-Cache-PHP
X-ATG-Version
X-Sucuri-Cache
X-Correlation-Id
From-Origin
X-Drupal-Cache-Contexts
X-Varnish-Cache-Hits
X-NWS-UUID-VERIFY
Server-Name
X-Contextid
X-TA-CDN-Provider
X-Drupal-Cache-Tags
X-NCache
X-CDN-Forward
X-Origin
X-EIG-Tracking-Id
OT-Force-Account-Verify
CF-Cached-On
X-AIR-PT
X-EC-Lua
X-IPS-LoggedIn
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Akamai-Transformed
X-Tt-Trace-Tag
X-GoCache-CacheStatus
X-Oss-Server-Time
X-Tt-Trace-Host
X-Oss-Storage-Class
X-Adobe-Loc
X-Adobe-Content
X-Bc-Bl
X-Cache-Enabled
X-IP
X-TIME
X-NC
X-TT
X-Backend-Host
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-ECache
Azure-RegionName
Azure-InstanceId
Azure-SiteName
X-UA
X-Cache-Backend
Azure-SlotName
X-Ruxit-Js-Agent
Azure-Version
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Tumblr-Pixel-3
X-Cdn
X-URL
X-CCM
SD-X-WS
X-Adobe-Source
Access-Control-Request-Headers
X-Cache-2
X-CACHE-AGE
Time
X-APP-VERSION
Node
X-A-Wwc
X-A-Ccd
X-A-Dgt
X-A-Dcw
X-A-Dam
X-A
Surrogated-Key
Rendered-Blocks
DCR-Decision-By
X-ShopId
X-ShardId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Soup
X-Sorting-Hat-ShopId
X-Pubstack
X-PERF
X-ApacheServer
X-Alternate-Cache-Key
X-Backend-TTL
X-Cache-Grace
X-Forwarded-Host
X-Storefront-Renderer-Rendered
X-Varnishpool
Host-ID
Fastcgi-X-Cache-Version
Machine
MD5-Digest
Meta-Geo-Continent
DCR-Processing-Time-Ms
X-Accel-Expires-Debug
Apple-News-Services-Host
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
CloudFront-Viewer-Country
Mobile-Detection-Method
X-B-Cookie
X-Vdms-Path
X-ScT
X-Up
X-Request-UUID
X-G
X-Vdms-Version
X-Rewrite-Enabled
X-External-Request-Id
X-Twitter-Response-Tags
X-Minions-Version
X-Processor
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-RCS-CacheZone
X-Transaction
X-Trv-Group
X-Ms-Request-Id
X-Ms-Version
X-Aed
X-Rojux
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Connection-Hash
X-Cache-NE
X-Worker
X-Application
X-ARC
Xc-Version
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
Now
X-D
X-Date
X-S
X-VG-WebCache
X-S-Cookie
X-Destination
X-VG-WebServer
X-Web-Node
X-Viewer-Country
X-SayCDN-TTL
X-Say-Cacheable
X-Say-TTL
X-VG-TLSProxy
X-Cluster-Name
X-Cache-Config
Adler-Geo
X-Variation
X-Skip-Cache
X-Storage
X-SN
X-Thanos
X-Servername
X-Owner
Ufe-Result
We-Hiring
X-Dispatcher-Server
X-Edge-Location
Platform
X-Envoy-Decorator-Operation
Wxu-Next-Commit
Wxu-Next-Hostname
X-Cache-Bucket
X-Bip
X-Core-Value
X-CUA
Wxu-Next-Region
X-Generation-Time
X-Hash
Fastly-SWR
X-OVcl-Cache
Fastly-SIE
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
Is-Eu
X-OVcl
X-Method
NM-Fastcgi-Cache
X-Microcachable
Mail-Subject
X-NGENIX-Cache
X-Req
X-DPWN-IS-SECURE
X-Varnish-Ttl
CACHE
Fastly-SSL
Cache-Status
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Micro-Cache
X-WADP-Cache
X-Webstats-RespID
Country-Code
X-Cache-NGX
X-Cache-Tags
X-Cache-Date
CDN-Uid
X-Backend-State
Rt-Fastcgi-Cache
Origin
HA-Ipaddr
Ha-Gx-Prefs
Fastly-Drupal-HTML
Group
L
L5d-Success-Class
PFcat
Gh-Request-Id
X-CGP
X-Ah-Environment
X-Core-Mission
X-Reqid
X-Request-Host
X-Render-Time
X-Clara-WADP
X-Proxy-Upstream
X-Request-Start
X-Slack-Backend
X-VarnishDD-TTL
X-Varnish-Cacheable
X-TX-ID
Upgrade-Insecure-Requests
X-Policy
X-Platform
X-Eu-Site
X-Fastly-Backend
X-Csrf-Jwt
CDN-RequestId
X-Cms-Context
X-Gamma-Serve
X-Generated-On
X-Fastly-Cache
X-Fmm-Version
X-Level-Front-Cache
X-HN
X-Clientip
X-Auto-Login
Decoy-Debug-Status
Decoy-Debug-TTL
CDN-CachedAt
CDN-EdgeStorageId
Decoy-Debug-Key
CDN-Cache
AKAMAI
Country
C-Via
CDN-RequestCountryCode
CacheControlHeader
CDN-PullZone
Backend
X-HS-Content-Campaign-Id
X-Wikidot-Backend
X-Cache-Id
X-Developers
X-Wikidot-Static-Cache
X-Gzip
X-Cache-URL
UCS
X-Is-Gdpr
Akamai-GRN
X-RateLimit-Remaining
X-Amz-Meta-Cb-Modifiedtime
Pagetype
X-Location
X-LI-UUID
X-Li-Pop
X-Esi
Memcached
X-Irp-Debug
X-JWT-State
X-Li-Fabric
X-Content-Age
X-Esi-Check
X-Has-Esi
X-Geo-Header
X-Platform-Server
X-LAGOON
X-Cdn-Srv
FSS-Proxy
Fastly-Backend-Name
X-Agile
X-Varnish-Remaining-TTL
X-Providence-Cookie
X-Agile-Age
X-Agile-Id
X-Wa
X-Old-Content-Length
X-Route-Name
X-DefElseHash
X-UPSTREAM-Address
X-Is-Crawler
X-Flags
X-DefHash
X-Aspnet-Duration-Ms
X-Mvc-Supplant-Cachable
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-PF-Uncompressing
HostName
X-NODE
X-CS
X-Refresh
X-Aicache-OS
X-Instart-Request-ID
X-Dc
X-ZONE
X-BC
X-Cache-Debug
X-Session-Fingerprint
X-LB-ID
X-Branch-Name
M-TraceId
X-Via-Poph
X-Via-Popn
X-Cdn-Forward
X-Mvc-Supplant-OutputCached
X-B3-Spanid
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Servedbyhost
NGX
X-Ua-Device
Arc-Country
VivaBuild
Viewtype
X-Edge-Server
X-Page-View
X-LI-Proto
Cdn-Request-Time
Cdn-Host
X-SERVER
X-DC
X-Via-Ucdn
X-GEO
X-RunCloud-Cache
X-Request-Time
X-Bc
Srv
X-Zone
X-Varnish-Hostname
X-Ftr-Cache-Host
SRV
X-Srv
Hostname
X-Nginx-Cache
X-Cs
X-HS-Status
X-ORACLE-APMCS-REQUEST-ID
X-FPC
Actual-Object-TTL
X-APP
X-Action
Xserver
X-NGINX-Cache
X-Vgn-Hpd-Ssi
X-Check-Cacheable
Memory
X-Pinterest-Sli-Endpoint-Name
X-Pinterest-Sli-Response-Type
X-LiteSpeed-Cache-Control
X-Pinterest-Sli-Latency-Threshold
X-NU-AKA-ACS-Version
X-DSS
X-DB
WWW-Authenticate
X-DI
X-Via-CDN
X-B3-Traceid
X-RSL
X-DW
X-RPS
X-VCL-Version
X-RPM
Geo-Info
X-Unique-ID
X-Datadome
XServer
X-Oss-Cdn-Auth
X-Sql-Duration-Ms
X-MP-GENERATED-AT
Geoip-Latitude
X-CSRF-TOKEN
GeoIp-Country-Code
Sid
X-Sql-Count
X-UnsetCookies
X-Cluster-Node
X-Vcache
X-Geo
X-CF-Powered-By
X-Via-SSL
X-Dynatrace-Js-Agent
Edge-Copy-Time
Processtime
X-Via-Edge
X-Akamai-Request-ID2
X-Via-Popv
X-Hit
User-Agent
WebServer
W
ProcessTime
X-Epic-Correlation-Id
Apigw-Requestid
X-Svr
X-SERVER-NAME
GeoIP-Latitude
X-We-Are-Hiring
GeoIP-Country-Code
On-Server
Server-Info
SID
NtCoent-Length
X-Www-Served-By
X-Webkit-CSP-Report-Only
X-FORWARDED-FOR
X-S-Maxage
Cache-Hits
ServedBy
X-Cache-Remote
Ohc-File-Size
X-FC-Vary-Parameters
X-HOST
LB
X-Mobile-Rewrite
X-Nc
X-Envoy-Upstream-Healthchecked-Cluster
S-Rt
T-Server
X-Presslabs-Stats
X-SRV
X-Dynatrace
X-Fpc
Amp-Access-Control-Allow-Source-Origin
X-HITS
Esi-Enabled
X-Pass-Why
X-Vcl-Version
X-Pjax-Url
X-Fastly-Country-Code
N-Cache
X-Cache-Hm
X-MSEdge-Features
Accept-Language
X-MSEdge-Flight
X-Tb
X-Cache-Hfrom
CF-IPCountry
Origin-Edge-Control
A
CDN
Origin-Cache-Control
Pics-Label
X-Key
Magicmarker
Cteonnt-Length
Cdn
Server-Host
Lb
X-COUNTRY
X-CACHE-KEY
X-Varnish-Hits
Proxy-Firewall
X-LLID
X-SB
X-VC
WZWS-RAY
X-Oracle-Dms-Rid
X-Dispatch
Ohc-Cache-HIT
X-Geo-Region
Powered-By
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
Protected
X-Instart-Info
X-Info
X-Li-Proto
X-Via-NSCOPI
X-StackifyID
HitType
X-Newrelic-App-Data
Server-Ttl
X-RAMCache
X-ServedByHost
X-B3-SpanId
X-Uri
X-Lb-Id
User-Cache-Control
X-Generated
X-Akamai-Pragma-Client-IP
Cache-Key
X-TT-LOGID
X-Newrelic-Synthetics
X-Via-PopH
BehaviorPad-Version
X-Via-PopN
Fastcgi-Cache-TTL
X-Served-From
X-TH-Server
X-Via-PopV
X-Cache-Tag
Tracecode
X-App
Ssr
Cache-Provider
X-Erf-Bev-Bev
X-TrackingId
X-Erf-Bev-Bev-Is-Generated
X-ID
X-LiteSpeed-Tag
Odigeo-Trace-Id
DSUID
X-Provided-By
X-WA
X-Path-Route
Dnion-Transfer-Encoding
X-Agile-Brick-Ok
X-UA-Device-Type
Section-Io-Id
X-Cc-Req-Id
X-Cc-Via
X-Men
X-Scheme
Lfy
D-Cc-Upstream
Section-Io-Origin-Status
X-Tt-Logid
Section-Origin-Responded
X-Erf-Stays-Bingo-Pdp-Web
Cache-Name
X-Planisys-CDN-TTL
X-Batcache
X-Magnolia-Registration
X-Planisys-CDN-Rules
Section-Io-Origin-Time-Seconds
Xet-Cookie
X-Planisys-CDN-Cache
Tcn
X-Gen-Mode
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated-In
X-Hnp-Log
X-GeoIP-City
X-VServer
X-Varnish-Url
X-Nginx-Cache-Key
X-VC-Cache
X-Gdpr
X-Matched-Rule
X-Loc
X-Developer
X-BBXSRF
X-Block-Status
X-BBC-Edge-Cache-Status
X-Azure-Ref-OriginShield
Web-Mar-Node
X-API-Version
X-Cache-ASPX
X-Cache-Expires
X-Device-Os
X-ElasticPress-Query
X-Node-Id
X-Contensis-Viewer-Groups
X-Cache-Info
X-Cdn-Origin
X-Fetched-On
X-Nyt-Route
X-Request-URI
X-Response-By
X-RateLimit-Remaining-Second
X-SRCache-Key
X-Parent-Response-Time
X-RateLimit-Limit-Second
X-Rocket-Build-Number
X-SD-PageType
X-Sigma-Backend
X-Sn-Servicetimems
X-Sigma
X-ServiceProvider
X-Server-IP
X-SVT-ORM-RULES
Vix-Hermes-Req-Id
X-Origin-CC
X-Origin-Date
X-User
X-SIPLIST1
X-Var-Ttl
X-NodeID
X-Origin-Expires
X-Origin-Time
X-Swa-Ws
X-SVT-ORM-VERSION
X-Thinkindot-L3
X-Trace-Id
X-Origin-TTL
X-Varnish-Authentication
Path
Cache-Host
X-Cache-Spec
CDCHOST
FNAC-ModuleRouting
Kp-EeAlive
Instruction
Cf-Alt-Svc
X-PJAX-URL
Who
V-Age
Inserted-Into-Cache-At
X-Pf-Uncompressing
X-Varnish-Beresp-TTL
Locid
IsBot
SR-User-Adfree
Sever-Int
MIME-Version
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
True-Client-Country-4JS
Thinkindot-Control
Server-Hostname
X-HostName
X-RateLimit-Limit
Pramga
Release
Server-Ext
X-Yottaa-OS
X-Selected-Host-Header
X-Selected-Scheme
X-Acc-Rdl
X-Selected-Name
CountryCode
X-C
Req-Svc-Chain
Server-Id
X-BBC-Origin-Response-Status
X-TraceId
X-Tid
X-MiniProfiler-Ids
Mime-Version
X-Proxy-Cachei7
Vha6-Origin
X-Traceid
X-Apw-Access-Action
Source
X-Request-URL
X-Apw-Hits
X-Snapshot-Date
X-Dw-Trace-Id
Server-ID
Resin-Trace
X-Apw-Access-Token
X-Apw-Access-Object
Pragrma
X-Origin-Response-Time
Content-Style-Type
Content-Script-Type
X-Vgn-Hpd-Reason
PICS-Label
X-Pad