Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
CF-RAY
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-UA-Compatible
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
X-Xss-Protection
Alt-Svc
X-Served-By
CF-Ray
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
P3p
X-DNS-Prefetch-Control
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
X-CDN
Upgrade
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Dns-Prefetch-Control
X-Ws-Request-Id
X-Template
X-Language
Feature-Policy
X-Age
X-Backend
X-Cache-Group
X-Hacker
X-Server
X-Amz-Request-Id
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
EagleId
X-UA-Device
X-Proxy-Cache
Request-Context
X-Turbo-Charged-By
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Host-Header
Grace
Report-To
X-Buckets
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
Cf-Railgun
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-Vhost
X-Host
X-Backend-Server
X-Dispatcher
X-WebKit-CSP
X-Device
X-Node
NEL
Surrogate-Control
X-Server-Id
Cf-Bgj
X-Ruxit-JS-Agent
Content-Location
X-Response-Time
X-Cache-Lookup
Request-Id
X-Origin-Cache
X-Akam-SW-Version
Accept-CH-Lifetime
X-Ac
EagleEye-TraceId
X-ASPNET-VERSION
X-Ua-Compatible
Accept-CH
X-Country
X-HW
Rating
X-Mod-Pagespeed
X-Readtime
X-Cloud-Trace-Context
X-Application-Context
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Allow
Pinterest-Generated-By
Edge-Control
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country-Code
X-TtlSet
X-PC
X-Vname
X-DataDome
X-Varnish-TTL
X-Url
X-Cnection
X-MS-InvokeApp
X-Origin-Upstream-Status
X-GitHub-Request-Id
X-Content-Type
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
X-D2id
X-Clacks-Overhead
X-Trace
Pinterest-Version
Pagespeed
X-Sol
X-Middleton-Display
Response
X-Pinterest-Rid
X-Middleton-Response
Display
X-Abt-Application-Version
X-Server-Name
X-Px
X-Vcap-Request-Id
X-ESI
X-Navigation-Version
X-Rack-Cache
X-B3-TraceId
X-FTR-Request-ID
Verso
MS-Author-Via
Service-Worker-Allowed
X-Cached
X-Webkit-CSP
X-Fastly-Request-ID
X-Element-Page-Cache
X-DynaTrace
X-Client-IP
Arr-Disable-Session-Affinity
X-Cache-TTL
X-CST
X-Dw-Request-Base-Id
X-Powered-By-Plesk
Content-MD5
X-Upstream
SPRequestGuid
X-SharePointHealthScore
Fastly-Restarts
Accept-Ch
AR-PoweredBy
AR-Request-ID
AR-ATIME
AR-CACHE
X-Version
Ar-Sid
X-FastCGI-Cache
X-NF-Request-ID
X-VARITI-CCR
X-Forwarded-Proto
X-Debug
X-GoogleNews-Bot
X-Kinja
X-Goog-Hash
X-Use-Magma
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Build
X-Kinja-Server
X-Cdn-Fetch
X-Exp-Id
X-TTL
X-T
X-Jurisdiction
X-Ttl
Access-Control-Request-Method
X-MSEdge-Ref
X-Powered-CMS
X-Release
X-Content-Digest
SPRequestDuration
SPIisLatency
TP-Cache
TP-L2-Cache
S
X-Edge
X-XRDS-Location
X-Amz-Rid
X-Pinterest-Direct
RTSS
Cache-Tag
TCN
X-Ezoic-Cdn
X-NWS-LOG-UUID
Public-Key-Pins
X-Node-Name
Fastcgi-Cache
X-PressLabs-Stats
X-Yandex-Sdch-Disable
X-Request-Received
X-Request-Processing-Time
X-Cache-Key
X-Mid
X-MCACHE
Server-Node
Front-End-Https
X-Accel-Expires
X-Amzn-Trace-Id
X-Server-ID
X-Ser
X-Recruiting
X-Kinsta-Cache
X-Microsite
X-Request-Handler-Origin-Region
X-Logged-In
ServerID
X-Cache-Hit
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Origin-Server
Accept-Charset
X-Mg-S
X-Page-Id
X-Ratelimit-Remaining
Accept-Ch-Lifetime
Host
X-Amz-Server-Side-Encryption
X-Grace
X-Varnish-Age
X-B
X-Content-Security-Policy-Report-Only
Alternate-Protocol
X-ECACHE
X-DIS-Request-ID
Nginx-Cache
X-Shield-Request-Id
X-HP-Webp
X-Mobile-URL
X-Hostname
Edge-Cache-Tag
X-Forwarded-For
X-Hits
X-Ratelimit-Limit
Realpath
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Realm
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend
X-FTR-Expires
X-Content-Options
X-F-Cache
X-FireWall-Port
X-Git-Hash
X-LB-Cache
Filterid
MicrosoftSharePointTeamServices
X-Seen-By
X-AppVersion
X-Load-Cache
X-Az
X-Activity-Id
X-N
X-Jobs
X-App-Environment
X-Request-Guid
Paypal-Debug-Id
X-Type
Cache-Tags
X-Rid
X-Varnish-Backend
Fastcgi-Useragent
Cleartype
X-Upgrade-Enabled
X-Cached-By
X-Varnish-Grace
DynaTrace
X-Zen-Fury
X-Kong-Proxy-Latency
X-WebKit-CSP-Report-Only
X-Kong-Upstream-Latency
X-Proxy
X-Daa-Tunnel
Access-Control-Allow-Method
X-Litespeed-Cache
X-Cache-Age
Nel
Powered-By-ChinaCache
X-FB-Debug
X-Id
X-Akamai-Edgescape
X-Amz-Meta-S3cmd-Attrs
X-TEC-API-ORIGIN
X-Respond-Thread
X-App-Server
X-TEC-API-ROOT
X-TEC-API-VERSION
DC
X-Geo-Country
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Storage-Class
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Combine-CSS
X-Cache-Operation
X-Cache-Rule
X-Host-Name
X-Correlation-ID
X-B3-Sampled
AMP-Access-Control-Allow-Source-Origin
X-IPLB-Instance
X-Content-Powered-By
X-User-Agent
X-B-Cache
X-Signature
X-Debug-Info
Content-Disposition
X-AOL-HN
MS-CV
X-Response-Served-From
X-Accel-Buffering
Healthy
X-Whom
X-Original-Request-Id
X-XRDS-LOCATION
X-Region
X-Wix-Request-Id
X-Frontend
Payment
X-HTML-Minification-Powered-By
X-Mobile
X-UUID
X-Cacheable-TTL
X-Rule
X-Distributor
X-FW-Dynamic
X-Instance
X-FW-Static
X-FW-Type
X-FW-Serve
X-FW-Hash
X-FW-Server
X-Rendered-As
X-Cache-Time
X-Is-Bot
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-2
X-VCache
X-Tumblr-Pixel-1
Akamai-Age-Ms
X-Tumblr-Pixel-0
Refresh
X-Ua
X-Endurance-Cache-Level
Datacenter
X-Tec-Api-Root
X-Tec-Api-Origin
X-Amzn-RequestId
X-Amz-Apigw-Id
Surrogate-Key
X-Tec-Api-Version
Charset
Filters
NGB
X-Acc-Debug-Context
S-Cnection
X-Via-JSL
Liferay-Portal
X-Protected-By
Viewport
Countrycode
X-App-Version
PB-RID
PB-PID
Arc-Version
X-Backend-Name
X-Ah-Environment
X-Hyper-Cache
X-Fastcgi-Cache
X-Cache-Expired-At
X-Varnish-Server
X-Oneagent-Js-Injection
X-Cache-Server
X-Amz-Replication-Status
X-NewRelic-App-Data
Section-Io-Cache
X-Cache-Action
Retry-After
X-Sucuri-ID
X-PHP-Backend
Referer-Policy
X-Source
X-Azure-Ref
Version
X-EdgeConnect-Cache-Status
X-Cache-Control
X-WA-Info
X-Proxy-Cache-Status
GEO-INFO
Eomportal-Instance
X-RemovedCookies
X-Real-IP
X-Framework
X-Environment-Context
X-ProcessESI
X-L-Path
X-Yottaa-Metrics
Frame-Options
X-Air-Hostname
X-Yottaa-Optimizations
X-RN-RSRV
X-Correlation-Id
Ms-Operation-Id
X-RTag
Server-Name
X-Cache-Var
X-Revision
Meta-Geo
X-ES-SERVER
X-Cache-Var-Map
X-GeoIP
X-Mode
X-Unique-Id
X-From
X-Ruxit-Js-Agent
X-Time
X-ProxyCache-Key
X-ProxyCache-Status
X-BYPASS-REASON
Cache
X-DynaTrace-JS-Agent
X-Cache-TTL-Remaining
X-Qloud-Router
X-Cache-Host
X-R9-Blue-Green-Version
X-Xfnlog-Site
X-Time-Microsecs
X-Drupal-Cache-Contexts
Uber-Trace-Id
Cross-Origin-Window-Policy
Ec-Rule-Version
X-AWS-Id
Mn-Server-Ip
X-FW-Version
X-Loop
X-TNCMS
X-Status
X-VWS-Id
Cache-Tv-Group
DB-Nickname
X-Server-W
X-PHP-Host
X-Labrador-Cache-Channel
X-Human
X-LJ-Flow-ID
X-OCL
X-PCL
X-Hosted-By
X-Cluster
Powered
TWC-Connection-Speed
X-Origin-Hint
TWC-Device-Class
X-Debug-Cache
X-FB-TRIP-ID
X-Hl-Ver
Property-Id
X-NYM-Debug-Backend
X-Detected-As
TWC-GeoIP-Country
Webcakes-App-Name
Webcakes-App-Version
Selected-Fe
Webcakes-Region
X-Handled-By
X-Sucuri-Cache
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
X-Locale
X-Amzn-Remapped-Content-Length
X-Proxy-Build
X-Routing-Service
X-Site-Version
X-Timing-Wait
X-Proxied
X-Redis-Cache
X-Zipkin-Id
X-Format
X-Via-Fastly
X-Access
X-ServerID
X-CSRF-Token
X-Be
X-Proto
X-Section
X-Cache-PHP
X-BCube-Filmed-By
FSS-Cache
X-Device-Type
X-Ratelimit-Reset
X-No-Session
X-Generated-By
X-ATG-Version
X-Drupal-Cache-Tags
X-Contextid
X-FTR-Cache-Host
Webserver
X-JoinUs
X-SaId
From-Origin
X-Esi
X-Hp-Webp
X-CDN-Forward
X-Varnish-Cache-Hits
X-URL
X-Adobe-Loc
X-Adobe-Content
X-AIR-PT
X-NCache
CF-Cached-On
OT-Force-Account-Verify
X-Oss-Storage-Class
X-Origin
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-NC
X-NWS-UUID-VERIFY
CACHE
VIX-Pulpo-Upstream-Status
X-GoCache-CacheStatus
Azure-Version
Azure-SlotName
Azure-SiteName
Azure-RegionName
Azure-InstanceId
VIX-Pulpo-Node
X-TT
X-Akamai-Transformed
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-TA-CDN-Provider
X-IPS-LoggedIn
Upgrade-Insecure-Requests
X-TIME
X-IP
SD-X-WS
Access-Control-Request-Headers
X-Flags
X-Aspnet-Duration-Ms
X-Bc-Bl
X-Providence-Cookie
X-CCM
X-EIG-Tracking-Id
X-Adobe-Source
X-Cache-Enabled
X-Is-Crawler
X-Route-Name
X-APP-VERSION
X-Backend-Host
X-ECache
X-Cache-2
X-Pinterest-Sli-Response-Type
X-ShardId
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-Pinterest-Sli-Endpoint-Name
X-EC-Lua
X-ShopId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-Pinterest-Sli-Latency-Threshold
X-ApacheServer
X-Backend-TTL
X-Forwarded-Host
X-Tumblr-Pixel-3
X-Pubstack
X-PERF
X-Cache-Grace
X-Soup
X-Say-Cacheable
X-Web-Node
X-G
X-Viewer-Country
Node
X-Cache-Backend
X-SayCDN-TTL
X-Varnishpool
X-Storage
X-Say-TTL
Decoy-Debug-Status
X-Cdn
Fastly-SSL
X-Cluster-Name
Decoy-Debug-TTL
X-LAGOON
Cache-Status
Decoy-Debug-Key
X-Vdms-Path
X-S
X-S-Cookie
X-Twitter-Response-Tags
X-Transaction
X-Trv-Group
X-ScT
X-Request-UUID
X-VG-WebCache
X-Rojux
X-Vdms-Version
X-Vtex-Processado-Em
X-VG-WebServer
X-Rewrite-Enabled
X-External-Request-Id
X-B-Cookie
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-PAYTM-SRV-ID
X-A
X-RCS-CacheZone
X-Processor
X-PBS-Appsvrname
Apple-News-Services-Request-Url
DCR-Decision-By
MD5-Digest
Meta-Geo-Continent
Mobile-Detection-Method
Machine
Host-ID
DCR-Processing-Time-Ms
Fastcgi-X-Cache-Version
X-Vtex-Remote-Cache
Xc-Version
X-CF-Lambda-Fn
X-Cache-NE
Rendered-Blocks
X-CF-Lambda-Version
X-Connection-Hash
X-Destination
X-D
X-ARC
X-Application
X-A-Dam
X-A-Ccd
X-Worker
X-A-Dcw
X-Aed
X-A-Dgt
X-A-Wwc
X-Cache-Config
X-TX-ID
X-UPSTREAM-Address
CDN-EdgeStorageId
CDN-CachedAt
CDN-PullZone
CDN-RequestCountryCode
CDN-Uid
CDN-RequestId
CDN-Cache
Adler-Geo
X-WADP-Cache
X-Vgn-Hpd-Cached
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Platform-Server
CloudFront-Viewer-Country
Fastly-SIE
X-DPWN-IS-SECURE
X-Generation-Time
X-Fmm-Version
X-Envoy-Decorator-Operation
X-Fastly-Cache
X-Clara-WADP
X-Cache-Bucket
X-Ms-Request-Id
Fastly-SWR
Is-Eu
X-Micro-Cache
Platform
X-Vgn-Hpd-Variations-Key
X-Ms-Version
X-VG-TLSProxy
Country
X-Variation
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-UA
Backend
X-Varnish-CookieHashed-On
X-OVcl
X-OVcl-Cache
X-Old-Content-Length
C-Via
X-DefElseHash
X-CUA
X-Cms-Context
X-DefHash
X-Varnish-Remaining-TTL
X-Owner
Wxu-Next-Region
X-Varnish-CookieINHashed-On
Akamai-GRN
Wxu-Next-Hostname
X-Servername
X-Method
X-LI-UUID
X-Microcachable
Origin
NM-Fastcgi-Cache
X-Request-Host
L
X-Minions-Version
X-Varnish-Cacheable
Surrogated-Key
X-Li-Fabric
Country-Code
X-SN
X-Li-Pop
Rt-Fastcgi-Cache
Fastly-Drupal-HTML
Wxu-Next-Commit
X-Auto-Login
X-Webstats-RespID
X-Date
X-Hash
X-Wikidot-Backend
X-Accel-Expires-Debug
X-Core-Mission
X-Wikidot-Static-Cache
X-Gzip
X-Slack-Backend
X-Render-Time
X-Esi-Check
X-Fastly-Backend
X-Thanos
X-Dispatcher-Server
X-Request-Start
X-Clientip
X-Core-Value
X-Skip-Cache
X-Backend-State
X-Bip
Gh-Request-Id
X-Policy
X-Platform
X-Irp-Debug
X-Varnish-Ttl
X-HS-Content-Campaign-Id
X-Cache-Id
X-Cache-NGX
X-CS
X-NGENIX-Cache
X-HN
X-Content-Age
X-Has-Esi
X-Eu-Site
X-Is-Gdpr
X-JWT-State
PFcat
X-CGP
X-Cache-Tags
X-Cache-Date
X-Generated-On
X-Gamma-Serve
X-Up
X-Csrf-Jwt
X-Level-Front-Cache
L5d-Success-Class
X-VarnishDD-TTL
Time
Ha-Gx-Prefs
AKAMAI
CacheControlHeader
X-Amz-Meta-Cb-Modifiedtime
X-Developers
Fastly-Backend-Name
HA-Ipaddr
X-Mvc-Supplant-Cachable
X-Req
X-Reqid
X-Cache-Debug
X-Cache-URL
X-RateLimit-Remaining
FSS-Proxy
Mail-Subject
Memcached
X-Branch-Name
X-Geo-Header
X-Cdn-Srv
X-Location
We-Hiring
Now
Pagetype
Group
X-Edge-Location
X-Aicache-OS
X-Page-View
X-Session-Fingerprint
Ufe-Result
UCS
X-Wa
X-Refresh
X-Proxy-Upstream
X-LB-ID
X-NODE
X-Via-Poph
SRV
X-DC
X-PF-Uncompressing
X-Via-Popn
X-CACHE-AGE
HostName
X-Agile
X-Agile-Age
X-Agile-Id
X-B3-Spanid
X-B3-Traceid
X-Dc
X-GEO
X-Mvc-Supplant-OutputCached
X-BC
X-Via-CDN
X-Debug-Cache-Fetch
NGX
X-ZONE
X-Debug-Cache-Store
X-Datadome
X-Ftr-Cache-Host
X-Servedbyhost
X-LI-Proto
X-Nginx-Cache
M-TraceId
X-Ua-Device
Hostname
Xserver
X-Check-Cacheable
X-Sql-Duration-Ms
X-Sql-Count
X-Cdn-Forward
X-SERVER
X-LLID
Arc-Country
X-FPC
X-SRV
X-Varnish-Hostname
X-Request-Time
X-Webkit-Csp
X-NU-AKA-ACS-Version
VivaBuild
Viewtype
Cdn-Request-Time
X-Bc
X-Zone
X-Cache-Remote
X-SERVER-NAME
Cdn-Host
X-Edge-Server
X-COUNTRY
X-Www-Served-By
Edge-Copy-Time
X-Via-Edge
X-VCL-Version
X-Via-SSL
X-RunCloud-Cache
X-Cluster-Node
WebServer
X-CF-Powered-By
X-Action
X-LiteSpeed-Cache-Control
X-Via-Ucdn
X-APP
X-FORWARDED-FOR
X-UnsetCookies
Srv
X-DSS
X-DI
Cache-Hits
X-Instart-Request-ID
WWW-Authenticate
X-ID
On-Server
X-RPM
X-RPS
X-Cs
X-Svr
X-S-Maxage
X-Via-Popv
X-RSL
X-DB
X-DW
ServedBy
Memory
X-Dynatrace-Js-Agent
X-HS-Status
Geoip-Latitude
GeoIp-Country-Code
X-NGINX-Cache
SID
X-CSRF-TOKEN
X-Geo
NtCoent-Length
XServer
X-Vgn-Hpd-Ssi
X-Oss-Cdn-Auth
X-Presslabs-Stats
X-Srv
X-MP-GENERATED-AT
X-Vcache
Apigw-Requestid
T-Server
X-We-Are-Hiring
ProcessTime
Geo-Info
Processtime
Ohc-File-Size
X-Pass-Why
User-Agent
X-Unique-ID
W
Sid
X-MSEdge-Flight
X-MSEdge-Features
Server-Info
X-Hit
Actual-Object-TTL
X-ORACLE-APMCS-REQUEST-ID
LB
GeoIP-Latitude
X-Erf-Stays-Bingo-Pdp-Web
GeoIP-Country-Code
Server-Host
X-Akamai-Request-ID2
Pics-Label
N-Cache
Protected
X-Varnish-Hits
X-HOST
CF-IPCountry
X-VC
X-Vcl-Version
Magicmarker
X-Tb
X-Epic-Correlation-Id
X-Envoy-Upstream-Healthchecked-Cluster
WZWS-RAY
S-Rt
X-SB
X-Dynatrace
X-HITS
Amp-Access-Control-Allow-Source-Origin
X-Erf-Bev-Bev
Cdn
X-Pjax-Url
Accept-Language
X-Uri
X-Erf-Bev-Bev-Is-Generated
X-Nc
X-Cache-Hfrom
X-Cache-Hm
X-Info
X-Webkit-CSP-Report-Only
Ohc-Cache-HIT
Esi-Enabled
A
X-Fpc
X-Fastly-Country-Code
Cteonnt-Length
X-Acc-Rdl
X-FC-Vary-Parameters
CDN
X-CACHE-KEY
X-Newrelic-Synthetics
X-Mobile-Rewrite
Tracecode
X-Key
Lb
User-Cache-Control
X-Newrelic-App-Data
X-TT-LOGID
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
X-Provided-By
Odigeo-Trace-Id
DSUID
Section-Origin-Responded
Ssr
X-Via-NSCOPI
X-ServedByHost
X-Li-Proto
X-Amzn-Remapped-Connection
X-UA-Device-Type
X-Amzn-Remapped-Date
Cache-Name
Origin-Edge-Control
X-B3-SpanId
Tcn
Origin-Cache-Control
X-Origin-Date
Proxy-Firewall
X-Instart-Info
X-Dispatch
X-Magnolia-Registration
X-StackifyID
Lfy
X-Cache-Tag
Thinkindot-Control
X-Men
True-Client-Country-4JS
Web-Mar-Node
X-BBXSRF
X-Block-Status
X-Cache-ASPX
X-BBC-Edge-Cache-Status
X-API-Version
Vix-Hermes-Req-Id
Thinkindot-CacheControl-Type
V-Age
Sever-Int
MIME-Version
Path
Locid
IsBot
Instruction
CDCHOST
Release
Server-Ext
X-Scheme
SR-User-Adfree
X-Cache-Expires
Server-ID
Server-Hostname
Thinkindot-CacheControl
X-Developer
X-SD-PageType
X-Server-IP
X-Sigma
X-Rocket-Build-Number
X-Response-By
X-Origin-TTL
X-Request-URI
X-Sigma-Backend
X-SIPLIST1
X-Varnish-Url
X-Varnish-Authentication
X-Thinkindot-L3
X-SVT-ORM-VERSION
X-SRCache-Key
X-SVT-ORM-RULES
X-Origin-Time
X-Origin-Expires
X-Gdpr
X-Gen-Mode
X-GeoIP-City
X-Cc-Via
X-VServer
X-Contensis-Viewer-Groups
X-User
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hnp-Log
X-Nyt-Route
X-Origin-CC
X-Node-Id
X-Nginx-Cache-Key
X-Loc
X-Matched-Rule
X-Cache-Info
FNAC-ModuleRouting
Cache-Key
X-Akamai-Pragma-Client-IP
Powered-By
X-TH-Server
X-Served-From
Server-Ttl
X-Geo-Region
X-Cc-Req-Id
D-Cc-Upstream
Cache-Host
X-Device-Os
X-Swa-Ws
X-WA
X-Trace-Id
X-Azure-Ref-OriginShield
X-RAMCache
Cache-Provider
X-Cache-Spec
X-Via-PopN
X-Via-PopH
X-Traceid
X-Lb-Id
X-Fetched-On
X-Parent-Response-Time
Pramga
X-NodeID
X-RateLimit-Limit
X-Sn-Servicetimems
X-Var-Ttl
X-Generated-In
HitType
X-Via-PopV
Kp-EeAlive
X-Cdn-Origin
CountryCode
X-No-Cache
X-ServiceProvider
X-Tt-Logid
X-VC-Cache
Req-Svc-Chain
Fastcgi-Cache-TTL
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Generated
X-Batcache
X-LiteSpeed-Tag
BehaviorPad-Version
X-ElasticPress-Query
X-TrackingId
X-Agile-Brick-Ok
Xet-Cookie
X-Dw-Trace-Id
Who
Source
Cf-Device-Type
X-PJAX-URL
X-HostName
Cf-Alt-Svc
Dnion-Transfer-Encoding
X-Pf-Uncompressing
X-Varnish-Beresp-TTL
X-Yottaa-OS
X-Selected-Scheme
X-Selected-Name
X-App
X-Selected-Host-Header
X-Apw-Hits
X-Request-URL
X-Apw-Access-Object
X-Apw-Access-Token
X-BBC-Origin-Response-Status
Resin-Trace
X-B3-Parentspanid
X-TraceId
X-ServerName
X-Request-Url
X-Apw-Access-Action
X-Snapshot-Date
PICS-Label
Pragrma
Inserted-Into-Cache-At
X-MiniProfiler-Ids
X-C
X-Proxy-Cachei7
X-Planisys-CDN-TTL
Mime-Version
X-Planisys-CDN-Cache
Vha6-Origin
X-Planisys-CDN-Rules
X-Vgn-Hpd-Reason