Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
Age
CF-RAY
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-Served-By
CF-Ray
X-Xss-Protection
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Request-ID
X-Generator
P3p
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
Upgrade
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Template
X-Language
Keep-Alive
X-Via
X-Ws-Request-Id
X-Dns-Prefetch-Control
Feature-Policy
X-Age
X-Backend
X-Hacker
X-Cache-Group
X-AH-Environment
X-Server
X-Robots-Tag
X-Amz-Request-Id
X-UA-Device
EagleId
X-Amz-Id-2
X-Proxy-Cache
X-Buckets
X-Turbo-Charged-By
Request-Context
X-Server-Powered-By
Server-Timing
Host-Header
X-Nginx-Cache-Status
Grace
Report-To
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Cf-Bgj
Ali-Swift-Global-Savetime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Vhost
X-Amz-Version-Id
X-Host
X-WebKit-CSP
NEL
X-Dispatcher
X-Device
X-Backend-Server
X-Node
Surrogate-Control
X-Ruxit-JS-Agent
X-Cache-Lookup
X-Response-Time
Content-Location
X-Origin-Cache
Request-Id
X-Server-Id
X-Akam-SW-Version
X-ASPNET-VERSION
X-Ac
Accept-CH-Lifetime
X-Country
EagleEye-TraceId
Accept-CH
X-HW
X-Mod-Pagespeed
Rating
X-Readtime
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Cloud-Trace-Context
X-Application-Context
Pinterest-Generated-By
Edge-Control
X-Country-Code
X-DataDome
X-TtlSet
X-PC
X-Vname
X-Url
X-EdgeConnect-Origin-MEX-Latency
X-Varnish-TTL
X-EdgeConnect-MidMile-RTT
X-Origin-Upstream-Status
X-Cnection
Allow
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Source
X-MS-InvokeApp
Fusion-Source
Fusion-Deployment-Id
X-D2id
X-GitHub-Request-Id
X-Content-Type
X-ESI
X-Clacks-Overhead
X-Server-Name
X-Abt-Application-Version
X-Navigation-Version
X-Trace
Pinterest-Version
X-Pinterest-Rid
X-FTR-Request-ID
Display
X-Sol
X-Middleton-Display
X-Middleton-Response
Response
X-Vcap-Request-Id
Pagespeed
X-B3-TraceId
X-Px
Verso
X-Cached
X-Rack-Cache
X-DynaTrace
X-Webkit-CSP
X-Element-Page-Cache
X-Fastly-Request-ID
Service-Worker-Allowed
MS-Author-Via
X-Client-IP
X-Cache-TTL
Arr-Disable-Session-Affinity
X-Powered-By-Plesk
X-Dw-Request-Base-Id
X-Upstream
Content-MD5
X-Version
X-Forwarded-Proto
AR-PoweredBy
AR-ATIME
AR-CACHE
AR-Request-ID
X-TTL
X-NF-Request-ID
Ar-Sid
SPRequestGuid
X-SharePointHealthScore
Accept-Ch
X-T
Fastly-Restarts
X-Debug
X-VARITI-CCR
X-Server-ID
X-GoogleNews-Bot
X-Kinja
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-Kinja-Server
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
X-Jurisdiction
X-XRDS-Location
X-Goog-Hash
Access-Control-Request-Method
TP-L2-Cache
TP-Cache
X-Powered-CMS
X-FastCGI-Cache
X-MSEdge-Ref
X-Content-Digest
X-Ttl
X-Release
X-Edge
X-NWS-LOG-UUID
SPIisLatency
TCN
S
SPRequestDuration
RTSS
X-Amz-Rid
X-CST
X-Pinterest-Direct
X-PressLabs-Stats
Cache-Tag
X-Request-Received
X-Request-Processing-Time
Fastcgi-Cache
Public-Key-Pins
X-Yandex-Sdch-Disable
X-Node-Name
X-Ezoic-Cdn
X-Cache-Key
Server-Node
X-Mid
X-MCACHE
X-Accel-Expires
Accept-Ch-Lifetime
X-Amzn-Trace-Id
Front-End-Https
X-Logged-In
X-Cache-Hit
X-Ratelimit-Remaining
ServerID
X-Ser
X-Request-Handler-Origin-Region
X-Microsite
X-Recruiting
X-Kinsta-Cache
X-Origin-Server
X-Page-Id
Alternate-Protocol
Accept-Charset
Host
X-B
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ratelimit-Limit
X-Mobile-URL
X-Hostname
X-Varnish-Age
Nginx-Cache
X-Content-Security-Policy-Report-Only
X-FireWall-Port
X-ECACHE
X-Country-Code-Real
X-Forwarded-For
X-FTR-Backend
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Realm
X-DIS-Request-ID
Filterid
X-FTR-Expires
X-Shield-Request-Id
X-Mg-S
X-Seen-By
Realpath
X-Load-Cache
X-Grace
X-Content-Options
Edge-Cache-Tag
X-Daa-Tunnel
X-Jobs
X-Id
X-Amz-Server-Side-Encryption
Akamai-Age-Ms
X-F-Cache
X-Git-Hash
X-LB-Cache
X-N
X-Hits
X-Az
X-Activity-Id
X-Type
X-AppVersion
X-Varnish-Backend
X-App-Environment
X-Request-Guid
Paypal-Debug-Id
X-Varnish-Grace
X-Rid
X-HP-Webp
Fastcgi-Useragent
X-Zen-Fury
X-Proxy
MicrosoftSharePointTeamServices
DynaTrace
X-FB-Debug
Access-Control-Allow-Method
Cache-Tags
X-Correlation-ID
X-Upgrade-Enabled
Cleartype
X-App-Server
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-WebKit-CSP-Report-Only
DC
X-Akamai-Edgescape
X-Geo-Country
Content-Disposition
X-Cached-By
X-Content-Powered-By
X-Cache-Operation
X-Cache-Rule
AMP-Access-Control-Allow-Source-Origin
X-Wix-Request-Id
X-Host-Name
X-Amz-Meta-S3cmd-Attrs
X-User-Agent
X-IPLB-Instance
X-Original-Request-Id
X-B3-Sampled
X-Response-Served-From
X-Accel-Buffering
X-HTML-Minification-Powered-By
X-HS-Hub-Id
Healthy
X-HS-Cache-Config
X-Cache-Age
X-Endurance-Cache-Level
X-HS-Content-Id
Powered-By-ChinaCache
X-Signature
NGB
X-B-Cache
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-VCache
X-HS-Combine-CSS
X-AOL-HN
X-Region
X-Whom
MS-CV
Payment
X-Distributor
X-Respond-Thread
X-Is-Bot
X-Cacheable-TTL
X-UUID
X-Rendered-As
X-Debug-Info
X-Cache-Time
Refresh
X-FW-Type
X-FW-Hash
X-FW-Dynamic
X-FW-Server
X-FW-Serve
X-FW-Static
X-Instance
X-Rule
Datacenter
X-Mobile
X-Amz-Apigw-Id
X-Tumblr-Pixel-2
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Amzn-RequestId
X-Tumblr-Pixel
X-Frontend
X-Ua
X-XRDS-LOCATION
X-App-Version
PB-PID
PB-RID
Countrycode
Arc-Version
Surrogate-Key
X-Fastcgi-Cache
X-Tec-Api-Root
S-Cnection
X-Oneagent-Js-Injection
X-Tec-Api-Version
X-Tec-Api-Origin
X-Varnish-Server
X-Protected-By
X-PHP-Backend
X-Backend-Name
X-Acc-Debug-Context
X-Via-JSL
X-Cache-Server
Viewport
X-Azure-Ref
X-Hyper-Cache
X-Litespeed-Cache
Liferay-Portal
X-Cache-Expired-At
Powered
X-NewRelic-App-Data
X-Hp-Webp
Filters
X-Proxy-Cache-Status
Charset
Retry-After
X-WA-Info
Referer-Policy
X-Cache-Control
X-Sucuri-ID
Section-Io-Cache
X-DynaTrace-JS-Agent
X-Amz-Replication-Status
X-Source
X-EdgeConnect-Cache-Status
Cache
X-ProcessESI
X-RemovedCookies
X-FTR-Cache-Host
X-Cache-Action
X-FB-TRIP-ID
X-RN-RSRV
Eomportal-Instance
X-Cache-Var-Map
Meta-Geo
X-Debug-Cache
X-ES-SERVER
X-GeoIP
X-Cache-Var
X-Mode
X-Time
X-Locale
X-Qloud-Router
X-Framework
X-Real-IP
X-R9-Blue-Green-Version
X-From
X-Site-Version
X-Device-Type
X-AWS-Id
X-ProxyCache-Key
X-BYPASS-REASON
X-ProxyCache-Status
X-Human
X-LJ-Flow-ID
X-Server-W
Mn-Server-Ip
Version
X-Yottaa-Optimizations
X-Xfnlog-Site
X-Time-Microsecs
X-VWS-Id
X-Yottaa-Metrics
X-Cache-Host
X-Via-Fastly
X-L-Path
X-Environment-Context
Cache-Tv-Group
Webcakes-App-Version
Webcakes-Region
X-RTag
X-Revision
Webcakes-App-Name
Ec-Rule-Version
Ms-Operation-Id
X-Proxy-Build
TWC-Privacy
TWC-GeoIP-Country
TWC-Locale-Group
Uber-Trace-Id
TWC-Device-Class
TWC-GeoIP-LatLong
Property-Id
Selected-Fe
TWC-Connection-Speed
Cross-Origin-Window-Policy
X-Loop
X-Routing-Service
X-Cache-TTL-Remaining
X-FW-Version
X-Hl-Ver
X-Zipkin-Id
GEO-INFO
X-Handled-By
FSS-Cache
X-Cluster
X-OCL
X-CSRF-Token
X-Proxied
X-PCL
X-Origin-Hint
X-Timing-Wait
X-TNCMS
DB-Nickname
X-SaId
Webserver
X-JoinUs
X-Detected-As
X-Proto
X-ServerID
X-Amzn-Remapped-Content-Length
X-Status
X-Be
X-Redis-Cache
X-NYM-Debug-Backend
Frame-Options
X-BCube-Filmed-By
X-Generated-By
X-PHP-Host
X-Hosted-By
X-Labrador-Cache-Channel
X-Section
X-Ratelimit-Reset
X-Air-Hostname
X-Access
X-Format
X-Unique-Id
Nel
X-No-Session
X-Sucuri-Cache
X-Cache-PHP
X-ATG-Version
From-Origin
X-Drupal-Cache-Contexts
X-Varnish-Cache-Hits
X-NWS-UUID-VERIFY
Server-Name
X-Contextid
X-URL
X-TA-CDN-Provider
X-Drupal-Cache-Tags
X-Origin
X-NCache
X-EIG-Tracking-Id
X-Correlation-Id
X-CDN-Forward
CF-Cached-On
OT-Force-Account-Verify
X-IPS-LoggedIn
X-AIR-PT
X-EC-Lua
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Tt-Trace-Tag
X-GoCache-CacheStatus
X-Adobe-Loc
X-Tt-Trace-Host
X-Akamai-Transformed
X-Adobe-Content
X-Bc-Bl
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Server-Time
X-Cache-Enabled
X-IP
X-TIME
X-TT
X-NC
X-ECache
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Variations-Key
X-Backend-Host
Azure-SlotName
Azure-Version
X-Cache-Backend
Azure-SiteName
Azure-InstanceId
X-Ruxit-Js-Agent
X-UA
Azure-RegionName
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Cdn
X-Tumblr-Pixel-3
Access-Control-Request-Headers
SD-X-WS
X-CCM
X-Adobe-Source
X-Cache-2
Node
X-APP-VERSION
X-CACHE-AGE
Time
X-S-Cookie
X-Rojux
X-S
X-A-Dcw
X-D
Fastcgi-X-Cache-Version
X-B-Cookie
X-ScT
MD5-Digest
X-Backend-TTL
X-A-Dgt
X-Sorting-Hat-ShopId
X-Processor
Mobile-Detection-Method
Now
X-Minions-Version
Meta-Geo-Continent
X-Soup
Apple-News-Services-Parsed-Url
X-A-Dam
X-Forwarded-Host
X-Cache-NE
X-Varnishpool
X-A-Ccd
X-Pubstack
X-External-Request-Id
X-Storefront-Renderer-Rendered
X-G
Machine
X-Destination
Apple-News-Services-Host
X-Aed
Apple-News-Services-Request-Url
Apple-News-Services-Handled
X-Date
X-Cache-Grace
X-Request-UUID
X-RCS-CacheZone
X-Rewrite-Enabled
X-Ms-Request-Id
DCR-Decision-By
X-CF-Lambda-Fn
X-A
X-Up
X-Connection-Hash
Host-ID
DCR-Processing-Time-Ms
X-PAYTM-SRV-ID
Rendered-Blocks
X-Vdms-Version
X-Vtex-Remote-Cache
X-Vdms-Path
X-CF-Lambda-Version
X-Worker
X-Accel-Expires-Debug
CloudFront-Viewer-Country
Xc-Version
X-Vtex-Processado-Em
X-Application
X-ApacheServer
X-VG-WebCache
X-Shopify-Stage
X-PERF
X-Sorting-Hat-PodId
X-A-Wwc
X-Ms-Version
X-PBS-Appsvrname
X-ShopId
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-ShardId
X-Alternate-Cache-Key
X-ARC
X-VG-WebServer
Surrogated-Key
X-Storage
X-Cluster-Name
X-Say-TTL
X-SayCDN-TTL
Fastly-SSL
X-Cache-Config
X-CUA
Cache-Status
X-Core-Value
X-Say-Cacheable
X-Edge-Location
X-DPWN-IS-SECURE
X-Dispatcher-Server
Is-Eu
X-Envoy-Decorator-Operation
X-OVcl
Ufe-Result
CDN-Uid
X-Owner
X-VG-TLSProxy
We-Hiring
Wxu-Next-Commit
CDN-RequestCountryCode
Platform
CDN-RequestId
X-Variation
X-Thanos
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Req
Fastly-SWR
Fastly-SIE
X-SN
X-Skip-Cache
X-Servername
CDN-PullZone
CDN-EdgeStorageId
X-Bip
Adler-Geo
Mail-Subject
Wxu-Next-Region
X-Cache-Bucket
X-Viewer-Country
X-Hash
X-Web-Node
X-Generation-Time
X-Method
X-OVcl-Cache
X-Varnish-Ttl
NM-Fastcgi-Cache
X-NGENIX-Cache
Wxu-Next-Hostname
CDN-Cache
CDN-CachedAt
X-Microcachable
X-Micro-Cache
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
CACHE
X-Fmm-Version
X-Fastly-Cache
X-Clara-WADP
Ha-Gx-Prefs
PFcat
X-WADP-Cache
C-Via
CacheControlHeader
X-Webstats-RespID
Rt-Fastcgi-Cache
Origin
X-Platform
Group
X-Proxy-Upstream
Fastly-Drupal-HTML
X-Request-Start
X-Reqid
X-Render-Time
Upgrade-Insecure-Requests
X-Policy
Country-Code
X-VarnishDD-TTL
X-Varnish-Cacheable
X-TX-ID
X-Slack-Backend
X-Auto-Login
X-Ah-Environment
X-Csrf-Jwt
X-Core-Mission
X-Eu-Site
X-Fastly-Backend
X-Cache-NGX
Country
Decoy-Debug-Key
X-CGP
HA-Ipaddr
X-Cms-Context
Decoy-Debug-TTL
Decoy-Debug-Status
X-Cache-Tags
X-Gamma-Serve
AKAMAI
X-Li-Pop
X-Backend-State
Gh-Request-Id
X-LI-UUID
X-Cache-Date
X-Li-Fabric
L
X-Generated-On
X-HN
L5d-Success-Class
X-Level-Front-Cache
Backend
Pagetype
UCS
X-Geo-Header
X-HS-Content-Campaign-Id
X-Gzip
X-Irp-Debug
X-Esi
X-Old-Content-Length
X-Esi-Check
X-Cdn-Srv
Akamai-GRN
X-Request-Host
Memcached
X-Cache-Id
X-Cache-URL
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Content-Age
X-Developers
X-Clientip
X-LAGOON
X-Amz-Meta-Cb-Modifiedtime
X-Has-Esi
X-Is-Gdpr
X-Platform-Server
X-Location
X-JWT-State
FSS-Proxy
Fastly-Backend-Name
X-CS
X-Agile
X-Agile-Age
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Flags
X-Agile-Id
X-DefHash
X-Mvc-Supplant-Cachable
X-Wa
X-Aspnet-Duration-Ms
X-DefElseHash
X-Is-Crawler
X-Varnish-Remaining-TTL
X-UPSTREAM-Address
X-Route-Name
X-PF-Uncompressing
X-Providence-Cookie
X-NODE
HostName
X-Aicache-OS
X-Refresh
X-Branch-Name
X-BC
X-Instart-Request-ID
X-ZONE
X-Dc
X-LB-ID
X-Via-Poph
X-Via-Popn
X-RateLimit-Remaining
X-Cache-Debug
M-TraceId
X-Session-Fingerprint
X-Cdn-Forward
NGX
X-B3-Spanid
Arc-Country
X-Servedbyhost
X-Ua-Device
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-LI-Proto
X-Mvc-Supplant-OutputCached
Cdn-Host
X-Edge-Server
VivaBuild
X-Page-View
Viewtype
Cdn-Request-Time
X-GEO
X-SERVER
X-DC
X-Request-Time
X-RunCloud-Cache
X-Via-Ucdn
X-Zone
Srv
X-Bc
X-Varnish-Hostname
SRV
X-Ftr-Cache-Host
X-Nginx-Cache
Hostname
X-HS-Status
X-APP
Xserver
Memory
X-Vgn-Hpd-Ssi
Actual-Object-TTL
X-Check-Cacheable
X-ORACLE-APMCS-REQUEST-ID
X-FPC
X-Action
X-NGINX-Cache
X-Pinterest-Sli-Response-Type
X-Pinterest-Sli-Endpoint-Name
X-Pinterest-Sli-Latency-Threshold
X-LiteSpeed-Cache-Control
X-DB
X-NU-AKA-ACS-Version
WWW-Authenticate
X-B3-Traceid
X-RPS
X-RSL
X-DI
X-Srv
X-VCL-Version
X-RPM
X-DSS
X-DW
X-Cs
X-Unique-ID
Geo-Info
X-CSRF-TOKEN
X-Via-CDN
X-Datadome
X-Via-Popv
X-Sql-Duration-Ms
X-MP-GENERATED-AT
XServer
X-UnsetCookies
Geoip-Latitude
GeoIp-Country-Code
X-Oss-Cdn-Auth
X-Sql-Count
X-Cluster-Node
X-Geo
X-Vcache
X-CF-Powered-By
X-Akamai-Request-ID2
Sid
X-Dynatrace-Js-Agent
ProcessTime
WebServer
SID
X-Hit
User-Agent
X-Via-SSL
X-Www-Served-By
X-We-Are-Hiring
GeoIP-Country-Code
On-Server
Apigw-Requestid
W
Processtime
X-Epic-Correlation-Id
GeoIP-Latitude
X-Via-Edge
Edge-Copy-Time
X-SRV
X-SERVER-NAME
X-Svr
X-Webkit-CSP-Report-Only
Server-Info
NtCoent-Length
X-FORWARDED-FOR
X-Cache-Remote
ServedBy
X-S-Maxage
Cache-Hits
X-Mobile-Rewrite
LB
X-FC-Vary-Parameters
X-HOST
Ohc-File-Size
S-Rt
X-Envoy-Upstream-Healthchecked-Cluster
X-Nc
X-Fpc
X-Presslabs-Stats
T-Server
Amp-Access-Control-Allow-Source-Origin
X-HITS
Server-Host
Accept-Language
Esi-Enabled
X-Cache-Hfrom
X-Vcl-Version
X-Tb
N-Cache
X-Pass-Why
X-Cache-Hm
X-Pjax-Url
X-MSEdge-Features
X-MSEdge-Flight
CF-IPCountry
X-Fastly-Country-Code
Origin-Cache-Control
CDN
Lb
Cdn
Origin-Edge-Control
Magicmarker
Pics-Label
Cteonnt-Length
X-Key
A
X-CACHE-KEY
X-COUNTRY
X-Varnish-Hits
WZWS-RAY
X-LLID
X-Dispatch
Proxy-Firewall
X-SB
X-VC
Ohc-Cache-HIT
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
Protected
X-Info
X-Instart-Info
Powered-By
X-Geo-Region
X-Newrelic-App-Data
X-StackifyID
X-ServedByHost
HitType
X-Via-NSCOPI
X-Li-Proto
X-B3-SpanId
Server-Ttl
X-RAMCache
X-Uri
X-Dynatrace
Cache-Key
User-Cache-Control
X-Served-From
X-Newrelic-Synthetics
X-Lb-Id
X-TH-Server
X-Akamai-Pragma-Client-IP
X-TT-LOGID
BehaviorPad-Version
Fastcgi-Cache-TTL
X-Generated
Tracecode
X-App
X-Cache-Tag
X-Via-PopN
X-Via-PopH
X-Via-PopV
X-TrackingId
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Ssr
X-LiteSpeed-Tag
Cache-Provider
X-ID
X-Cc-Via
X-Men
X-Cc-Req-Id
D-Cc-Upstream
X-WA
X-Tt-Logid
X-Magnolia-Registration
Lfy
X-Cache-Spec
X-Path-Route
X-Provided-By
Xet-Cookie
X-UA-Device-Type
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-Erf-Stays-Bingo-Pdp-Web
X-Agile-Brick-Ok
Odigeo-Trace-Id
Section-Io-Id
Section-Io-Origin-Status
X-Planisys-CDN-Cache
Cache-Name
X-Batcache
CountryCode
Dnion-Transfer-Encoding
DSUID
Tcn
X-ElasticPress-Query
X-Cache-ASPX
X-Block-Status
X-Cache-Expires
X-Device-Os
X-Developer
X-Contensis-Viewer-Groups
X-Cdn-Origin
X-BBXSRF
X-Cache-Info
X-Azure-Ref-OriginShield
Thinkindot-CacheControl-Type
Thinkindot-Control
Thinkindot-CacheControl
SR-User-Adfree
Sever-Int
True-Client-Country-4JS
V-Age
X-Fetched-On
X-API-Version
Web-Mar-Node
Vix-Hermes-Req-Id
X-BBC-Edge-Cache-Status
X-Gen-Mode
X-Parent-Response-Time
X-Origin-TTL
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Nginx-Cache-Key
X-Node-Id
X-Origin-Time
X-Origin-Expires
X-Origin-CC
X-Nyt-Route
X-NodeID
X-Matched-Rule
X-Request-URI
X-GeoIP-City
X-Generated-In
X-Origin-Date
X-SD-PageType
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hnp-Log
X-Response-By
X-Rocket-Build-Number
Server-ID
X-Loc
X-Gdpr
Instruction
X-Thinkindot-L3
Who
X-PJAX-URL
X-VServer
Inserted-Into-Cache-At
X-Swa-Ws
X-Varnish-Beresp-TTL
X-Sn-Servicetimems
X-SRCache-Key
X-VC-Cache
X-Trace-Id
X-Server-IP
X-User
X-Yottaa-OS
X-Var-Ttl
Cf-Alt-Svc
X-Varnish-Url
X-Varnish-Authentication
X-Pf-Uncompressing
Server-Hostname
X-SIPLIST1
Locid
Kp-EeAlive
IsBot
FNAC-ModuleRouting
MIME-Version
Path
Server-Ext
X-ServiceProvider
Release
Pramga
Cache-Host
CDCHOST
X-RateLimit-Limit
X-Sigma
X-HostName
X-Scheme
X-Sigma-Backend
X-Selected-Name
X-Selected-Host-Header
X-Selected-Scheme
X-Acc-Rdl
Req-Svc-Chain
X-SVT-ORM-VERSION
X-BBC-Origin-Response-Status
X-Traceid
X-SVT-ORM-RULES
X-TraceId
Mime-Version
Content-Style-Type
Vha6-Origin
X-Dw-Trace-Id
X-MiniProfiler-Ids
Content-Script-Type
X-Proxy-Cachei7
X-Pad
X-Origin-Response-Time
X-Tid
X-C
Pragrma
X-Apw-Hits
X-Request-URL
Source
X-Snapshot-Date
X-Apw-Access-Token
X-Apw-Access-Object
PICS-Label
X-Vgn-Hpd-Reason
X-Apw-Access-Action
Resin-Trace