Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Pragma
Link
X-Powered-By
ETag
X-XSS-Protection
Expect-CT
CF-RAY
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-UA-Compatible
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-Served-By
CF-Ray
X-Timer
X-Download-Options
X-Xss-Protection
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
P3p
X-Content-Security-Policy
Status
Content-Encoding
X-CDN
X-AspNetMvc-Version
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Cache-Group
X-Server
X-Backend
X-Amz-Request-Id
X-Hacker
X-Robots-Tag
X-Amz-Id-2
Request-Context
X-UA-Device
X-Proxy-Cache
X-AH-Environment
EagleId
X-Turbo-Charged-By
X-Dns-Prefetch-Control
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Grace
Host-Header
X-Template
Report-To
X-Language
X-Rq
Xkey
X-Page-Speed
X-Ua-Compatible
X-Varnish-Cache
X-OneAgent-JS-Injection
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
X-Vhost
X-Buckets
X-Host
X-Backend-Server
X-WebKit-CSP
NEL
X-Server-Id
X-Dispatcher
X-Device
Accept-CH-Lifetime
Surrogate-Control
X-Node
Request-Id
X-Ruxit-JS-Agent
Accept-CH
Content-Location
X-Response-Time
EagleEye-TraceId
X-Akam-SW-Version
X-Cache-Lookup
X-Origin-Cache
X-Ac
Allow
X-Readtime
X-Country
Rating
X-Mod-Pagespeed
X-HW
X-Application-Context
X-Cloud-Trace-Context
X-ORACLE-DMS-ECID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Edge-Control
Pinterest-Generated-By
X-ORACLE-DMS-RID
X-MS-InvokeApp
X-Vname
X-PC
X-TtlSet
X-CST
X-Cnection
X-Country-Code
X-DataDome
X-Varnish-TTL
X-ASPNET-VERSION
X-GitHub-Request-Id
X-Content-Type
X-FastCGI-Cache
X-D2id
X-Clacks-Overhead
Display
X-Trace
Pagespeed
X-Sol
X-Server-Name
X-Middleton-Response
Response
X-Middleton-Display
MS-Author-Via
X-Pinterest-Rid
Pinterest-Version
X-TTL
X-Origin-Upstream-Status
X-ESI
X-Url
X-B3-TraceId
X-Vcap-Request-Id
X-Abt-Application-Version
X-Px
X-Navigation-Version
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Content-Id
Fusion-Source
Fusion-Component-Id
X-Rack-Cache
Service-Worker-Allowed
Verso
Arr-Disable-Session-Affinity
X-Client-IP
X-Element-Page-Cache
X-Fastly-Request-ID
X-Cache-TTL
X-Cached
X-Webkit-CSP
X-Dw-Request-Base-Id
X-FTR-Request-ID
X-DynaTrace
X-VARITI-CCR
X-SharePointHealthScore
SPRequestGuid
X-Exp-Variant
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Exp-Id
X-Goog-Hash
X-Powered-By-Plesk
X-Upstream
Fastly-Restarts
X-Pinterest-Direct
X-NF-Request-ID
AR-ATIME
AR-PoweredBy
AR-CACHE
AR-Request-ID
Ar-Sid
X-Debug
X-MSEdge-Ref
Content-MD5
SPRequestDuration
SPIisLatency
X-Powered-CMS
X-Forwarded-Proto
X-Release
X-Version
X-Amz-Rid
Access-Control-Request-Method
X-T
X-Jurisdiction
S
X-Edge
X-Content-Digest
TCN
X-XRDS-Location
RTSS
Public-Key-Pins
TP-Cache
X-Ezoic-Cdn
TP-L2-Cache
X-Litespeed-Cache
Cache-Tag
X-Cache-Key
Front-End-Https
X-MCACHE
X-Mid
X-Node-Name
X-Mg-S
Server-Node
X-Yandex-Sdch-Disable
X-Amz-Server-Side-Encryption
X-HP-Webp
X-Request-Processing-Time
Fastcgi-Cache
X-Request-Received
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-PressLabs-Stats
X-Recruiting
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Accel-Expires
X-Amzn-Trace-Id
X-Grace
X-Ser
X-Kinsta-Cache
Accept-Ch
X-Microsite
X-Request-Handler-Origin-Region
X-NWS-LOG-UUID
X-Origin-Server
MicrosoftSharePointTeamServices
X-Varnish-Age
X-Ttl
Accept-Charset
ServerID
X-Logged-In
X-DIS-Request-ID
Host
Edge-Cache-Tag
X-Page-Id
X-Content-Security-Policy-Report-Only
Nginx-Cache
X-Shield-Request-Id
X-ECACHE
Powered-By-ChinaCache
X-Cache-Hit
X-Forwarded-For
X-Hits
X-Server-ID
Cache-Tags
X-Ratelimit-Remaining
X-LB-Cache
X-B
X-Hostname
Cleartype
X-F-Cache
X-Mobile-URL
X-Respond-Thread
X-Git-Hash
X-AppVersion
X-Az
X-Activity-Id
X-N
X-Cached-By
X-Upgrade-Enabled
Realpath
X-Amz-Meta-S3cmd-Attrs
X-Kong-Upstream-Latency
X-Content-Options
X-Kong-Proxy-Latency
X-Type
DynaTrace
X-Rid
X-Cache-Age
Alternate-Protocol
X-Ratelimit-Limit
X-Load-Cache
X-App-Environment
Paypal-Debug-Id
X-Varnish-Backend
X-Request-Guid
Access-Control-Allow-Method
X-Jobs
Fastcgi-Useragent
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Expires
X-Seen-By
X-Proxy
X-WebKit-CSP-Report-Only
Charset
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-HS-Combine-CSS
X-VCache
X-B3-Sampled
X-Akamai-Edgescape
X-Zen-Fury
Filters
X-Correlation-ID
X-FireWall-Port
X-IPLB-Instance
X-FB-Debug
Viewport
X-Mobile
X-AOL-HN
X-B-Cache
X-Signature
X-Whom
Healthy
X-Host-Name
X-Varnish-Grace
X-Daa-Tunnel
Filterid
MS-CV
X-Debug-Info
DC
X-Region
X-Geo-Country
X-User-Agent
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Response-Served-From
Payment
X-Frontend
X-Accel-Buffering
AMP-Access-Control-Allow-Source-Origin
X-Original-Request-Id
X-URL
X-App-Server
X-Cache-Rule
X-XRDS-LOCATION
X-Cache-Operation
X-Tec-Api-Root
Accept-Ch-Lifetime
X-Tec-Api-Version
X-Tec-Api-Origin
X-Id
X-HTML-Minification-Powered-By
Liferay-Portal
X-Tumblr-Pixel-1
X-Instance
X-Tumblr-User
X-Amz-Replication-Status
X-Tumblr-Pixel-2
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-FW-Server
X-FW-Static
X-FW-Hash
X-FW-Dynamic
X-Cache-Time
X-FW-Type
X-FW-Serve
Surrogate-Key
X-Cacheable-TTL
X-Distributor
X-Rule
X-UUID
Refresh
X-Protected-By
X-Content-Powered-By
S-Cnection
X-Via-JSL
X-Acc-Debug-Context
Section-Io-Cache
X-Cache-Expired-At
Version
X-Is-Bot
X-Rendered-As
X-Wix-Request-Id
X-Hyper-Cache
CACHE
Nel
X-Backend-Name
X-Cache-Action
GEO-INFO
Server-Name
Content-Disposition
X-Amzn-RequestId
X-Ah-Environment
X-Amz-Apigw-Id
X-Ua
X-Sucuri-ID
X-Air-Hostname
X-Oneagent-Js-Injection
Retry-After
X-Cache-Server
PB-PID
PB-RID
Arc-Version
X-Endurance-Cache-Level
Datacenter
X-Source
X-Pinterest-Sli-Endpoint-Name
X-Pinterest-Sli-Latency-Threshold
X-Pinterest-Sli-Response-Type
X-Framework
X-Real-IP
X-RemovedCookies
X-EdgeConnect-Cache-Status
X-Unique-Id
Eomportal-Instance
X-L-Path
Webserver
X-ProcessESI
X-Environment-Context
Frame-Options
X-App-Version
X-Revision
X-Yottaa-Metrics
Referer-Policy
X-Yottaa-Optimizations
X-RTag
X-Drupal-Cache-Contexts
Ms-Operation-Id
Countrycode
X-Cache-Spec
X-Varnish-Server
X-Sucuri-Cache
X-Correlation-Id
X-Cache-Control
NGB
Meta-Geo
X-Cache-Var-Map
X-Cache-Var
X-RN-RSRV
X-Drupal-Cache-Tags
X-ES-SERVER
X-Route-Name
X-Providence-Cookie
X-ProxyCache-Status
Akamai-Age-Ms
X-Is-Crawler
X-ProxyCache-Key
X-TIME
X-Flags
X-Aspnet-Duration-Ms
X-BYPASS-REASON
X-Mode
X-WA-Info
Cache-Tv-Group
X-Proxy-Cache-Status
X-Time-Microsecs
X-Hl-Ver
X-NYM-Debug-Backend
X-Cache-TTL-Remaining
TWC-Privacy
X-Redis-Cache
TWC-Locale-Group
TWC-GeoIP-LatLong
Cross-Origin-Window-Policy
Webcakes-Region
Mn-Server-Ip
X-Be
DB-Nickname
X-Status
X-Cache-Host
X-Server-W
X-ServerID
TWC-GeoIP-Country
TWC-Device-Class
Webcakes-App-Version
X-FW-Version
X-Proto
TWC-Connection-Speed
X-PHP-Host
Webcakes-App-Name
X-Handled-By
X-Human
X-R9-Blue-Green-Version
X-Origin-Hint
X-Qloud-Router
X-Cluster
X-Labrador-Cache-Channel
X-GeoIP
Property-Id
X-Amzn-Remapped-Content-Length
X-NewRelic-App-Data
X-Azure-Ref
X-Locale
X-LJ-Flow-ID
X-Loop
X-OCL
X-Hosted-By
Ec-Rule-Version
X-FB-TRIP-ID
X-DynaTrace-JS-Agent
X-Contextid
X-Access
X-AWS-Id
X-PCL
X-Format
X-No-Session
X-Site-Version
X-TNCMS
X-VWS-Id
X-Zipkin-Id
Selected-Fe
X-Proxy-Build
X-Timing-Wait
X-Proxied
X-Routing-Service
X-Section
X-Xfnlog-Site
X-Detected-As
X-CDN-Forward
X-From
X-Via-Fastly
FSS-Cache
X-TT
X-Adobe-Content
X-Adobe-Loc
X-LLID
X-AIR-PT
Uber-Trace-Id
Cf-Bgj
X-Cache-PHP
X-Device-Type
X-Debug-Cache
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-ATG-Version
VIX-Pulpo-Node
Upgrade-Insecure-Requests
X-Generated-By
VIX-Pulpo-Upstream-Status
X-BCube-Filmed-By
X-NC
X-Aspnetmvc-Version
X-CSRF-Token
Azure-SiteName
X-Ratelimit-Reset
Azure-InstanceId
Azure-RegionName
Azure-SlotName
X-PHP-Backend
Azure-Version
Access-Control-Request-Headers
X-Varnish-Cache-Hits
OT-Force-Account-Verify
X-UPSTREAM-Address
Cache
From-Origin
Cache-Status
X-Page-View
X-NCache
SD-X-WS
X-Akamai-Transformed
X-Cache-2
X-Backend-TTL
X-Origin
X-APP-VERSION
X-FTR-Cache-Host
X-Varnishpool
X-Cluster-Name
CF-Cached-On
X-G
X-GoCache-CacheStatus
Country
X-Soup
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
SRV
X-Oss-Object-Type
X-Oss-Request-Id
X-PERF
X-Pubstack
X-CCM
X-ApacheServer
X-LAGOON
X-Cache-Grace
X-Adobe-Source
X-Forwarded-Host
X-Esi
Decoy-Debug-TTL
X-Backend-Host
X-Alternate-Cache-Key
Fastly-SSL
X-ShopId
X-Say-Cacheable
Decoy-Debug-Status
Decoy-Debug-Key
X-Say-TTL
X-SayCDN-TTL
X-Sorting-Hat-PodId
X-ShardId
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-Web-Node
X-Storefront-Renderer-Rendered
X-ID
X-Storage
X-SaId
X-JoinUs
X-ECache
Node
X-Ruxit-Js-Agent
Powered
X-GEO
X-IP
X-Via-CDN
X-EC-Lua
X-Time
X-Viewer-Country
X-CF-Lambda-Fn
Fastcgi-X-Cache-Version
X-Cache-NE
Rendered-Blocks
X-A
Xc-Version
X-Rewrite-Enabled
X-Application
X-CF-Lambda-Version
X-Aed
X-Request-UUID
X-Worker
X-Processor
Meta-Geo-Continent
X-D
MD5-Digest
Machine
X-ARC
X-RCS-CacheZone
Host-ID
Mobile-Detection-Method
X-VG-WebServer
Apple-News-Services-Handled
X-Destination
Apple-News-Services-Host
X-Trv-Group
X-External-Request-Id
X-A-Dgt
X-A-Dcw
X-Session-Fingerprint
X-PAYTM-SRV-ID
X-ScT
X-PBS-Appsvrname
X-S-Cookie
X-Vdms-Path
Apple-News-Services-Parsed-Url
X-A-Ccd
X-VG-WebCache
X-Connection-Hash
X-Vtex-Processado-Em
DCR-Processing-Time-Ms
X-Vdms-Version
X-Rojux
X-A-Dam
X-S
Apple-News-Services-Request-Url
X-A-Wwc
DCR-Decision-By
X-Vtex-Remote-Cache
X-B-Cookie
X-Cache-Enabled
X-B3-Spanid
X-TX-ID
X-Cache-Config
X-Tumblr-Pixel-3
X-Clara-WADP
X-Cms-Context
Platform
X-DPWN-IS-SECURE
X-Varnish-Remaining-TTL
X-Varnish-Beresp-Grace
Is-Eu
X-Platform
X-Varnish-CookieINHashed-On
X-WADP-Cache
X-Micro-Cache
X-DefElseHash
X-DefHash
X-Auto-Login
X-CUA
X-Irp-Debug
X-IPS-LoggedIn
X-Varnish-CookieHashed-On
X-Varnish-Beresp-Status
Gh-Request-Id
X-Fmm-Version
X-Servername
Adler-Geo
X-Variation
X-Varnish-Beresp-Ttl
X-Cache-Bucket
X-Generation-Time
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Backend
X-B3-Traceid
X-Dispatcher-Server
CDN-Cache
CacheControlHeader
HA-Ipaddr
X-Esi-Check
Ha-Gx-Prefs
Fastly-SWR
Fastly-SIE
C-Via
Fastly-Backend-Name
CloudFront-Viewer-Country
CDN-PullZone
CDN-EdgeStorageId
CDN-Uid
X-Envoy-Decorator-Operation
Fastly-Drupal-HTML
CDN-RequestId
CDN-RequestCountryCode
CDN-CachedAt
X-Core-Value
X-Cache-Id
X-Cache-Debug
X-Thanos
X-NWS-UUID-VERIFY
Wxu-Next-Region
X-VarnishDD-TTL
X-Cache-Date
X-Cache-Backend
X-Request-Host
X-Backend-State
X-Request-Start
X-SN
X-Branch-Name
X-Policy
Wxu-Next-Hostname
Wxu-Next-Commit
X-Eu-Site
NM-Fastcgi-Cache
X-Csrf-Jwt
X-Bip
L5d-Success-Class
X-Developers
Origin
Pagetype
X-Cache-Tags
X-Clientip
X-Cache-NGX
X-CGP
PFcat
Rt-Fastcgi-Cache
L
Akamai-GRN
X-Method
X-Microcachable
X-Skip-Cache
X-Cache-Remote
X-Varnish-Ttl
X-Location
X-Li-Fabric
X-Platform-Server
X-Rebelmouse-Surrogate-Control
X-LI-UUID
X-Ms-Request-Id
X-Ms-Version
X-OVcl-Cache
X-Owner
X-Reqid
X-PF-Uncompressing
X-OVcl
X-Old-Content-Length
X-Mvc-Supplant-Cachable
X-VG-TLSProxy
X-Rebelmouse-Cache-Control
X-Level-Front-Cache
X-Li-Pop
X-Generated-On
X-Gamma-Serve
X-Wikidot-Static-Cache
X-Geo-Header
X-Varnish-Cacheable
X-Gzip
X-HN
X-Fastly-Cache
AKAMAI
X-JWT-State
X-Webstats-RespID
X-Is-Gdpr
X-Fastly-Backend
X-HS-Content-Campaign-Id
X-Wikidot-Backend
X-Has-Esi
X-Bc-Bl
X-COUNTRY
X-Hash
X-Content-Age
X-Refresh
X-Core-Mission
X-Render-Time
X-Slack-Backend
X-Sql-Count
X-Sql-Duration-Ms
X-Aicache-OS
FSS-Proxy
X-Twitter-Response-Tags
X-Transaction
UCS
X-RateLimit-Remaining
X-UA
X-Minions-Version
X-Wa
X-EIG-Tracking-Id
X-Www-Served-By
X-NODE
X-CS
X-DC
X-Amz-Meta-Cb-Modifiedtime
Country-Code
XServer
X-Fastcgi-Cache
X-S-Maxage
X-Dc
Cache-Hits
Surrogated-Key
X-Mvc-Supplant-OutputCached
Protected
X-Date
X-NU-AKA-ACS-Version
X-Accel-Expires-Debug
X-TA-CDN-Provider
X-Check-Cacheable
X-NGENIX-Cache
X-Debug-Cache-Store
Mail-Subject
X-Debug-Cache-Fetch
X-Ftr-Cache-Host
X-Via-Popn
X-Via-Poph
X-Req
We-Hiring
HostName
X-Edge-Location
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Variations-Key
X-LB-ID
X-SRV
X-Up
NGX
Hostname
ServedBy
X-Svr
Group
X-Ua-Device
Edge-Copy-Time
Memcached
X-Proxy-Upstream
X-Servedbyhost
X-Cdn-Srv
X-Cache-URL
X-Via-Edge
X-Via-SSL
X-FPC
Ufe-Result
X-LI-Proto
X-CACHE-AGE
X-Varnish-Hostname
X-Request-Time
X-Nginx-Cache
GeoIp-Country-Code
Time
Geoip-Latitude
On-Server
X-Hp-Webp
Now
X-Presslabs-Stats
X-Cs
X-Webkit-Csp
T-Server
X-NGINX-Cache
X-Agile-Age
X-Agile-Id
X-Erf-Stays-Bingo-Pdp-Web
X-BC
X-ZONE
X-Agile
X-Pass-Why
N-Cache
Server-Host
X-Acc-Rdl
X-Cluster-Node
X-Uri
X-VCL-Version
X-UnsetCookies
Xserver
Section-Io-Origin-Status
WZWS-RAY
X-Varnish-Hits
Section-Io-Origin-Time-Seconds
Section-Io-Id
Section-Origin-Responded
X-Srv
X-Datadome
X-CSRF-TOKEN
X-MP-GENERATED-AT
X-Oracle-Dms-Rid
X-LiteSpeed-Cache-Control
X-VC
Pics-Label
Magicmarker
M-TraceId
X-SB
X-Cdn-Forward
X-Bc
X-Zone
SID
X-Dynatrace
X-TT-LOGID
Ohc-File-Size
X-Dynatrace-Js-Agent
X-CF-Powered-By
X-HS-Status
X-Info
DSUID
Cache-Name
X-FORWARDED-FOR
Ohc-Cache-HIT
NtCoent-Length
Arc-Country
Apigw-Requestid
X-Via-Popv
Processtime
X-APP
ProcessTime
X-We-Are-Hiring
X-UA-Device-Type
Odigeo-Trace-Id
X-Origin-Date
User-Agent
VivaBuild
Viewtype
X-Via-Ucdn
X-MSEdge-Flight
Cdn-Host
X-MSEdge-Features
W
Cteonnt-Length
X-Edge-Server
Cdn-Request-Time
Tracecode
Sid
LB
User-Cache-Control
Ssr
X-Action
X-RunCloud-Cache
CF-IPCountry
Memory
S-Rt
CountryCode
X-Magnolia-Registration
X-HOST
Srv
CDN
Lfy
X-Tb
Server-Info
WWW-Authenticate
X-DB
X-DI
X-Oss-Cdn-Auth
X-DSS
X-DW
X-RSL
X-RPS
X-RPM
X-HITS
X-Nyt-Route
X-Scheme
Server-Ext
X-Gdpr
Server-Hostname
Path
X-Loc
X-Cache-Hm
X-Cache-Hfrom
X-Matched-Rule
Vix-Hermes-Req-Id
X-Nginx-Cache-Key
X-Node-Id
True-Client-Country-4JS
SR-User-Adfree
X-Contensis-Viewer-Groups
Thinkindot-CacheControl
X-BBXSRF
X-Pjax-Url
X-Cache-ASPX
X-Developer
X-Origin-CC
X-Cache-Info
Sever-Int
X-API-Version
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Vcl-Version
Locid
Geo-Info
D-Cc-Upstream
X-Thinkindot-L3
X-SVT-ORM-VERSION
X-Origin-Expires
X-SVT-ORM-RULES
X-User
X-Cc-Req-Id
X-Unique-ID
X-Cc-Via
X-Vgn-Hpd-Ssi
X-VServer
X-Varnish-Authentication
X-Varnish-Url
X-SRCache-Key
Instruction
V-Age
X-SD-PageType
X-Response-By
X-Request-URI
X-Origin-Time
X-Origin-TTL
X-SIPLIST1
X-Server-IP
IsBot
Amp-Access-Control-Allow-Source-Origin
WebServer
X-Webkit-CSP-Report-Only
Cache-Host
CDCHOST
MIME-Version
Pramga
Release
Server-ID
X-Goog-Meta-Goog-Reserved-File-Mtime
A
X-Hnp-Log
X-GeoIP-City
X-Generated-In
Web-Mar-Node
X-NodeID
X-Sn-Servicetimems
X-Var-Ttl
X-Newrelic-App-Data
X-Trace-Id
X-Fastly-Country-Code
X-Swa-Ws
X-Fetched-On
X-Gen-Mode
X-Newrelic-Synthetics
X-Block-Status
X-Cache-Expires
X-BBC-Edge-Cache-Status
X-Azure-Ref-OriginShield
X-Device-Os
X-Cdn-Origin
X-CACHE-KEY
X-Hit
X-Geo
GeoIP-Latitude
GeoIP-Country-Code
X-Traceid
Lb
X-FC-Vary-Parameters
X-Provided-By
Cf-Device-Type
Source
Cdn
X-Fpc
X-Browser-Type
X-Li-Proto
X-Lb-Id
X-Akamai-Request-ID2
X-Nc
X-Via-NSCOPI
X-Cache-Tag
X-Origin-Response-Time
X-ServedByHost
X-Envoy-Upstream-Healthchecked-Cluster
X-Men
FNAC-ModuleRouting
X-Epic-Correlation-Id
X-Fastly-Request-Id
X-Sigma-Backend
X-Sigma
X-Via-PopV
Cache-Key
Accept-Language
X-Akamai-Pragma-Client-IP
Server-Ttl
X-Served-From
X-SERVER-NAME
X-Via-PopH
Expiry
Kp-EeAlive
X-Via-PopN
X-TH-Server
X-Rocket-Build-Number
Url
X-Amzn-Remapped-Connection
X-Parent-Response-Time
X-Vgn-Hpd-Reason
Esi-Enabled
X-StackifyID
Content-Style-Type
Cache-Provider
X-Amzn-Remapped-Date
Content-Script-Type
X-No-Cache
EpKe-Alive
Content-Secure-Policy
X-B3-SpanId
X-Akamai-Request-ID
Xkeyi7
X-Proxy-Cachei7
Location
X-B3-Parentspanid
X-RateLimit-Remaining-Second
X-VC-Cache
Actual-Object-TTL
Req-Svc-Chain
X-ServiceProvider
X-ORACLE-APMCS-REQUEST-ID
X-Key
X-RateLimit-Limit-Second
X-Agile-Brick-Ok
X-Request-URL
X-Yottaa-OS
X-WA
X-Tt-Logid
X-ElasticPress-Query
X-MiniProfiler-Ids
Tcn
X-Instart-Request-ID
Who
X-Apw-Access-Action
X-Apw-Access-Object
X-ND-Cache
X-TraceId
BehaviorPad-Version
X-Apw-Hits
URI
X-Apw-Access-Token
X-BBC-Origin-Response-Status
X-PJAX-URL
X-Varnish-Beresp-TTL
Inserted-Into-Cache-At
X-RateLimit-Limit
X-HostName
X-Batcache
Mime-Version
X-Selected-Name
X-Selected-Host-Header
X-Mobile-Rewrite
X-Selected-Scheme
X-Snapshot-Date
Proxy-Firewall
X-TrackingId
X-Litespeed-Cache-Control
Server-Id
X-C
DataCenter
Vha6-Origin
Origin-Edge-Control
Xet-Cookie
Pragrma
X-Instart-Info
PICS-Label
Resin-Trace
X-Dispatch
NnCoection
Origin-Cache-Control