Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
CF-RAY
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
X-Xss-Protection
Alt-Svc
X-Served-By
CF-Ray
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
P3p
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Template
X-Language
X-Backend
X-Cache-Group
X-Hacker
X-Amz-Request-Id
X-Server
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
X-UA-Device
EagleId
X-Dns-Prefetch-Control
X-Proxy-Cache
Request-Context
X-Turbo-Charged-By
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Grace
Host-Header
Report-To
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Buckets
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
X-Vhost
X-WebKit-CSP
X-Host
X-Backend-Server
NEL
X-Dispatcher
X-Device
X-Server-Id
X-Node
Surrogate-Control
X-Ruxit-JS-Agent
Accept-CH-Lifetime
Content-Location
Request-Id
X-Response-Time
Accept-CH
X-Cache-Lookup
X-Akam-SW-Version
X-Origin-Cache
EagleEye-TraceId
X-Ac
Cf-Bgj
X-ASPNET-VERSION
X-Readtime
Rating
X-HW
X-Mod-Pagespeed
Allow
X-Country
X-Cloud-Trace-Context
X-Application-Context
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Edge-Control
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DataDome
X-PC
X-Vname
X-TtlSet
X-Country-Code
X-Cnection
X-Varnish-TTL
X-MS-InvokeApp
X-Origin-Upstream-Status
X-Content-Type
X-GitHub-Request-Id
X-Url
X-Clacks-Overhead
X-D2id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Source
X-Trace
Pagespeed
X-Middleton-Response
X-Middleton-Display
Response
Display
X-Sol
X-Pinterest-Rid
Pinterest-Version
X-Vcap-Request-Id
X-Abt-Application-Version
X-Px
X-CST
X-Rack-Cache
X-Navigation-Version
MS-Author-Via
X-Server-Name
Verso
Service-Worker-Allowed
X-B3-TraceId
X-DynaTrace
X-FTR-Request-ID
X-FastCGI-Cache
X-Cached
X-Fastly-Request-ID
X-Client-IP
X-Element-Page-Cache
Arr-Disable-Session-Affinity
X-TTL
X-Cache-TTL
X-Webkit-CSP
X-Dw-Request-Base-Id
X-ESI
X-Powered-By-Plesk
X-SharePointHealthScore
SPRequestGuid
X-Upstream
X-VARITI-CCR
Fastly-Restarts
AR-CACHE
X-NF-Request-ID
AR-Request-ID
AR-PoweredBy
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
X-Use-Magma
X-Goog-Hash
X-Kinja
X-GoogleNews-Bot
AR-ATIME
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
Content-MD5
X-Debug
Ar-Sid
X-Version
X-Forwarded-Proto
X-MSEdge-Ref
X-T
X-Powered-CMS
Access-Control-Request-Method
X-XRDS-Location
X-Jurisdiction
SPRequestDuration
SPIisLatency
X-Pinterest-Direct
X-Release
X-Amz-Rid
X-Content-Digest
S
X-Edge
TP-L2-Cache
TP-Cache
TCN
RTSS
Cache-Tag
X-Ttl
Public-Key-Pins
X-Ezoic-Cdn
X-Node-Name
X-Cache-Key
X-Yandex-Sdch-Disable
X-Mid
Fastcgi-Cache
X-MCACHE
X-Request-Processing-Time
X-Request-Received
Server-Node
Front-End-Https
Accept-Ch
X-NWS-LOG-UUID
X-Accel-Expires
X-Amzn-Trace-Id
X-Recruiting
X-PressLabs-Stats
X-Ser
X-Kinsta-Cache
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Mg-S
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Microsite
X-Request-Handler-Origin-Region
X-Amz-Server-Side-Encryption
X-Grace
ServerID
X-Origin-Server
X-Logged-In
Accept-Charset
X-Ratelimit-Remaining
X-Cache-Hit
X-Page-Id
X-Litespeed-Cache
X-HP-Webp
X-Varnish-Age
Host
X-Content-Security-Policy-Report-Only
X-DIS-Request-ID
X-ECACHE
Nginx-Cache
X-B
X-Shield-Request-Id
Edge-Cache-Tag
X-Mobile-URL
MicrosoftSharePointTeamServices
X-Hostname
X-Hits
Alternate-Protocol
X-Server-ID
Realpath
X-F-Cache
X-Ratelimit-Limit
X-Git-Hash
X-LB-Cache
X-Content-Options
X-Az
X-AppVersion
X-Activity-Id
X-Country-Code-Real
Cache-Tags
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Backend
X-FTR-Realm
X-N
X-FTR-Expires
X-Load-Cache
X-Seen-By
X-Type
X-App-Environment
X-Jobs
Paypal-Debug-Id
X-Cache-Age
X-Request-Guid
Cleartype
X-Rid
X-Varnish-Backend
DynaTrace
Powered-By-ChinaCache
X-Cached-By
X-FireWall-Port
X-Forwarded-For
Fastcgi-Useragent
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Upgrade-Enabled
X-TEC-API-VERSION
X-TEC-API-ROOT
Filterid
X-TEC-API-ORIGIN
X-WebKit-CSP-Report-Only
Access-Control-Allow-Method
X-Correlation-ID
X-Amz-Meta-S3cmd-Attrs
X-Proxy
X-Zen-Fury
X-Respond-Thread
X-Varnish-Grace
X-Akamai-Edgescape
X-FB-Debug
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Daa-Tunnel
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-GUploader-UploadID
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Combine-CSS
X-B3-Sampled
DC
X-App-Server
X-IPLB-Instance
X-Host-Name
X-B-Cache
X-Signature
X-Geo-Country
X-AOL-HN
X-Cache-Rule
X-Debug-Info
X-Cache-Operation
X-User-Agent
X-Whom
Healthy
MS-CV
X-Region
X-Accel-Buffering
X-Response-Served-From
X-Original-Request-Id
X-Mobile
Charset
AMP-Access-Control-Allow-Source-Origin
X-Frontend
X-Content-Powered-By
Payment
X-Esi
X-VCache
X-HTML-Minification-Powered-By
Filters
Content-Disposition
X-Instance
X-Cacheable-TTL
X-Cache-Time
X-FW-Server
X-UUID
X-FW-Static
X-Rule
X-Distributor
X-FW-Serve
X-FW-Type
X-FW-Dynamic
X-Id
X-FW-Hash
X-Tumblr-Pixel
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Wix-Request-Id
X-Tumblr-User
X-Tumblr-Pixel-0
Refresh
Accept-Ch-Lifetime
Surrogate-Key
Liferay-Portal
X-Is-Bot
X-Protected-By
X-Rendered-As
Viewport
X-Acc-Debug-Context
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Via-JSL
S-Cnection
X-Endurance-Cache-Level
X-Ua
Akamai-Age-Ms
Datacenter
X-Amz-Replication-Status
X-Backend-Name
X-Hyper-Cache
X-Cache-Expired-At
PB-PID
PB-RID
GEO-INFO
Arc-Version
X-App-Version
Nel
X-XRDS-LOCATION
NGB
Section-Io-Cache
X-URL
X-Cache-Action
X-Cache-Server
X-Ah-Environment
Countrycode
Version
X-Varnish-Server
X-Tec-Api-Origin
X-Oneagent-Js-Injection
X-Tec-Api-Version
X-Sucuri-ID
X-Tec-Api-Root
Retry-After
X-Source
X-Unique-Id
Server-Name
Referer-Policy
X-Air-Hostname
X-EdgeConnect-Cache-Status
Eomportal-Instance
X-L-Path
X-Environment-Context
X-ProcessESI
X-RemovedCookies
X-Framework
X-Real-IP
X-Yottaa-Metrics
X-Revision
Frame-Options
X-WA-Info
X-Azure-Ref
X-Yottaa-Optimizations
X-Cache-Control
X-RTag
X-Proxy-Cache-Status
Ms-Operation-Id
CACHE
Meta-Geo
X-Cache-Var
X-NewRelic-App-Data
X-Drupal-Cache-Contexts
X-Cache-Var-Map
X-ES-SERVER
X-RN-RSRV
X-PHP-Backend
X-GeoIP
X-Sucuri-Cache
X-Mode
X-From
X-ProxyCache-Key
Cache-Tv-Group
X-Cache-Host
DB-Nickname
X-Qloud-Router
X-Time-Microsecs
X-Xfnlog-Site
X-R9-Blue-Green-Version
X-Cache-TTL-Remaining
X-ProxyCache-Status
X-BYPASS-REASON
X-DynaTrace-JS-Agent
X-CDN-Forward
X-Cluster
X-AWS-Id
X-Amzn-Remapped-Content-Length
Webcakes-Region
X-Handled-By
X-LJ-Flow-ID
X-Labrador-Cache-Channel
X-Human
Webcakes-App-Version
X-FW-Version
TWC-Privacy
Property-Id
Mn-Server-Ip
Ec-Rule-Version
Cross-Origin-Window-Policy
TWC-Connection-Speed
TWC-Device-Class
X-Loop
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Webcakes-App-Name
X-Hosted-By
X-PHP-Host
X-Server-W
X-Status
X-VWS-Id
X-TNCMS
X-PCL
X-NYM-Debug-Backend
X-OCL
X-Origin-Hint
X-Site-Version
X-Timing-Wait
X-ServerID
X-Hl-Ver
X-Drupal-Cache-Tags
X-Redis-Cache
Selected-Fe
X-Zipkin-Id
X-Section
X-Locale
X-FB-TRIP-ID
X-Format
X-Proto
X-Proxied
X-Detected-As
X-Routing-Service
X-Access
X-Proxy-Build
X-Be
X-Via-Fastly
X-No-Session
Uber-Trace-Id
X-Contextid
X-Debug-Cache
X-Pinterest-Sli-Response-Type
X-Pinterest-Sli-Latency-Threshold
X-Pinterest-Sli-Endpoint-Name
X-Cache-PHP
X-Device-Type
X-ATG-Version
X-BCube-Filmed-By
X-Generated-By
X-Ratelimit-Reset
FSS-Cache
Powered
X-Time
X-Correlation-Id
X-NC
X-CSRF-Token
From-Origin
Webserver
X-Adobe-Loc
X-Varnish-Cache-Hits
X-Adobe-Content
X-AIR-PT
X-Fastcgi-Cache
X-FTR-Cache-Host
X-SaId
X-JoinUs
VIX-Pulpo-Node
X-NCache
VIX-Pulpo-Upstream-Status
Azure-InstanceId
Azure-Version
X-TT
Azure-SlotName
Azure-SiteName
Azure-RegionName
X-TIME
Cache
CF-Cached-On
X-Oss-Request-Id
X-Is-Crawler
X-Providence-Cookie
X-Route-Name
OT-Force-Account-Verify
X-Flags
X-Aspnet-Duration-Ms
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Origin
X-Tt-Trace-Host
X-Tt-Trace-Tag
Upgrade-Insecure-Requests
X-GoCache-CacheStatus
Access-Control-Request-Headers
X-Hp-Webp
X-Akamai-Transformed
X-COUNTRY
X-Cache-2
SD-X-WS
X-CCM
X-Adobe-Source
X-NWS-UUID-VERIFY
X-Backend-TTL
X-APP-VERSION
X-IP
X-Backend-Host
X-IPS-LoggedIn
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-ShardId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-ShopId
X-LAGOON
X-Forwarded-Host
X-Cache-Grace
X-Cache-Enabled
X-Soup
X-PERF
X-Pubstack
X-ApacheServer
X-Say-TTL
X-TA-CDN-Provider
X-UPSTREAM-Address
Decoy-Debug-Status
X-Web-Node
Fastly-SSL
Decoy-Debug-TTL
X-Varnishpool
X-Storage
X-Cluster-Name
Cache-Status
X-SayCDN-TTL
X-EC-Lua
Decoy-Debug-Key
X-Say-Cacheable
Country
Node
X-Tumblr-Pixel-3
X-ECache
X-Viewer-Country
X-G
X-TX-ID
X-Ruxit-Js-Agent
X-Bc-Bl
Meta-Geo-Continent
X-A-Ccd
X-A-Dam
Rendered-Blocks
X-A-Dcw
Xc-Version
X-Vtex-Remote-Cache
X-Worker
Mobile-Detection-Method
Machine
X-D
X-Request-UUID
X-RCS-CacheZone
X-Connection-Hash
X-Rewrite-Enabled
X-Cache-NE
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Destination
X-Processor
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
DCR-Decision-By
X-External-Request-Id
X-PBS-Appsvrname
X-PAYTM-SRV-ID
Apple-News-Services-Handled
X-A-Dgt
X-Rojux
X-Vdms-Path
Host-ID
X-Trv-Group
X-Vdms-Version
X-VG-WebCache
X-Vtex-Processado-Em
X-VG-WebServer
MD5-Digest
X-Aed
X-ScT
Fastcgi-X-Cache-Version
X-B-Cookie
DCR-Processing-Time-Ms
X-ARC
X-S
X-Application
X-S-Cookie
X-A-Wwc
X-A
X-B3-Traceid
X-Cache-Backend
X-EIG-Tracking-Id
X-Cache-Config
X-Cdn
Gh-Request-Id
Fastly-SIE
Is-Eu
Fastly-SWR
X-Auto-Login
X-Clara-WADP
X-Cache-Bucket
Platform
CDN-Uid
CDN-CachedAt
CDN-Cache
Adler-Geo
CDN-EdgeStorageId
CDN-PullZone
X-Cms-Context
CDN-RequestId
CDN-RequestCountryCode
CloudFront-Viewer-Country
X-DefElseHash
X-Twitter-Response-Tags
X-Transaction
X-Servername
X-Rebelmouse-Surrogate-Control
X-Variation
X-Varnish-CookieHashed-On
X-WADP-Cache
X-VG-TLSProxy
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Platform-Server
X-Page-View
X-Fastly-Cache
X-Envoy-Decorator-Operation
X-DPWN-IS-SECURE
X-DefHash
X-Fmm-Version
X-Generation-Time
X-Ms-Version
X-Ms-Request-Id
X-Micro-Cache
X-CUA
X-Rebelmouse-Cache-Control
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
Backend
X-Irp-Debug
X-Is-Gdpr
X-HS-Content-Campaign-Id
X-JWT-State
X-Hash
X-Has-Esi
X-LI-UUID
CacheControlHeader
X-Core-Mission
X-Bip
X-Li-Pop
X-Gzip
X-Li-Fabric
Country-Code
X-Developers
X-Dispatcher-Server
L
X-Clientip
NM-Fastcgi-Cache
Origin
X-Cache-NGX
X-Core-Value
X-Fastly-Backend
X-Cache-Id
Fastly-Backend-Name
Fastly-Drupal-HTML
Rt-Fastcgi-Cache
X-Esi-Check
X-Backend-State
C-Via
X-Microcachable
X-Request-Host
X-Wikidot-Static-Cache
Wxu-Next-Region
X-Policy
X-Webstats-RespID
X-Request-Start
X-Skip-Cache
X-Thanos
X-Varnish-Cacheable
X-SN
X-Amz-Meta-Cb-Modifiedtime
X-Slack-Backend
X-Platform
X-Render-Time
X-Minions-Version
Wxu-Next-Hostname
Wxu-Next-Commit
AKAMAI
Akamai-GRN
X-CS
X-Method
X-Old-Content-Length
X-Wikidot-Backend
X-Owner
X-OVcl-Cache
X-OVcl
X-UA
X-DC
X-LLID
X-ID
X-HN
X-Content-Age
SRV
X-Level-Front-Cache
X-Location
X-Cache-Debug
X-VarnishDD-TTL
X-Cache-Tags
X-Session-Fingerprint
X-CGP
PFcat
X-Cache-Date
X-Reqid
Ha-Gx-Prefs
X-Eu-Site
X-Csrf-Jwt
X-Mvc-Supplant-Cachable
X-Branch-Name
X-Varnish-Ttl
HA-Ipaddr
X-Gamma-Serve
X-Generated-On
L5d-Success-Class
X-Geo-Header
X-B3-Spanid
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-Wa
UCS
Surrogated-Key
X-Date
X-Accel-Expires-Debug
Pagetype
X-GEO
X-NGENIX-Cache
X-Up
X-Refresh
X-LB-ID
X-Req
X-Edge-Location
FSS-Proxy
X-Via-CDN
Time
We-Hiring
Memcached
Ufe-Result
X-Cdn-Srv
X-Cache-URL
X-Via-Popn
Now
Group
X-Via-Poph
Hostname
Mail-Subject
X-FORWARDED-FOR
X-NODE
X-Mvc-Supplant-OutputCached
X-PF-Uncompressing
X-SERVER-NAME
X-Proxy-Upstream
X-Aicache-OS
X-LI-Proto
NGX
X-Nginx-Cache
X-Presslabs-Stats
X-RateLimit-Remaining
X-Servedbyhost
X-Ftr-Cache-Host
X-Sql-Count
X-Sql-Duration-Ms
X-Cache-Spec
X-BC
X-ZONE
X-SRV
X-Agile-Id
X-Debug-Cache-Fetch
X-Agile-Age
X-Debug-Cache-Store
X-Agile
X-Cache-Remote
X-Datadome
X-Ua-Device
X-FPC
X-NU-AKA-ACS-Version
X-Varnish-Hostname
X-CACHE-AGE
HostName
X-Dc
X-Check-Cacheable
M-TraceId
X-Request-Time
X-Www-Served-By
Xserver
X-SERVER
WebServer
X-S-Maxage
X-LiteSpeed-Cache-Control
X-Via-SSL
X-Via-Edge
Edge-Copy-Time
X-VCL-Version
Cache-Hits
XServer
SID
Arc-Country
X-Svr
On-Server
ServedBy
X-Cluster-Node
X-Erf-Stays-Bingo-Pdp-Web
X-CSRF-TOKEN
X-MP-GENERATED-AT
GeoIp-Country-Code
X-Bc
VivaBuild
X-Via-Popv
NtCoent-Length
X-Zone
Viewtype
Geoip-Latitude
Cdn-Request-Time
X-APP
X-Edge-Server
X-CF-Powered-By
Cdn-Host
Protected
X-UnsetCookies
X-HS-Status
X-Cdn-Forward
X-Dynatrace-Js-Agent
X-RunCloud-Cache
T-Server
X-Cs
X-Via-Ucdn
X-Action
ProcessTime
Ohc-File-Size
X-NGINX-Cache
X-Pass-Why
Srv
X-DW
X-DSS
X-RSL
X-RPS
WWW-Authenticate
X-RPM
Memory
X-Oss-Cdn-Auth
X-DB
X-Srv
Apigw-Requestid
X-DI
N-Cache
X-Vgn-Hpd-Ssi
X-Acc-Rdl
X-Erf-Bev-Bev-Is-Generated
Server-Host
X-Erf-Bev-Bev
X-We-Are-Hiring
Pics-Label
X-Varnish-Hits
Server-Info
User-Agent
X-Instart-Request-ID
Processtime
CF-IPCountry
W
Magicmarker
X-MSEdge-Features
X-MSEdge-Flight
WZWS-RAY
X-Uri
X-VC
X-SB
Amp-Access-Control-Allow-Source-Origin
X-Geo
LB
X-Info
Sid
X-Tb
GeoIP-Latitude
GeoIP-Country-Code
S-Rt
Ohc-Cache-HIT
X-Hit
X-Vcache
X-Newrelic-App-Data
X-HOST
X-Akamai-Request-ID2
X-TT-LOGID
CDN
Cteonnt-Length
Section-Origin-Responded
DSUID
Section-Io-Id
Odigeo-Trace-Id
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Actual-Object-TTL
X-HITS
X-ORACLE-APMCS-REQUEST-ID
X-Newrelic-Synthetics
Cache-Name
X-Unique-ID
X-Cache-Hm
User-Cache-Control
X-Cache-Hfrom
X-UA-Device-Type
X-Envoy-Upstream-Healthchecked-Cluster
X-Pjax-Url
X-Epic-Correlation-Id
X-Vcl-Version
Tracecode
Geo-Info
X-Webkit-CSP-Report-Only
Accept-Language
X-FC-Vary-Parameters
A
X-Fastly-Country-Code
X-Origin-Date
Ssr
X-CACHE-KEY
Lb
Lfy
X-Fpc
Esi-Enabled
Cdn
X-Magnolia-Registration
X-Provided-By
CountryCode
X-Mobile-Rewrite
True-Client-Country-4JS
V-Age
Thinkindot-Control
Thinkindot-CacheControl-Type
SR-User-Adfree
Thinkindot-CacheControl
Vix-Hermes-Req-Id
Web-Mar-Node
X-Cache-ASPX
X-Cache-Expires
X-Block-Status
X-BBXSRF
X-API-Version
X-BBC-Edge-Cache-Status
Sever-Int
Server-ID
CDCHOST
FNAC-ModuleRouting
X-Scheme
X-Men
X-Cc-Req-Id
X-Cc-Via
Instruction
IsBot
Server-Ext
Server-Hostname
Release
Path
MIME-Version
X-Cache-Info
X-Contensis-Viewer-Groups
X-SIPLIST1
X-SRCache-Key
X-Server-IP
X-SD-PageType
X-Request-URI
X-Response-By
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Varnish-Url
X-VServer
X-Varnish-Authentication
X-User
X-Thinkindot-L3
X-Traceid
X-Origin-TTL
X-Origin-Time
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hnp-Log
X-GeoIP-City
X-Gen-Mode
X-Developer
X-Gdpr
X-Loc
X-Matched-Rule
X-Origin-CC
X-Origin-Expires
X-Nyt-Route
X-Node-Id
X-Nginx-Cache-Key
D-Cc-Upstream
Locid
X-Amzn-Remapped-Connection
X-Via-NSCOPI
X-Amzn-Remapped-Date
X-Nc
X-Key
X-Device-Os
X-Azure-Ref-OriginShield
X-ServedByHost
X-Cdn-Origin
X-NodeID
X-Swa-Ws
X-Trace-Id
X-Var-Ttl
X-StackifyID
X-Li-Proto
Pramga
X-Sn-Servicetimems
X-Generated-In
X-Fetched-On
Kp-EeAlive
Cache-Host
X-Cache-Tag
X-Dynatrace
X-Akamai-Pragma-Client-IP
X-Sigma-Backend
X-Served-From
Server-Ttl
Origin-Edge-Control
X-Geo-Region
Proxy-Firewall
Origin-Cache-Control
X-Sigma
X-Rocket-Build-Number
X-Instart-Info
X-TH-Server
Cache-Key
X-Dispatch
X-RAMCache
X-B3-SpanId
X-Via-PopH
Source
X-Via-PopN
X-Parent-Response-Time
X-Via-PopV
Powered-By
X-Lb-Id
Cf-Device-Type
Cache-Provider
X-No-Cache
X-Apw-Access-Object
X-ServiceProvider
X-Pf-Uncompressing
X-VC-Cache
X-Tt-Logid
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-WA
X-Agile-Brick-Ok
X-Apw-Access-Token
HitType
X-Apw-Hits
X-LiteSpeed-Tag
X-Apw-Access-Action
X-ElasticPress-Query
X-Batcache
Fastcgi-Cache-TTL
Tcn
Expiry
X-Origin-Response-Time
Content-Style-Type
Req-Svc-Chain
X-Varnish-Beresp-TTL
X-Request-URL
X-MiniProfiler-Ids
Content-Script-Type
X-RateLimit-Limit
Xet-Cookie
X-TrackingId
X-PJAX-URL
BehaviorPad-Version
Who
X-Yottaa-OS
X-Generated
X-HostName
Cf-Alt-Svc
X-Selected-Scheme
X-Selected-Name
X-Selected-Host-Header
Mime-Version
X-BBC-Origin-Response-Status
PICS-Label
Resin-Trace
X-B3-Parentspanid
X-C
X-Snapshot-Date
X-Vgn-Hpd-Reason
Vha6-Origin
Dnion-Transfer-Encoding
Inserted-Into-Cache-At
Pragrma
X-Dw-Trace-Id