Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
CF-RAY
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-Served-By
X-Xss-Protection
CF-Ray
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Request-ID
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-DNS-Prefetch-Control
P3p
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
Upgrade
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
Keep-Alive
X-Template
X-Via
X-Language
X-Ws-Request-Id
Feature-Policy
X-Age
X-Dns-Prefetch-Control
X-Backend
X-Cache-Group
X-Hacker
X-Server
X-Amz-Request-Id
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
X-UA-Device
EagleId
X-Proxy-Cache
Request-Context
X-Turbo-Charged-By
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Host-Header
Grace
X-Buckets
Report-To
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Vhost
X-Amz-Version-Id
Cf-Bgj
X-Host
X-WebKit-CSP
X-Dispatcher
X-Backend-Server
X-Device
NEL
X-Node
Surrogate-Control
X-Ruxit-JS-Agent
X-Cache-Lookup
X-Server-Id
Content-Location
X-Response-Time
Request-Id
X-Origin-Cache
X-Akam-SW-Version
Accept-CH-Lifetime
X-Ac
X-ASPNET-VERSION
EagleEye-TraceId
Accept-CH
X-Country
X-HW
X-Mod-Pagespeed
Rating
X-Readtime
X-Cloud-Trace-Context
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Application-Context
Pinterest-Generated-By
Edge-Control
Allow
X-Country-Code
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Vname
X-TtlSet
X-PC
X-DataDome
X-Url
X-Varnish-TTL
X-Cnection
X-Origin-Upstream-Status
X-MS-InvokeApp
X-GitHub-Request-Id
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Fusion-Component-Id
X-Content-Type
X-D2id
X-Clacks-Overhead
X-Trace
X-Abt-Application-Version
X-Server-Name
Response
X-Pinterest-Rid
Pagespeed
X-Middleton-Display
Pinterest-Version
X-Sol
X-Middleton-Response
Display
X-Vcap-Request-Id
X-ESI
X-Px
X-Navigation-Version
X-FTR-Request-ID
X-Rack-Cache
Verso
X-B3-TraceId
X-DynaTrace
X-Cached
Service-Worker-Allowed
X-Webkit-CSP
X-Element-Page-Cache
MS-Author-Via
X-Fastly-Request-ID
X-Client-IP
Arr-Disable-Session-Affinity
X-Cache-TTL
X-Dw-Request-Base-Id
X-TTL
X-Powered-By-Plesk
X-Upstream
Content-MD5
X-Version
SPRequestGuid
AR-Request-ID
AR-CACHE
AR-ATIME
X-SharePointHealthScore
AR-PoweredBy
Ar-Sid
X-FastCGI-Cache
X-Forwarded-Proto
Fastly-Restarts
X-NF-Request-ID
X-Debug
X-VARITI-CCR
X-CST
X-Cdn-Fetch
X-Exp-Id
X-Kinja
X-Exp-Variant
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
Accept-Ch
X-GoogleNews-Bot
X-T
X-Goog-Hash
X-Jurisdiction
X-XRDS-Location
Access-Control-Request-Method
X-Powered-CMS
X-MSEdge-Ref
TP-L2-Cache
TP-Cache
X-Release
X-Content-Digest
X-Edge
S
SPIisLatency
SPRequestDuration
TCN
X-Amz-Rid
X-Ttl
X-Pinterest-Direct
RTSS
X-NWS-LOG-UUID
Cache-Tag
X-Server-ID
Public-Key-Pins
X-Node-Name
X-Ezoic-Cdn
Fastcgi-Cache
X-PressLabs-Stats
X-Yandex-Sdch-Disable
X-Request-Processing-Time
X-Request-Received
X-Cache-Key
X-Mid
X-MCACHE
Server-Node
X-Accel-Expires
Front-End-Https
X-Amzn-Trace-Id
X-Logged-In
X-Ratelimit-Remaining
X-Ser
X-Kinsta-Cache
X-Microsite
X-Cache-Hit
X-Recruiting
X-Request-Handler-Origin-Region
ServerID
X-Origin-Server
X-Page-Id
Accept-Charset
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Host
Alternate-Protocol
X-Mg-S
X-B
Accept-Ch-Lifetime
X-Varnish-Age
X-Content-Security-Policy-Report-Only
X-ECACHE
X-Grace
X-Mobile-URL
Nginx-Cache
X-Shield-Request-Id
X-Hostname
X-Amz-Server-Side-Encryption
X-DIS-Request-ID
X-Ratelimit-Limit
Edge-Cache-Tag
X-FTR-DC
Filterid
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Cache-Status
X-FireWall-Port
X-FTR-Expires
X-Forwarded-For
X-HP-Webp
Realpath
X-Seen-By
X-Content-Options
X-Hits
X-Load-Cache
X-LB-Cache
X-Git-Hash
X-F-Cache
X-Activity-Id
X-AppVersion
X-Jobs
X-Az
X-N
X-App-Environment
X-Request-Guid
X-Type
MicrosoftSharePointTeamServices
X-Varnish-Backend
Paypal-Debug-Id
X-Rid
Fastcgi-Useragent
X-Varnish-Grace
X-Daa-Tunnel
Cache-Tags
X-WebKit-CSP-Report-Only
X-Zen-Fury
DynaTrace
Cleartype
X-Proxy
X-Upgrade-Enabled
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Litespeed-Cache
Access-Control-Allow-Method
X-Cached-By
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-FB-Debug
X-Akamai-Edgescape
X-App-Server
X-Id
X-Cache-Age
X-Amz-Meta-S3cmd-Attrs
Powered-By-ChinaCache
DC
X-Geo-Country
X-Cache-Operation
X-Cache-Rule
X-Content-Powered-By
X-Host-Name
Content-Disposition
X-Correlation-ID
X-HS-Cache-Config
X-GUploader-UploadID
X-HS-Hub-Id
X-Respond-Thread
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Generation
X-HS-Content-Id
X-User-Agent
X-HS-Combine-CSS
X-IPLB-Instance
X-B3-Sampled
X-Response-Served-From
X-AOL-HN
X-Original-Request-Id
X-Wix-Request-Id
X-Signature
X-B-Cache
X-Accel-Buffering
MS-CV
X-Whom
Healthy
X-Debug-Info
Akamai-Age-Ms
X-Region
AMP-Access-Control-Allow-Source-Origin
Payment
X-HTML-Minification-Powered-By
X-Distributor
X-Cacheable-TTL
X-UUID
X-Rendered-As
X-Is-Bot
X-Ua
X-VCache
X-Frontend
X-FW-Static
X-Rule
X-FW-Type
X-FW-Server
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-Cache-Time
X-Instance
X-Endurance-Cache-Level
X-Mobile
Refresh
NGB
Datacenter
X-Tumblr-Pixel
X-Tumblr-Pixel-2
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Amzn-RequestId
X-Amz-Apigw-Id
Surrogate-Key
Countrycode
X-Via-JSL
X-Acc-Debug-Context
Nel
X-App-Version
X-Protected-By
X-XRDS-LOCATION
S-Cnection
Liferay-Portal
Viewport
Arc-Version
PB-PID
Filters
PB-RID
X-Backend-Name
X-Varnish-Server
Charset
X-Ah-Environment
X-Tec-Api-Version
X-Hyper-Cache
X-Tec-Api-Root
X-Tec-Api-Origin
X-Oneagent-Js-Injection
X-Cache-Expired-At
X-PHP-Backend
X-Cache-Server
X-Azure-Ref
Retry-After
Section-Io-Cache
X-Amz-Replication-Status
X-NewRelic-App-Data
Referer-Policy
X-Cache-Action
X-Fastcgi-Cache
X-Source
X-Sucuri-ID
X-Proxy-Cache-Status
X-WA-Info
X-Cache-Control
X-EdgeConnect-Cache-Status
GEO-INFO
Version
Eomportal-Instance
Powered
X-L-Path
X-RemovedCookies
X-Environment-Context
X-Framework
X-Real-IP
X-ProcessESI
X-RN-RSRV
X-DynaTrace-JS-Agent
X-Yottaa-Metrics
X-Cache-Var-Map
Meta-Geo
X-ES-SERVER
X-Yottaa-Optimizations
X-Cache-Var
Frame-Options
X-RTag
X-Air-Hostname
X-Mode
X-Revision
X-GeoIP
Ms-Operation-Id
X-From
X-Time
X-Unique-Id
X-ProxyCache-Key
X-Cache-TTL-Remaining
X-R9-Blue-Green-Version
X-Time-Microsecs
X-Cache-Host
X-ProxyCache-Status
X-Correlation-Id
Uber-Trace-Id
X-Xfnlog-Site
X-BYPASS-REASON
X-Qloud-Router
Cache-Tv-Group
Cross-Origin-Window-Policy
DB-Nickname
Ec-Rule-Version
Mn-Server-Ip
Server-Name
X-LJ-Flow-ID
X-Loop
X-Labrador-Cache-Channel
X-Hosted-By
X-Debug-Cache
X-FW-Version
X-OCL
X-PCL
X-TNCMS
X-Server-W
X-VWS-Id
X-Hp-Webp
X-PHP-Host
X-Cluster
X-Human
X-AWS-Id
X-FB-TRIP-ID
X-Proxied
Webcakes-App-Name
TWC-GeoIP-LatLong
Webcakes-App-Version
X-Proxy-Build
Webcakes-Region
TWC-Privacy
X-Routing-Service
X-Redis-Cache
X-Site-Version
X-Timing-Wait
X-NYM-Debug-Backend
X-CSRF-Token
X-Zipkin-Id
X-Origin-Hint
X-Hl-Ver
Selected-Fe
TWC-GeoIP-Country
X-Detected-As
TWC-Connection-Speed
TWC-Device-Class
X-Status
X-Handled-By
Property-Id
X-Locale
TWC-Locale-Group
X-Amzn-Remapped-Content-Length
X-Section
X-Be
X-Ratelimit-Reset
X-Proto
X-Access
X-ServerID
X-Generated-By
X-Via-Fastly
X-Format
X-Drupal-Cache-Contexts
X-BCube-Filmed-By
X-Device-Type
X-Sucuri-Cache
X-Cache-PHP
Cache
FSS-Cache
X-JoinUs
X-SaId
X-ATG-Version
X-No-Session
X-FTR-Cache-Host
X-Drupal-Cache-Tags
X-Contextid
From-Origin
X-Varnish-Cache-Hits
Webserver
X-CDN-Forward
X-Esi
X-URL
X-NCache
X-NWS-UUID-VERIFY
X-Origin
CF-Cached-On
X-Adobe-Content
X-Adobe-Loc
OT-Force-Account-Verify
X-NC
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
CACHE
X-Oss-Storage-Class
X-AIR-PT
X-TA-CDN-Provider
X-GoCache-CacheStatus
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-TT
Azure-RegionName
Azure-SlotName
Azure-SiteName
Azure-InstanceId
Azure-Version
X-IPS-LoggedIn
VIX-Pulpo-Node
X-Akamai-Transformed
VIX-Pulpo-Upstream-Status
X-EIG-Tracking-Id
X-IP
X-Bc-Bl
X-TIME
X-EC-Lua
X-Cache-Enabled
Access-Control-Request-Headers
X-APP-VERSION
X-CCM
X-Adobe-Source
X-Backend-Host
SD-X-WS
X-ECache
X-Ruxit-Js-Agent
X-Cache-2
X-ShardId
X-Shopify-Stage
X-ShopId
X-Sorting-Hat-ShopId
Upgrade-Insecure-Requests
X-Tumblr-Pixel-3
X-Alternate-Cache-Key
X-Cache-Backend
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
X-Forwarded-Host
X-Pubstack
X-PERF
X-Soup
X-Backend-TTL
X-Vgn-Hpd-Variations-Key
X-Cdn
X-Vgn-Hpd-Cached
X-Viewer-Country
X-ApacheServer
X-Cache-Grace
Node
X-Worker
Apple-News-Services-Handled
X-ARC
Xc-Version
X-Web-Node
X-Cache-NE
X-Varnishpool
X-B-Cookie
X-Cluster-Name
Decoy-Debug-TTL
X-Destination
Fastly-SSL
X-Trv-Group
X-D
Decoy-Debug-Status
X-Connection-Hash
Cache-Status
Decoy-Debug-Key
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
Apple-News-Services-Host
X-G
X-Vdms-Version
X-Vdms-Path
X-External-Request-Id
X-Storage
X-Aed
Rendered-Blocks
X-Rewrite-Enabled
X-Rojux
X-S
X-S-Cookie
X-Request-UUID
Host-ID
X-A-Ccd
Apple-News-Services-Parsed-Url
X-Vtex-Processado-Em
X-A
X-ScT
X-VG-WebServer
X-Route-Name
X-Providence-Cookie
Meta-Geo-Continent
Mobile-Detection-Method
X-Transaction
X-Is-Crawler
X-Flags
Machine
MD5-Digest
X-VG-WebCache
X-Aspnet-Duration-Ms
Fastcgi-X-Cache-Version
X-Vtex-Remote-Cache
X-A-Dcw
X-A-Dam
X-A-Wwc
X-PBS-Appsvrname
X-Twitter-Response-Tags
DCR-Decision-By
X-A-Dgt
Apple-News-Services-Request-Url
DCR-Processing-Time-Ms
X-RCS-CacheZone
X-Application
X-Processor
X-PAYTM-SRV-ID
X-Cache-Config
Adler-Geo
X-Cache-Bucket
X-Clara-WADP
CDN-EdgeStorageId
CDN-CachedAt
CDN-Cache
X-Accel-Expires-Debug
X-TX-ID
CDN-Uid
CloudFront-Viewer-Country
Fastly-SWR
X-LAGOON
Fastly-SIE
Surrogated-Key
Is-Eu
CDN-PullZone
CDN-RequestCountryCode
CDN-RequestId
Platform
X-DPWN-IS-SECURE
X-Generation-Time
X-WADP-Cache
X-Fmm-Version
X-Fastly-Cache
X-Rebelmouse-Cache-Control
X-Ms-Version
X-Micro-Cache
X-VG-TLSProxy
X-Variation
X-Ms-Request-Id
X-Envoy-Decorator-Operation
X-Rebelmouse-Surrogate-Control
X-Date
X-Servername
Time
Country
X-UA
X-Varnish-Beresp-Ttl
X-NGENIX-Cache
Backend
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Wikidot-Backend
X-Old-Content-Length
Origin
X-OVcl
X-Varnish-Ttl
X-SN
X-Minions-Version
X-Microcachable
X-Method
X-LI-UUID
C-Via
X-Wikidot-Static-Cache
X-Li-Pop
X-OVcl-Cache
X-Thanos
X-Up
X-Owner
Gh-Request-Id
Wxu-Next-Region
X-Req
Wxu-Next-Hostname
Wxu-Next-Commit
X-Request-Start
L
X-Request-Host
X-Render-Time
Rt-Fastcgi-Cache
X-Webstats-RespID
X-Policy
Country-Code
X-Slack-Backend
Akamai-GRN
Fastly-Drupal-HTML
X-Skip-Cache
X-Platform
X-Backend-State
NM-Fastcgi-Cache
X-Hash
X-HS-Content-Campaign-Id
X-Irp-Debug
X-Gzip
X-Auto-Login
X-Varnish-Cacheable
X-Esi-Check
X-Fastly-Backend
X-UPSTREAM-Address
X-Cache-NGX
X-Dispatcher-Server
X-Cms-Context
X-Bip
X-Platform-Server
X-Core-Value
X-CUA
X-Cache-Id
X-Li-Fabric
X-Core-Mission
X-Clientip
Now
Ufe-Result
X-Cache-URL
We-Hiring
X-Cdn-Srv
X-VarnishDD-TTL
X-Developers
X-CGP
X-Csrf-Jwt
X-Edge-Location
PFcat
X-Varnish-Remaining-TTL
X-Cache-Date
X-DefElseHash
X-Is-Gdpr
X-Amz-Meta-Cb-Modifiedtime
X-JWT-State
X-Level-Front-Cache
X-Content-Age
X-DefHash
X-Varnish-CookieHashed-On
X-Generated-On
X-Gamma-Serve
X-Eu-Site
X-Varnish-CookieINHashed-On
X-Has-Esi
X-Mvc-Supplant-Cachable
X-HN
X-Reqid
X-Cache-Tags
X-CS
Ha-Gx-Prefs
Fastly-Backend-Name
L5d-Success-Class
CacheControlHeader
Mail-Subject
AKAMAI
HA-Ipaddr
Memcached
Group
X-CACHE-AGE
FSS-Proxy
X-Wa
X-Aicache-OS
X-Proxy-Upstream
X-Geo-Header
Pagetype
X-Location
UCS
X-Pinterest-Sli-Endpoint-Name
X-Pinterest-Sli-Latency-Threshold
X-Pinterest-Sli-Response-Type
X-DC
X-Branch-Name
X-Refresh
X-Cache-Debug
X-LB-ID
X-Session-Fingerprint
X-NODE
X-PF-Uncompressing
X-Via-Popn
X-Via-Poph
X-Page-View
X-Agile
X-Agile-Age
X-Agile-Id
X-BC
X-ZONE
HostName
X-B3-Traceid
X-B3-Spanid
X-RateLimit-Remaining
X-GEO
X-Debug-Cache-Fetch
X-Servedbyhost
SRV
X-Debug-Cache-Store
M-TraceId
NGX
X-LI-Proto
X-Mvc-Supplant-OutputCached
X-Datadome
X-Ftr-Cache-Host
X-Ua-Device
X-Dc
X-Nginx-Cache
Hostname
X-Via-CDN
Arc-Country
X-Instart-Request-ID
Xserver
X-Cdn-Forward
X-SERVER
Viewtype
X-Edge-Server
X-Request-Time
VivaBuild
Cdn-Host
Cdn-Request-Time
X-Varnish-Hostname
X-Check-Cacheable
X-RunCloud-Cache
X-FPC
X-Sql-Duration-Ms
X-VCL-Version
X-NU-AKA-ACS-Version
X-SERVER-NAME
X-Bc
X-Via-Ucdn
X-Zone
X-Sql-Count
X-COUNTRY
Srv
X-Action
X-APP
X-Cluster-Node
Memory
X-SRV
WebServer
X-UnsetCookies
X-LiteSpeed-Cache-Control
X-FORWARDED-FOR
X-Via-SSL
X-RPM
X-DSS
X-RPS
X-RSL
X-Cache-Remote
X-ID
X-CF-Powered-By
X-Via-Edge
X-Dynatrace-Js-Agent
WWW-Authenticate
X-Vgn-Hpd-Ssi
X-HS-Status
X-DB
X-DI
Edge-Copy-Time
X-Via-Popv
X-DW
X-Cs
SID
X-Www-Served-By
X-NGINX-Cache
On-Server
X-LLID
X-ORACLE-APMCS-REQUEST-ID
Actual-Object-TTL
X-Presslabs-Stats
ProcessTime
X-CSRF-TOKEN
X-Oss-Cdn-Auth
X-MP-GENERATED-AT
Geoip-Latitude
GeoIp-Country-Code
XServer
X-Srv
X-Svr
NtCoent-Length
Cache-Hits
X-S-Maxage
ServedBy
X-Geo
X-Vcache
Apigw-Requestid
X-We-Are-Hiring
X-Hit
X-Unique-ID
Geo-Info
User-Agent
Amp-Access-Control-Allow-Source-Origin
GeoIP-Country-Code
GeoIP-Latitude
Processtime
T-Server
W
Server-Info
Sid
X-Akamai-Request-ID2
LB
X-Pass-Why
Ohc-File-Size
X-MSEdge-Features
X-MSEdge-Flight
X-Epic-Correlation-Id
X-HOST
S-Rt
CF-IPCountry
Server-Host
Pics-Label
N-Cache
X-Envoy-Upstream-Healthchecked-Cluster
X-Tb
X-HITS
X-Varnish-Hits
X-FC-Vary-Parameters
X-Cache-Hm
Cdn
X-Vcl-Version
Accept-Language
Protected
X-Fpc
X-Pjax-Url
X-Mobile-Rewrite
X-Cache-Hfrom
Magicmarker
X-SB
WZWS-RAY
X-VC
X-Nc
X-Webkit-CSP-Report-Only
X-Info
X-Key
A
Cteonnt-Length
CDN
X-Fastly-Country-Code
X-Erf-Stays-Bingo-Pdp-Web
Esi-Enabled
X-Uri
Ohc-Cache-HIT
X-CACHE-KEY
X-Erf-Bev-Bev-Is-Generated
Origin-Cache-Control
X-Erf-Bev-Bev
Origin-Edge-Control
X-Newrelic-App-Data
Lb
X-Newrelic-Synthetics
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Via-NSCOPI
X-Instart-Info
X-TT-LOGID
X-Dispatch
Proxy-Firewall
User-Cache-Control
Tracecode
X-Acc-Rdl
Odigeo-Trace-Id
Section-Io-Id
X-Geo-Region
X-StackifyID
X-ServedByHost
DSUID
X-B3-SpanId
Powered-By
X-Provided-By
Section-Origin-Responded
Section-Io-Origin-Status
X-Li-Proto
Section-Io-Origin-Time-Seconds
Ssr
Cache-Name
X-UA-Device-Type
X-Dynatrace
Lfy
X-TH-Server
Server-Ttl
Cache-Key
X-Magnolia-Registration
X-Served-From
X-Akamai-Pragma-Client-IP
X-RAMCache
HitType
X-Origin-Date
X-Cache-Tag
X-BBXSRF
X-BBC-Edge-Cache-Status
Web-Mar-Node
Vix-Hermes-Req-Id
X-API-Version
X-Block-Status
X-Contensis-Viewer-Groups
X-Developer
X-Cache-Info
X-Cache-Expires
X-Cache-ASPX
V-Age
Thinkindot-Control
Path
X-Via-PopN
MIME-Version
Locid
Instruction
IsBot
Server-Ext
Server-Hostname
Thinkindot-CacheControl-Type
X-Gdpr
Thinkindot-CacheControl
SR-User-Adfree
Server-ID
Sever-Int
True-Client-Country-4JS
X-GeoIP-City
X-SIPLIST1
X-SRCache-Key
X-Sigma-Backend
X-Sigma
X-SD-PageType
X-Server-IP
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Varnish-Url
X-VServer
X-Varnish-Authentication
X-User
X-Thinkindot-L3
X-Traceid
X-Rocket-Build-Number
X-Response-By
X-Matched-Rule
X-Nginx-Cache-Key
X-Loc
X-Hnp-Log
FNAC-ModuleRouting
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Node-Id
X-Nyt-Route
X-Origin-TTL
X-Request-URI
X-Origin-Time
X-Origin-Expires
X-Origin-CC
X-Gen-Mode
Release
BehaviorPad-Version
D-Cc-Upstream
X-Lb-Id
X-Generated
Cache-Provider
X-TrackingId
CDCHOST
X-Cc-Req-Id
Fastcgi-Cache-TTL
X-Via-PopH
X-Men
X-Via-PopV
X-Cc-Via
X-Scheme
CountryCode
X-No-Cache
Xet-Cookie
X-NodeID
X-VC-Cache
X-Fetched-On
X-WA
X-Generated-In
X-RateLimit-Limit-Second
X-Batcache
X-Sn-Servicetimems
X-Swa-Ws
X-Var-Ttl
X-ServiceProvider
X-ElasticPress-Query
X-Trace-Id
X-RateLimit-Remaining-Second
X-LiteSpeed-Tag
X-Parent-Response-Time
X-App
X-Cache-Spec
X-Device-Os
Pramga
Kp-EeAlive
Cache-Host
X-Azure-Ref-OriginShield
X-Tt-Logid
X-Cdn-Origin
X-Agile-Brick-Ok
Tcn
X-Planisys-CDN-Rules
Cf-Alt-Svc
X-HostName
X-Planisys-CDN-Cache
Inserted-Into-Cache-At
Req-Svc-Chain
X-Varnish-Beresp-TTL
X-Yottaa-OS
X-Pf-Uncompressing
X-Planisys-CDN-TTL
Dnion-Transfer-Encoding
X-PJAX-URL
Who
X-RateLimit-Limit
X-Selected-Name
X-Selected-Host-Header
X-Path-Route
X-Selected-Scheme
Mime-Version
X-Proxy-Cachei7
X-Apw-Hits
X-Snapshot-Date
PICS-Label
X-B3-Parentspanid
Cf-Device-Type
X-BBC-Origin-Response-Status
X-Apw-Access-Token
X-C
X-MiniProfiler-Ids
X-Apw-Access-Action
X-Request-URL
Pragrma
X-Dw-Trace-Id
Vha6-Origin
Resin-Trace
Source
X-Apw-Access-Object
X-Vgn-Hpd-Reason