Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
Age
CF-RAY
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-UA-Compatible
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Xss-Protection
Alt-Svc
X-Served-By
CF-Ray
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
P3p
X-Cache-Status
X-Request-ID
X-Generator
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
Upgrade
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Template
X-Language
Keep-Alive
X-Via
X-Ws-Request-Id
X-Dns-Prefetch-Control
Feature-Policy
X-Age
X-Backend
X-Cache-Group
X-Hacker
X-AH-Environment
X-Server
X-Robots-Tag
X-Amz-Request-Id
X-UA-Device
EagleId
X-Amz-Id-2
X-Proxy-Cache
X-Buckets
X-Turbo-Charged-By
Request-Context
X-Server-Powered-By
Server-Timing
Host-Header
Grace
X-Nginx-Cache-Status
Report-To
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Cf-Bgj
Cf-Railgun
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Vhost
X-Amz-Version-Id
X-Host
X-WebKit-CSP
NEL
X-Dispatcher
X-Device
X-Backend-Server
X-Node
Surrogate-Control
X-Ruxit-JS-Agent
X-Cache-Lookup
X-Response-Time
Content-Location
X-Origin-Cache
Request-Id
X-Server-Id
X-Akam-SW-Version
X-ASPNET-VERSION
X-Ua-Compatible
X-Ac
Accept-CH-Lifetime
X-Country
EagleEye-TraceId
Accept-CH
X-HW
X-Mod-Pagespeed
Rating
X-Readtime
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Cloud-Trace-Context
X-Application-Context
Pinterest-Generated-By
Edge-Control
X-Country-Code
X-DataDome
X-Vname
X-TtlSet
X-PC
X-Url
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Varnish-TTL
X-Origin-Upstream-Status
X-Cnection
Allow
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Source
Fusion-Component-Id
X-MS-InvokeApp
Fusion-Template-Id
Fusion-Content-Source
X-D2id
X-GitHub-Request-Id
X-Content-Type
X-ESI
X-Clacks-Overhead
X-Server-Name
X-Abt-Application-Version
X-Pinterest-Rid
Pinterest-Version
X-Trace
X-Navigation-Version
X-FTR-Request-ID
Display
Pagespeed
Response
X-Middleton-Display
X-Middleton-Response
X-Sol
X-Vcap-Request-Id
X-B3-TraceId
X-Px
Verso
X-Cached
X-Rack-Cache
X-Webkit-CSP
X-DynaTrace
X-Element-Page-Cache
Service-Worker-Allowed
X-Fastly-Request-ID
MS-Author-Via
X-Client-IP
X-Cache-TTL
Arr-Disable-Session-Affinity
X-Powered-By-Plesk
X-Dw-Request-Base-Id
X-Upstream
Content-MD5
X-Version
AR-ATIME
X-Forwarded-Proto
AR-PoweredBy
AR-CACHE
AR-Request-ID
Ar-Sid
X-TTL
X-SharePointHealthScore
SPRequestGuid
X-NF-Request-ID
Accept-Ch
Fastly-Restarts
X-T
X-Debug
X-VARITI-CCR
X-Server-ID
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-Use-Magma
X-GoogleNews-Bot
X-Kinja-Revision
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Jurisdiction
X-XRDS-Location
Access-Control-Request-Method
X-Powered-CMS
TP-L2-Cache
TP-Cache
X-Goog-Hash
X-FastCGI-Cache
X-MSEdge-Ref
X-Content-Digest
X-Ttl
X-Release
X-Edge
X-NWS-LOG-UUID
SPRequestDuration
SPIisLatency
TCN
S
X-CST
RTSS
X-Amz-Rid
X-Pinterest-Direct
X-PressLabs-Stats
Cache-Tag
X-Request-Received
X-Request-Processing-Time
Public-Key-Pins
Fastcgi-Cache
X-Ezoic-Cdn
X-Yandex-Sdch-Disable
X-Node-Name
X-MCACHE
X-Mid
Server-Node
X-Cache-Key
X-Accel-Expires
Accept-Ch-Lifetime
X-Amzn-Trace-Id
Front-End-Https
X-Logged-In
X-Cache-Hit
X-Ratelimit-Remaining
ServerID
X-Ser
X-Microsite
X-Request-Handler-Origin-Region
X-Recruiting
X-Kinsta-Cache
X-Origin-Server
X-Page-Id
Alternate-Protocol
Host
Accept-Charset
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-B
X-Ratelimit-Limit
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Mobile-URL
X-Hostname
X-Varnish-Age
Nginx-Cache
X-ECACHE
X-Content-Security-Policy-Report-Only
X-FireWall-Port
Filterid
X-FTR-Backend-Server
X-Forwarded-For
X-FTR-Realm
X-FTR-Balancer
X-Country-Code-Real
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend
X-DIS-Request-ID
X-FTR-Expires
X-Shield-Request-Id
X-Mg-S
X-Seen-By
X-Content-Options
Realpath
X-Load-Cache
Edge-Cache-Tag
X-Daa-Tunnel
X-Id
X-Grace
Akamai-Age-Ms
X-Amz-Server-Side-Encryption
X-Jobs
X-Git-Hash
X-LB-Cache
X-N
X-F-Cache
X-App-Environment
X-AppVersion
X-Activity-Id
X-Az
X-Type
X-Varnish-Backend
Paypal-Debug-Id
X-Request-Guid
X-Varnish-Grace
X-Hits
X-Rid
Fastcgi-Useragent
X-HP-Webp
X-Zen-Fury
X-Proxy
MicrosoftSharePointTeamServices
DynaTrace
Access-Control-Allow-Method
X-FB-Debug
X-Upgrade-Enabled
Cache-Tags
X-Correlation-ID
Cleartype
X-App-Server
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-WebKit-CSP-Report-Only
DC
X-Akamai-Edgescape
X-Geo-Country
Content-Disposition
X-Cached-By
X-Cache-Operation
X-Content-Powered-By
X-Cache-Rule
AMP-Access-Control-Allow-Source-Origin
X-Amz-Meta-S3cmd-Attrs
X-Host-Name
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Wix-Request-Id
X-User-Agent
X-IPLB-Instance
X-Original-Request-Id
X-B3-Sampled
X-Accel-Buffering
X-Response-Served-From
X-HS-Hub-Id
X-HS-Cache-Config
Healthy
X-HTML-Minification-Powered-By
X-Endurance-Cache-Level
X-HS-Content-Id
X-Cache-Age
NGB
Powered-By-ChinaCache
X-HS-Combine-CSS
X-B-Cache
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Respond-Thread
Payment
X-Signature
X-AOL-HN
X-UUID
X-Distributor
MS-CV
X-FW-Dynamic
X-Goog-Metageneration
X-Whom
X-Goog-Generation
X-Goog-Storage-Class
X-Debug-Info
X-Cacheable-TTL
X-FW-Hash
X-Cache-Time
X-Goog-Stored-Content-Length
Refresh
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-FW-Type
X-FW-Static
X-Region
X-Is-Bot
X-Rendered-As
X-FW-Server
X-VCache
X-FW-Serve
X-Instance
X-Rule
X-Tumblr-Pixel-0
X-Mobile
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Tumblr-Pixel-2
Countrycode
Datacenter
X-Frontend
X-Ua
X-XRDS-LOCATION
X-App-Version
Arc-Version
PB-PID
PB-RID
X-Fastcgi-Cache
Surrogate-Key
X-Oneagent-Js-Injection
X-Varnish-Server
S-Cnection
X-Acc-Debug-Context
X-Backend-Name
X-PHP-Backend
X-Protected-By
X-Via-JSL
X-Cache-Server
Viewport
X-Azure-Ref
Liferay-Portal
X-NewRelic-App-Data
X-Hyper-Cache
X-Litespeed-Cache
Powered
X-Cache-Expired-At
Filters
X-Hp-Webp
X-WA-Info
X-Proxy-Cache-Status
Retry-After
Referer-Policy
Charset
X-Cache-Control
X-Sucuri-ID
X-DynaTrace-JS-Agent
Section-Io-Cache
X-Amz-Replication-Status
X-Source
X-Cache-Action
X-FTR-Cache-Host
X-ProcessESI
Cache
X-FB-TRIP-ID
X-RemovedCookies
X-EdgeConnect-Cache-Status
X-GeoIP
X-RN-RSRV
X-Real-IP
X-Cache-Var
X-Mode
X-Cache-Var-Map
X-ES-SERVER
Meta-Geo
X-Debug-Cache
X-R9-Blue-Green-Version
X-Locale
X-Time
X-From
X-Framework
X-Qloud-Router
X-Site-Version
Eomportal-Instance
X-Device-Type
Mn-Server-Ip
X-Yottaa-Optimizations
X-Environment-Context
X-AWS-Id
X-L-Path
X-Yottaa-Metrics
X-Human
X-Time-Microsecs
X-VWS-Id
X-Xfnlog-Site
X-Server-W
X-ProxyCache-Status
X-Cache-Host
X-LJ-Flow-ID
X-ProxyCache-Key
X-BYPASS-REASON
X-Via-Fastly
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Privacy
Webcakes-App-Name
Webcakes-Region
Webcakes-App-Version
TWC-Connection-Speed
Selected-Fe
X-Revision
Uber-Trace-Id
X-RTag
Cache-Tv-Group
Property-Id
Ec-Rule-Version
X-CSRF-Token
X-Cluster
X-Ratelimit-Reset
X-Proxy-Build
X-Routing-Service
X-Timing-Wait
X-Zipkin-Id
GEO-INFO
X-Proxied
X-PCL
X-Handled-By
X-FW-Version
X-Hl-Ver
FSS-Cache
X-Origin-Hint
X-OCL
Ms-Operation-Id
TWC-Device-Class
X-ServerID
DB-Nickname
X-Redis-Cache
Webserver
Version
X-Amzn-Remapped-Content-Length
X-BCube-Filmed-By
X-Be
X-TNCMS
X-PHP-Host
X-Proto
X-Generated-By
X-NYM-Debug-Backend
X-Air-Hostname
X-Labrador-Cache-Channel
X-Cache-TTL-Remaining
X-Loop
X-Access
X-Section
X-Hosted-By
X-SaId
X-Detected-As
X-Status
X-JoinUs
X-Format
Frame-Options
X-No-Session
Nel
X-Unique-Id
Cross-Origin-Window-Policy
X-Cache-PHP
X-Sucuri-Cache
From-Origin
X-ATG-Version
X-Drupal-Cache-Contexts
X-Varnish-Cache-Hits
X-NWS-UUID-VERIFY
Server-Name
X-TA-CDN-Provider
X-Contextid
X-URL
X-Drupal-Cache-Tags
X-Origin
X-NCache
X-EIG-Tracking-Id
X-Correlation-Id
X-CDN-Forward
CF-Cached-On
OT-Force-Account-Verify
X-AIR-PT
X-IPS-LoggedIn
X-EC-Lua
X-GoCache-CacheStatus
X-Oss-Hash-Crc64ecma
X-Tt-Trace-Tag
X-Adobe-Loc
X-Adobe-Content
X-Oss-Object-Type
X-Oss-Request-Id
X-Tt-Trace-Host
X-Bc-Bl
X-Oss-Server-Time
X-Oss-Storage-Class
X-Akamai-Transformed
X-IP
X-TIME
X-Cache-Enabled
X-Vgn-Hpd-Variations-Key
X-NC
X-TT
X-ECache
X-Vgn-Hpd-Cached
X-Backend-Host
Azure-RegionName
Azure-InstanceId
X-Cache-Backend
Azure-SiteName
X-UA
Azure-Version
X-Ruxit-Js-Agent
Azure-SlotName
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Tumblr-Pixel-3
X-Cdn
Access-Control-Request-Headers
X-Adobe-Source
X-CCM
SD-X-WS
X-Cache-2
X-APP-VERSION
X-CACHE-AGE
Node
Time
X-Aed
X-Application
X-Forwarded-Host
X-Accel-Expires-Debug
X-ARC
X-Cache-Grace
Apple-News-Services-Handled
X-Varnishpool
Meta-Geo-Continent
X-Soup
X-B-Cookie
X-Pubstack
Apple-News-Services-Parsed-Url
X-PERF
Apple-News-Services-Request-Url
Mobile-Detection-Method
X-ApacheServer
X-G
X-Date
X-D
Rendered-Blocks
X-A
X-Destination
X-External-Request-Id
DCR-Decision-By
DCR-Processing-Time-Ms
Fastcgi-X-Cache-Version
Apple-News-Services-Host
CloudFront-Viewer-Country
X-A-Ccd
X-A-Dcw
X-CF-Lambda-Fn
X-Cache-NE
X-A-Dgt
X-A-Wwc
X-CF-Lambda-Version
MD5-Digest
Host-ID
X-A-Dam
Machine
X-Connection-Hash
X-Backend-TTL
X-Minions-Version
X-S
X-S-Cookie
X-ScT
X-Transaction
X-Rojux
X-Rewrite-Enabled
X-PBS-Appsvrname
X-Processor
X-RCS-CacheZone
Now
X-Trv-Group
X-Twitter-Response-Tags
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Worker
Xc-Version
X-VG-WebServer
X-VG-WebCache
X-Up
X-Vdms-Path
X-Vdms-Version
X-PAYTM-SRV-ID
X-Request-UUID
X-Ms-Version
X-Ms-Request-Id
X-ShopId
X-Sorting-Hat-PodId
X-Storefront-Renderer-Rendered
X-ShardId
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-Alternate-Cache-Key
X-Skip-Cache
X-Web-Node
Adler-Geo
X-SN
CDN-Cache
X-Thanos
X-Varnish-Ttl
X-Viewer-Country
X-Cache-Bucket
X-Cluster-Name
X-Bip
X-SayCDN-TTL
CDN-CachedAt
X-Cache-Config
X-Say-Cacheable
X-Storage
X-Servername
NM-Fastcgi-Cache
Fastly-SIE
Surrogated-Key
X-OVcl
X-Method
Fastly-SWR
X-Microcachable
Mail-Subject
X-NGENIX-Cache
Is-Eu
Platform
Ufe-Result
We-Hiring
CDN-RequestCountryCode
X-Variation
CDN-PullZone
X-Req
CDN-RequestId
CDN-Uid
Wxu-Next-Commit
X-VG-TLSProxy
Wxu-Next-Hostname
Wxu-Next-Region
CDN-EdgeStorageId
X-Say-TTL
X-Rebelmouse-Cache-Control
X-Core-Value
X-OVcl-Cache
Cache-Status
X-Dispatcher-Server
X-DPWN-IS-SECURE
X-Generation-Time
X-Envoy-Decorator-Operation
X-Edge-Location
X-Owner
X-CUA
X-Rebelmouse-Surrogate-Control
Fastly-SSL
CACHE
X-Micro-Cache
X-Render-Time
PFcat
X-Cache-Date
X-Reqid
X-Webstats-RespID
CacheControlHeader
X-Cache-Tags
X-TX-ID
C-Via
X-Eu-Site
X-Request-Host
X-Policy
Gh-Request-Id
X-Fmm-Version
X-Generated-On
X-Cache-NGX
X-HN
Ha-Gx-Prefs
X-Fastly-Cache
X-Varnish-Cacheable
X-Platform
X-VarnishDD-TTL
HA-Ipaddr
X-Ah-Environment
X-Level-Front-Cache
X-Clara-WADP
X-Proxy-Upstream
Decoy-Debug-Status
X-LI-UUID
Origin
X-Cms-Context
X-Clientip
Decoy-Debug-Key
X-Li-Fabric
Country
X-CGP
X-Backend-State
L5d-Success-Class
L
X-Li-Pop
AKAMAI
Decoy-Debug-TTL
X-WADP-Cache
X-Hash
X-Auto-Login
X-Csrf-Jwt
Upgrade-Insecure-Requests
X-Request-Start
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-Gzip
Rt-Fastcgi-Cache
Pagetype
X-Is-Gdpr
X-JWT-State
Akamai-GRN
X-Wikidot-Static-Cache
X-Cdn-Srv
X-Old-Content-Length
X-Core-Mission
X-Cache-Id
X-Irp-Debug
Memcached
X-Cache-URL
X-HS-Content-Campaign-Id
X-Slack-Backend
X-Developers
X-Fastly-Backend
X-Gamma-Serve
X-Geo-Header
X-Location
X-Platform-Server
X-Wikidot-Backend
X-Esi-Check
X-Has-Esi
UCS
FSS-Proxy
Fastly-Drupal-HTML
Fastly-Backend-Name
Country-Code
X-LAGOON
X-Esi
Group
Backend
X-Agile-Id
X-Agile-Age
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Amz-Meta-Cb-Modifiedtime
X-Content-Age
X-Varnish-Remaining-TTL
X-PF-Uncompressing
X-Mvc-Supplant-Cachable
X-Flags
X-Aspnet-Duration-Ms
X-Wa
X-Is-Crawler
X-Providence-Cookie
X-DefElseHash
X-Agile
X-CS
X-Route-Name
X-UPSTREAM-Address
X-DefHash
X-NODE
HostName
X-Branch-Name
X-Refresh
X-Aicache-OS
X-Instart-Request-ID
X-ZONE
X-BC
X-Session-Fingerprint
X-Dc
X-Cache-Debug
X-LB-ID
X-RateLimit-Remaining
M-TraceId
X-Via-Popn
X-Via-Poph
X-Cdn-Forward
X-B3-Spanid
X-Servedbyhost
Arc-Country
NGX
X-Mvc-Supplant-OutputCached
X-Debug-Cache-Fetch
X-Ua-Device
X-Debug-Cache-Store
X-LI-Proto
X-Edge-Server
Viewtype
VivaBuild
Cdn-Request-Time
X-Page-View
Cdn-Host
X-DC
X-GEO
X-SERVER
X-Via-Ucdn
X-Request-Time
X-RunCloud-Cache
X-Zone
Srv
X-Bc
X-Ftr-Cache-Host
SRV
X-Varnish-Hostname
X-Nginx-Cache
X-Pinterest-Sli-Endpoint-Name
X-FPC
Xserver
X-Check-Cacheable
Hostname
X-Action
X-HS-Status
X-Pinterest-Sli-Latency-Threshold
Memory
X-ORACLE-APMCS-REQUEST-ID
Actual-Object-TTL
X-NGINX-Cache
X-APP
X-Vgn-Hpd-Ssi
X-Pinterest-Sli-Response-Type
X-LiteSpeed-Cache-Control
X-DSS
X-DW
X-DI
X-Srv
X-B3-Traceid
X-VCL-Version
X-NU-AKA-ACS-Version
WWW-Authenticate
X-DB
X-Via-CDN
X-RPS
X-RSL
X-Cs
X-RPM
X-Datadome
Geo-Info
X-Unique-ID
Geoip-Latitude
GeoIp-Country-Code
XServer
X-Sql-Count
X-Cluster-Node
X-CSRF-TOKEN
X-Sql-Duration-Ms
X-Oss-Cdn-Auth
X-MP-GENERATED-AT
X-Vcache
X-UnsetCookies
X-Geo
X-Akamai-Request-ID2
X-CF-Powered-By
Edge-Copy-Time
X-Via-Edge
Sid
X-Via-SSL
X-Dynatrace-Js-Agent
X-Via-Popv
User-Agent
WebServer
Apigw-Requestid
X-Svr
X-SERVER-NAME
ProcessTime
X-Www-Served-By
X-Epic-Correlation-Id
GeoIP-Latitude
W
X-SRV
Processtime
On-Server
X-We-Are-Hiring
GeoIP-Country-Code
X-Webkit-CSP-Report-Only
SID
X-FORWARDED-FOR
NtCoent-Length
Server-Info
X-Hit
Cache-Hits
X-S-Maxage
ServedBy
X-Cache-Remote
X-FC-Vary-Parameters
X-Mobile-Rewrite
LB
X-HOST
Ohc-File-Size
T-Server
X-Nc
S-Rt
X-Presslabs-Stats
X-Fpc
X-Envoy-Upstream-Healthchecked-Cluster
Amp-Access-Control-Allow-Source-Origin
X-HITS
X-MSEdge-Flight
X-Cache-Hm
X-Cache-Hfrom
X-Pass-Why
N-Cache
X-Pjax-Url
X-Vcl-Version
X-MSEdge-Features
Server-Host
Accept-Language
Esi-Enabled
X-Fastly-Country-Code
X-Tb
CF-IPCountry
Origin-Cache-Control
Lb
Origin-Edge-Control
Cteonnt-Length
CDN
Cdn
A
X-Key
Magicmarker
Pics-Label
X-Varnish-Hits
X-COUNTRY
X-CACHE-KEY
X-Dispatch
X-VC
X-SB
X-LLID
Proxy-Firewall
WZWS-RAY
Ohc-Cache-HIT
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
Powered-By
X-Info
X-Geo-Region
X-Instart-Info
Protected
Server-Ttl
X-ServedByHost
X-Li-Proto
X-StackifyID
HitType
X-Newrelic-App-Data
X-B3-SpanId
X-RAMCache
X-Dynatrace
X-Uri
BehaviorPad-Version
X-Served-From
X-TT-LOGID
X-Akamai-Pragma-Client-IP
Cache-Key
X-Via-NSCOPI
Fastcgi-Cache-TTL
X-Lb-Id
User-Cache-Control
X-TH-Server
X-Generated
X-Newrelic-Synthetics
X-Cache-Tag
X-App
Tracecode
X-TrackingId
X-Via-PopV
X-Via-PopN
Ssr
X-Via-PopH
X-ID
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Cache-Provider
X-LiteSpeed-Tag
X-Scheme
X-Provided-By
X-Men
X-Magnolia-Registration
Lfy
X-WA
X-Erf-Stays-Bingo-Pdp-Web
Dnion-Transfer-Encoding
X-Tt-Logid
X-UA-Device-Type
Xet-Cookie
X-Cache-Spec
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Batcache
DSUID
X-Agile-Brick-Ok
Cache-Name
Odigeo-Trace-Id
X-Planisys-CDN-Cache
Section-Origin-Responded
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-Path-Route
Section-Io-Id
Tcn
X-Gdpr
X-Fetched-On
X-Gen-Mode
X-ElasticPress-Query
X-Hnp-Log
X-Nginx-Cache-Key
X-Node-Id
X-NodeID
X-Matched-Rule
X-Loc
X-GeoIP-City
X-Device-Os
X-Generated-In
X-Cdn-Origin
X-Azure-Ref-OriginShield
X-BBC-Edge-Cache-Status
X-API-Version
Web-Mar-Node
V-Age
Vix-Hermes-Req-Id
X-BBXSRF
X-Block-Status
X-Nyt-Route
X-Contensis-Viewer-Groups
X-Cache-Info
X-Cache-Expires
X-Cache-ASPX
X-Developer
X-Request-URI
X-Swa-Ws
X-Thinkindot-L3
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-SRCache-Key
X-Trace-Id
X-User
X-VC-Cache
X-VServer
X-Varnish-Url
X-Varnish-Authentication
X-Var-Ttl
X-SIPLIST1
X-Sigma-Backend
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Parent-Response-Time
X-Origin-TTL
X-Origin-Time
True-Client-Country-4JS
X-Response-By
X-ServiceProvider
X-Sigma
X-Server-IP
X-SD-PageType
X-Rocket-Build-Number
X-Origin-CC
Sever-Int
X-Pf-Uncompressing
X-Cc-Via
Cache-Host
CDCHOST
Instruction
X-PJAX-URL
X-Cc-Req-Id
Inserted-Into-Cache-At
Who
X-Varnish-Beresp-TTL
X-RateLimit-Limit
Thinkindot-Control
D-Cc-Upstream
IsBot
FNAC-ModuleRouting
X-HostName
Server-Hostname
Kp-EeAlive
X-Yottaa-OS
SR-User-Adfree
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Cf-Alt-Svc
Server-Ext
Path
MIME-Version
Locid
Pramga
Release
X-Selected-Host-Header
X-Selected-Scheme
CountryCode
X-Selected-Name
X-Acc-Rdl
Content-Style-Type
X-Dw-Trace-Id
X-C
Req-Svc-Chain
X-BBC-Origin-Response-Status
X-TraceId
PICS-Label
Mime-Version
X-Traceid
Pragrma
X-MiniProfiler-Ids
Content-Script-Type
X-Origin-Date
Vha6-Origin
Source
X-Origin-Response-Time
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Snapshot-Date
Server-ID
Resin-Trace
X-Proxy-Cachei7
X-Origin-Expires
X-Apw-Access-Action
X-Vgn-Hpd-Reason
X-Tid
X-Apw-Access-Object
X-Apw-Access-Token
X-Request-URL
X-Apw-Hits
X-Pad