Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
Age
CF-RAY
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-UA-Compatible
X-Amz-Cf-Id
X-Cache-Hits
P3P
CF-Ray
Alt-Svc
X-Served-By
X-Xss-Protection
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
P3p
X-Content-Security-Policy
Status
Content-Encoding
X-CDN
X-AspNetMvc-Version
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Cache-Group
X-Server
X-Backend
X-Hacker
X-Amz-Request-Id
X-Robots-Tag
X-Amz-Id-2
Request-Context
X-AH-Environment
X-Proxy-Cache
EagleId
X-Turbo-Charged-By
X-UA-Device
X-Dns-Prefetch-Control
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Grace
Host-Header
X-Template
Report-To
X-Language
X-Rq
Xkey
X-Page-Speed
X-Ua-Compatible
X-Varnish-Cache
X-OneAgent-JS-Injection
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-Vhost
X-Buckets
X-Host
X-Backend-Server
X-WebKit-CSP
NEL
X-Server-Id
X-Dispatcher
X-Device
Surrogate-Control
Accept-CH-Lifetime
X-Node
Request-Id
X-Ruxit-JS-Agent
Content-Location
Accept-CH
EagleEye-TraceId
X-Response-Time
X-Akam-SW-Version
X-Cache-Lookup
X-Origin-Cache
X-Ac
Allow
X-Readtime
X-Country
X-Mod-Pagespeed
Rating
X-HW
X-Cloud-Trace-Context
X-Application-Context
X-ORACLE-DMS-ECID
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-ORACLE-DMS-RID
Edge-Control
Pinterest-Generated-By
X-MS-InvokeApp
X-TtlSet
X-PC
X-Vname
X-CST
X-Cnection
X-Country-Code
X-DataDome
X-ASPNET-VERSION
X-GitHub-Request-Id
X-Varnish-TTL
X-Content-Type
X-D2id
X-FastCGI-Cache
X-Clacks-Overhead
X-Server-Name
Response
Pagespeed
X-Middleton-Display
X-Middleton-Response
X-Sol
X-Trace
Display
MS-Author-Via
Pinterest-Version
X-Pinterest-Rid
X-Origin-Upstream-Status
X-ESI
X-Url
X-B3-TraceId
X-Vcap-Request-Id
X-Px
Fusion-Deployment-Id
Fusion-Content-Source
X-Navigation-Version
X-TTL
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Fusion-Component-Id
X-Abt-Application-Version
X-Rack-Cache
Service-Worker-Allowed
Verso
Arr-Disable-Session-Affinity
X-Client-IP
X-Fastly-Request-ID
X-Cache-TTL
X-Webkit-CSP
X-Element-Page-Cache
X-Cached
X-Dw-Request-Base-Id
X-FTR-Request-ID
X-DynaTrace
X-SharePointHealthScore
SPRequestGuid
X-VARITI-CCR
X-Exp-Id
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Goog-Hash
X-Upstream
X-Powered-By-Plesk
X-NF-Request-ID
Fastly-Restarts
X-Pinterest-Direct
AR-CACHE
AR-PoweredBy
AR-Request-ID
AR-ATIME
Ar-Sid
X-Debug
SPIisLatency
Content-MD5
SPRequestDuration
X-MSEdge-Ref
X-Forwarded-Proto
X-Powered-CMS
Access-Control-Request-Method
X-Version
X-Amz-Rid
X-Release
X-T
X-Jurisdiction
S
X-Edge
X-Content-Digest
TCN
X-XRDS-Location
RTSS
TP-Cache
TP-L2-Cache
Public-Key-Pins
X-Ezoic-Cdn
X-Litespeed-Cache
Cache-Tag
Front-End-Https
X-Mid
X-MCACHE
X-Mg-S
X-Node-Name
X-Cache-Key
Server-Node
X-HP-Webp
X-Request-Processing-Time
X-Request-Received
Fastcgi-Cache
X-Yandex-Sdch-Disable
X-Amz-Server-Side-Encryption
X-SRCache-Fetch-Status
X-SRCache-Store-Status
MRF-Tech
X-Recruiting
X-B3-TraceId-Primal
Mrf-Cache-Status
X-PressLabs-Stats
X-Accel-Expires
X-Amzn-Trace-Id
X-Ttl
X-Grace
X-Ser
X-Kinsta-Cache
Accept-Ch
X-Microsite
X-Request-Handler-Origin-Region
MicrosoftSharePointTeamServices
X-NWS-LOG-UUID
Accept-Charset
X-Varnish-Age
X-Origin-Server
X-DIS-Request-ID
X-Logged-In
ServerID
Edge-Cache-Tag
Nginx-Cache
X-Shield-Request-Id
X-Page-Id
Host
X-Content-Security-Policy-Report-Only
Powered-By-ChinaCache
X-Cache-Hit
X-ECACHE
X-Ratelimit-Remaining
X-Forwarded-For
X-Hits
X-Server-ID
X-B
Cache-Tags
X-LB-Cache
X-F-Cache
Cleartype
X-Mobile-URL
X-Respond-Thread
X-Hostname
X-Az
X-AppVersion
X-Activity-Id
X-Git-Hash
Realpath
X-N
X-Upgrade-Enabled
X-Cached-By
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Rid
X-Load-Cache
X-Ratelimit-Limit
DynaTrace
X-Cache-Age
Alternate-Protocol
X-Content-Options
X-Request-Guid
X-Varnish-Backend
Paypal-Debug-Id
X-App-Environment
X-Type
X-Amz-Meta-S3cmd-Attrs
X-Jobs
X-FTR-Backend-Server
X-FTR-Cache-Status
Access-Control-Allow-Method
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Realm
X-FTR-DC
Fastcgi-Useragent
X-FTR-Backend
X-FTR-Expires
X-Seen-By
X-Proxy
X-WebKit-CSP-Report-Only
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Combine-CSS
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-VCache
X-Akamai-Edgescape
Charset
X-Zen-Fury
X-B3-Sampled
Filters
X-IPLB-Instance
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-FireWall-Port
X-Correlation-ID
X-FB-Debug
X-Mobile
X-B-Cache
X-AOL-HN
X-Signature
X-Whom
MS-CV
Viewport
X-Varnish-Grace
X-Debug-Info
Healthy
X-Daa-Tunnel
Filterid
X-Host-Name
DC
X-Region
X-User-Agent
AMP-Access-Control-Allow-Source-Origin
X-Geo-Country
X-Accel-Buffering
X-Response-Served-From
Liferay-Portal
Payment
X-Original-Request-Id
X-URL
X-App-Server
X-XRDS-LOCATION
X-Cache-Operation
X-Cache-Rule
X-HTML-Minification-Powered-By
Accept-Ch-Lifetime
X-Frontend
X-Tumblr-Pixel-2
X-UUID
X-Tumblr-User
X-Tumblr-Pixel-1
X-Amz-Replication-Status
X-Distributor
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Instance
X-Rule
X-Cache-Time
X-Protected-By
X-Cacheable-TTL
X-Id
Surrogate-Key
X-FW-Static
X-FW-Type
Refresh
X-FW-Dynamic
X-FW-Server
X-FW-Serve
X-FW-Hash
X-Content-Powered-By
S-Cnection
X-Acc-Debug-Context
X-Via-JSL
Section-Io-Cache
X-Cache-Expired-At
Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Wix-Request-Id
X-Rendered-As
X-Is-Bot
X-Cache-Action
X-Hyper-Cache
X-Backend-Name
X-Sucuri-ID
CACHE
Content-Disposition
Nel
GEO-INFO
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Ah-Environment
X-Ua
X-Oneagent-Js-Injection
Server-Name
Retry-After
X-Air-Hostname
Arc-Version
X-Endurance-Cache-Level
PB-PID
X-Cache-Server
PB-RID
Datacenter
X-Pinterest-Sli-Latency-Threshold
X-Pinterest-Sli-Response-Type
X-Pinterest-Sli-Endpoint-Name
X-Framework
X-Real-IP
X-Source
Eomportal-Instance
X-ProcessESI
X-RemovedCookies
X-Environment-Context
Webserver
X-L-Path
X-EdgeConnect-Cache-Status
X-Sucuri-Cache
X-Yottaa-Metrics
X-Revision
X-App-Version
X-Yottaa-Optimizations
Referer-Policy
Frame-Options
Ms-Operation-Id
X-RTag
X-Drupal-Cache-Contexts
Countrycode
X-Varnish-Server
X-Unique-Id
X-Cache-Spec
X-Correlation-Id
X-Is-Crawler
X-Flags
X-Cache-Control
X-Aspnet-Duration-Ms
NGB
X-Cache-Var
Meta-Geo
X-RN-RSRV
X-ES-SERVER
X-Providence-Cookie
X-Cache-Var-Map
X-Route-Name
X-Proxy-Cache-Status
X-Drupal-Cache-Tags
Akamai-Age-Ms
X-WA-Info
X-BYPASS-REASON
X-ProxyCache-Key
X-ProxyCache-Status
X-Hl-Ver
X-Cache-Host
X-R9-Blue-Green-Version
X-Time-Microsecs
Cache-Tv-Group
X-Qloud-Router
X-Proto
X-Redis-Cache
X-PHP-Host
Ec-Rule-Version
X-No-Session
X-GeoIP
Cross-Origin-Window-Policy
X-NewRelic-App-Data
DB-Nickname
X-Handled-By
X-DynaTrace-JS-Agent
X-Azure-Ref
X-Labrador-Cache-Channel
X-Amzn-Remapped-Content-Length
X-Cache-TTL-Remaining
X-Xfnlog-Site
X-Human
X-Be
X-ServerID
TWC-Device-Class
X-Origin-Hint
X-VWS-Id
X-Via-Fastly
Property-Id
TWC-Connection-Speed
X-TNCMS
X-OCL
X-Contextid
X-NYM-Debug-Backend
X-Server-W
X-Site-Version
TWC-GeoIP-Country
X-Hosted-By
X-Status
X-FW-Version
X-PCL
Webcakes-App-Version
Selected-Fe
Webcakes-App-Name
Webcakes-Region
X-Proxy-Build
X-FB-TRIP-ID
X-LJ-Flow-ID
X-Cluster
X-Loop
X-Timing-Wait
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Locale
X-AWS-Id
TWC-Privacy
X-Mode
X-Detected-As
X-TIME
X-Adobe-Loc
X-Adobe-Content
X-From
X-TT
FSS-Cache
Mn-Server-Ip
X-AIR-PT
X-Section
X-Routing-Service
X-Zipkin-Id
X-Proxied
X-Format
X-Access
X-CDN-Forward
X-LLID
X-Device-Type
X-Tt-Trace-Host
Upgrade-Insecure-Requests
X-Tt-Trace-Tag
X-Debug-Cache
X-ATG-Version
X-Generated-By
Cf-Bgj
Uber-Trace-Id
X-Ua-Device
X-Cache-PHP
X-BCube-Filmed-By
X-Ratelimit-Reset
VIX-Pulpo-Node
X-NC
VIX-Pulpo-Upstream-Status
X-Aspnetmvc-Version
X-CSRF-Token
Azure-SiteName
Azure-SlotName
X-PHP-Backend
Azure-Version
Azure-InstanceId
Azure-RegionName
Access-Control-Request-Headers
X-Varnish-Cache-Hits
OT-Force-Account-Verify
X-UPSTREAM-Address
X-Page-View
Cache
From-Origin
X-NCache
X-Akamai-Transformed
X-GoCache-CacheStatus
Cache-Status
SD-X-WS
X-Adobe-Source
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Origin
X-Backend-TTL
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Cache-2
X-CCM
X-FTR-Cache-Host
X-G
CF-Cached-On
X-Varnish-Ttl
X-Varnishpool
X-Cluster-Name
X-ShopId
X-Cache-Grace
X-ShardId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-APP-VERSION
X-Storefront-Renderer-Rendered
X-Soup
Country
X-LAGOON
X-Alternate-Cache-Key
X-Forwarded-Host
X-ID
X-Backend-Host
X-Web-Node
X-Esi
X-Time
X-Pubstack
X-JoinUs
X-SaId
X-Say-Cacheable
Decoy-Debug-Status
Fastly-SSL
Decoy-Debug-Key
X-Say-TTL
Decoy-Debug-TTL
X-SayCDN-TTL
X-Storage
X-ApacheServer
X-ECache
X-PERF
SRV
X-Ruxit-Js-Agent
Node
X-Via-CDN
Powered
X-IP
X-GEO
X-EC-Lua
X-TX-ID
X-A-Ccd
X-A-Dam
Mobile-Detection-Method
Rendered-Blocks
X-A
Machine
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
DCR-Decision-By
DCR-Processing-Time-Ms
MD5-Digest
Host-ID
Fastcgi-X-Cache-Version
Meta-Geo-Continent
X-External-Request-Id
X-S-Cookie
X-ScT
X-Session-Fingerprint
X-S
X-Rojux
X-A-Dcw
X-Request-UUID
X-Rewrite-Enabled
X-Trv-Group
X-Vdms-Path
X-Vtex-Remote-Cache
X-Worker
Xc-Version
X-Vtex-Processado-Em
X-VG-WebServer
X-Vdms-Version
X-VG-WebCache
X-RCS-CacheZone
X-Cache-Enabled
X-B-Cookie
X-Cache-NE
X-Processor
X-ARC
X-Application
X-A-Dgt
X-A-Wwc
X-Aed
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-PAYTM-SRV-ID
X-PBS-Appsvrname
Apple-News-Services-Request-Url
X-Destination
X-D
X-Connection-Hash
X-Cache-Config
X-Viewer-Country
X-B3-Spanid
X-Tumblr-Pixel-3
Adler-Geo
X-Clara-WADP
X-Ms-Version
X-Platform
X-Platform-Server
X-Ms-Request-Id
X-Microcachable
X-Generation-Time
X-Irp-Debug
X-Micro-Cache
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-WADP-Cache
Gh-Request-Id
X-Auto-Login
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Servername
X-Variation
X-Varnish-CookieHashed-On
X-Fmm-Version
X-Fastly-Cache
CDN-Uid
CloudFront-Viewer-Country
Fastly-SIE
CDN-RequestId
CDN-RequestCountryCode
CDN-CachedAt
CDN-EdgeStorageId
CDN-PullZone
Fastly-SWR
Is-Eu
X-DefElseHash
X-DefHash
X-DPWN-IS-SECURE
X-CUA
X-Core-Value
Platform
X-Cache-Bucket
CDN-Cache
X-Cms-Context
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-B3-Traceid
Backend
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Envoy-Decorator-Operation
X-NWS-UUID-VERIFY
CacheControlHeader
X-Esi-Check
X-Generated-On
AKAMAI
X-Gzip
X-Geo-Header
X-Dispatcher-Server
X-Gamma-Serve
X-Fastly-Backend
X-Cache-Id
Rt-Fastcgi-Cache
Pagetype
NM-Fastcgi-Cache
Fastly-Backend-Name
X-Branch-Name
X-Cache-Backend
X-Has-Esi
X-Cache-Debug
X-Cache-Date
X-Cache-Tags
X-Is-Gdpr
X-Webstats-RespID
X-Cache-Remote
X-VG-TLSProxy
X-Varnish-Cacheable
X-Reqid
X-Skip-Cache
C-Via
X-Bip
X-SN
X-Thanos
X-Request-Start
X-Request-Host
X-Clientip
X-PF-Uncompressing
X-Owner
X-Li-Fabric
X-Li-Pop
X-Level-Front-Cache
X-JWT-State
Fastly-Drupal-HTML
X-LI-UUID
X-Location
X-OVcl
X-OVcl-Cache
X-Old-Content-Length
X-Mvc-Supplant-Cachable
X-IPS-LoggedIn
X-HS-Content-Campaign-Id
X-Bc-Bl
X-Core-Mission
X-Content-Age
X-Csrf-Jwt
X-Developers
X-Sql-Count
X-CGP
X-Backend-State
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-COUNTRY
X-Eu-Site
X-Sql-Duration-Ms
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Cache-NGX
X-Policy
X-Render-Time
X-Slack-Backend
X-Refresh
Akamai-GRN
X-Hash
X-HN
X-Method
PFcat
X-VarnishDD-TTL
HA-Ipaddr
Origin
L
Ha-Gx-Prefs
L5d-Success-Class
X-Aicache-OS
FSS-Proxy
X-Twitter-Response-Tags
X-Transaction
UCS
X-UA
X-Wa
X-EIG-Tracking-Id
X-Minions-Version
X-CS
X-DC
X-Www-Served-By
X-NODE
XServer
X-Fastcgi-Cache
X-Amz-Meta-Cb-Modifiedtime
X-Dc
Country-Code
X-NU-AKA-ACS-Version
X-SRV
Cache-Hits
X-S-Maxage
X-Date
Protected
X-RateLimit-Remaining
NGX
X-Via-Popn
X-Mvc-Supplant-OutputCached
X-Via-Poph
Surrogated-Key
X-Accel-Expires-Debug
X-TA-CDN-Provider
X-Check-Cacheable
X-NGENIX-Cache
X-Vgn-Hpd-Cached
X-LB-ID
X-Debug-Cache-Fetch
X-Ftr-Cache-Host
We-Hiring
HostName
X-Req
Mail-Subject
X-Edge-Location
X-Up
X-Debug-Cache-Store
X-Vgn-Hpd-Variations-Key
Hostname
X-Servedbyhost
X-Via-SSL
X-LI-Proto
Memcached
On-Server
X-FPC
X-Proxy-Upstream
Group
X-Cache-URL
Ufe-Result
X-Via-Edge
Edge-Copy-Time
X-Svr
X-Cdn-Srv
X-CACHE-AGE
GeoIp-Country-Code
Time
Geoip-Latitude
X-Request-Time
ServedBy
X-Nginx-Cache
X-Varnish-Hostname
X-Hp-Webp
X-Presslabs-Stats
Now
X-Webkit-Csp
T-Server
X-NGINX-Cache
X-Cs
X-ZONE
X-Cdn-Forward
X-Agile-Id
X-Agile-Age
X-BC
X-Erf-Stays-Bingo-Pdp-Web
X-Agile
X-Uri
X-Pass-Why
WZWS-RAY
X-Cluster-Node
X-Acc-Rdl
N-Cache
X-VCL-Version
Server-Host
Section-Io-Origin-Status
Section-Origin-Responded
X-Varnish-Hits
X-UnsetCookies
Section-Io-Origin-Time-Seconds
Section-Io-Id
X-SB
M-TraceId
Pics-Label
X-Datadome
X-CSRF-TOKEN
X-VC
X-MP-GENERATED-AT
X-LiteSpeed-Cache-Control
Ohc-File-Size
X-Zone
X-Dynatrace
X-Bc
X-Dynatrace-Js-Agent
Xserver
SID
X-Srv
X-Via-Popv
X-CF-Powered-By
DSUID
X-Info
X-HS-Status
Magicmarker
X-TT-LOGID
Cache-Name
X-UA-Device-Type
X-FORWARDED-FOR
Ohc-Cache-HIT
NtCoent-Length
X-APP
Arc-Country
X-We-Are-Hiring
Processtime
ProcessTime
User-Agent
X-Origin-Date
Odigeo-Trace-Id
User-Cache-Control
X-Via-Ucdn
Cdn-Host
Viewtype
Cdn-Request-Time
Cteonnt-Length
Apigw-Requestid
W
X-Edge-Server
Sid
X-MSEdge-Features
Tracecode
VivaBuild
X-MSEdge-Flight
LB
CF-IPCountry
X-CACHE-KEY
Memory
Ssr
X-Action
S-Rt
X-RunCloud-Cache
CountryCode
X-HOST
X-Magnolia-Registration
Srv
Server-Info
WWW-Authenticate
X-DI
X-DW
X-DSS
CDN
Lfy
X-DB
X-RSL
X-RPS
X-RPM
X-Vcl-Version
X-Tb
X-Oss-Cdn-Auth
X-HITS
Sever-Int
X-Scheme
SR-User-Adfree
Path
X-Contensis-Viewer-Groups
X-Developer
X-VServer
X-Thinkindot-L3
X-Gen-Mode
X-Varnish-Url
X-Gdpr
X-Cache-Hfrom
X-Cache-Hm
Amp-Access-Control-Allow-Source-Origin
X-Cache-Expires
X-Pjax-Url
X-Varnish-Authentication
Server-Hostname
Server-Ext
X-API-Version
Thinkindot-Control
X-BBC-Edge-Cache-Status
Thinkindot-CacheControl
X-Cache-ASPX
X-Block-Status
Thinkindot-CacheControl-Type
X-BBXSRF
Web-Mar-Node
X-Matched-Rule
X-Origin-TTL
X-Cc-Req-Id
X-Origin-Time
X-SRCache-Key
X-Origin-Expires
X-Unique-ID
X-SIPLIST1
X-Response-By
D-Cc-Upstream
X-Request-URI
X-Server-IP
X-SVT-ORM-RULES
X-Origin-CC
IsBot
X-Cc-Via
X-Loc
X-Hnp-Log
X-SD-PageType
X-SVT-ORM-VERSION
Geo-Info
X-Nyt-Route
X-Node-Id
Instruction
X-Vgn-Hpd-Ssi
WebServer
X-Webkit-CSP-Report-Only
X-Newrelic-Synthetics
X-User
MIME-Version
Locid
Server-ID
Pramga
CDCHOST
Cache-Host
Release
X-Var-Ttl
X-Trace-Id
X-Device-Os
True-Client-Country-4JS
X-Fetched-On
X-GeoIP-City
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Sn-Servicetimems
X-Nginx-Cache-Key
X-Cdn-Origin
A
X-Azure-Ref-OriginShield
Vix-Hermes-Req-Id
V-Age
X-Cache-Info
X-Fastly-Country-Code
X-Swa-Ws
X-Newrelic-App-Data
X-Geo
X-Hit
X-Traceid
X-Oracle-Dms-Rid
X-Generated-In
GeoIP-Latitude
GeoIP-Country-Code
Lb
X-NodeID
X-FC-Vary-Parameters
X-Provided-By
X-Fpc
X-Nc
Cf-Device-Type
X-Browser-Type
X-Lb-Id
X-Akamai-Request-ID2
X-Via-NSCOPI
X-Li-Proto
X-ServedByHost
Cdn
Source
X-Cache-Tag
X-Origin-Response-Time
X-Envoy-Upstream-Healthchecked-Cluster
X-Epic-Correlation-Id
X-Men
FNAC-ModuleRouting
X-Fastly-Request-Id
X-Via-PopV
Cache-Key
Expiry
X-Served-From
X-Via-PopN
Server-Ttl
X-Akamai-Pragma-Client-IP
X-Via-PopH
X-TH-Server
X-Sigma
Kp-EeAlive
X-Sigma-Backend
X-SERVER-NAME
Accept-Language
X-Rocket-Build-Number
Content-Style-Type
Esi-Enabled
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Parent-Response-Time
Content-Script-Type
X-Vgn-Hpd-Reason
X-WA
X-StackifyID
Cache-Provider
X-No-Cache
X-RateLimit-Remaining-Second
X-B3-SpanId
X-Agile-Brick-Ok
X-RateLimit-Limit-Second
X-Key
EpKe-Alive
X-Tt-Logid
X-VC-Cache
X-ElasticPress-Query
X-ServiceProvider
X-Request-URL
Location
X-B3-Parentspanid
X-BBC-Origin-Response-Status
X-Proxy-Cachei7
Xkeyi7
X-Yottaa-OS
Actual-Object-TTL
Url
X-MiniProfiler-Ids
Req-Svc-Chain
X-ORACLE-APMCS-REQUEST-ID
X-Akamai-Request-ID
X-Instart-Request-ID
Tcn
Content-Secure-Policy
X-TraceId
X-ND-Cache
URI
BehaviorPad-Version
X-RateLimit-Limit
X-PJAX-URL
Who
Inserted-Into-Cache-At
Mime-Version
X-Batcache
X-Apw-Access-Action
X-HostName
X-Varnish-Beresp-TTL
X-Apw-Hits
X-Apw-Access-Token
X-Apw-Access-Object
X-Selected-Host-Header
X-Selected-Scheme
X-Selected-Name
X-Mobile-Rewrite
Pragrma
DataCenter
X-C
Xet-Cookie
Server-Id
X-TrackingId
X-Litespeed-Cache-Control
Origin-Cache-Control
Origin-Edge-Control
Vha6-Origin
X-Instart-Info
NnCoection
PICS-Label
X-Dispatch
Proxy-Firewall
X-Snapshot-Date
Resin-Trace