Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Pragma
Link
X-Powered-By
ETag
X-XSS-Protection
Expect-CT
CF-RAY
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-UA-Compatible
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-Served-By
CF-Ray
X-Timer
X-Download-Options
X-Xss-Protection
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
P3p
X-Content-Security-Policy
Status
Content-Encoding
X-CDN
X-AspNetMvc-Version
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Cache-Group
X-Server
X-Backend
X-Amz-Request-Id
X-Hacker
X-Robots-Tag
X-Amz-Id-2
Request-Context
X-UA-Device
X-AH-Environment
X-Proxy-Cache
EagleId
X-Turbo-Charged-By
X-Server-Powered-By
X-Dns-Prefetch-Control
Server-Timing
X-Nginx-Cache-Status
Grace
Host-Header
X-Template
Report-To
X-Language
X-Rq
Xkey
X-Page-Speed
X-Varnish-Cache
X-Ua-Compatible
X-OneAgent-JS-Injection
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
X-Vhost
X-Buckets
X-Host
X-WebKit-CSP
X-Backend-Server
X-Server-Id
X-Dispatcher
X-Device
NEL
Surrogate-Control
Accept-CH-Lifetime
X-Node
Request-Id
X-Ruxit-JS-Agent
Accept-CH
Content-Location
EagleEye-TraceId
X-Response-Time
X-Akam-SW-Version
X-Cache-Lookup
X-Origin-Cache
X-Ac
Allow
X-Readtime
X-Country
Rating
X-Mod-Pagespeed
X-HW
X-Application-Context
X-Cloud-Trace-Context
X-ORACLE-DMS-ECID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Edge-Control
Pinterest-Generated-By
X-MS-InvokeApp
X-ORACLE-DMS-RID
X-CST
X-PC
X-TtlSet
X-Vname
X-Cnection
X-Country-Code
X-DataDome
X-ASPNET-VERSION
X-GitHub-Request-Id
X-Content-Type
X-Varnish-TTL
X-FastCGI-Cache
X-D2id
X-Clacks-Overhead
X-Middleton-Response
X-Sol
Response
Pagespeed
X-Trace
Display
X-Middleton-Display
X-Server-Name
MS-Author-Via
Pinterest-Version
X-Pinterest-Rid
X-Origin-Upstream-Status
X-ESI
X-B3-TraceId
X-Url
X-Vcap-Request-Id
X-Px
X-Rack-Cache
X-Abt-Application-Version
Fusion-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Content-Id
X-TTL
X-Navigation-Version
Service-Worker-Allowed
Verso
Arr-Disable-Session-Affinity
X-Client-IP
X-Cache-TTL
X-Fastly-Request-ID
X-Cached
X-Element-Page-Cache
X-Webkit-CSP
X-Dw-Request-Base-Id
X-FTR-Request-ID
X-DynaTrace
SPRequestGuid
X-VARITI-CCR
X-SharePointHealthScore
X-Kinja-Revision
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Server
X-Exp-Variant
X-Kinja-Build
X-Use-Magma
X-GoogleNews-Bot
X-Kinja
X-Goog-Hash
X-Powered-By-Plesk
X-Upstream
X-NF-Request-ID
Fastly-Restarts
X-Pinterest-Direct
AR-Request-ID
AR-ATIME
AR-PoweredBy
AR-CACHE
Ar-Sid
X-Debug
Content-MD5
SPRequestDuration
SPIisLatency
X-MSEdge-Ref
X-Powered-CMS
X-Forwarded-Proto
Access-Control-Request-Method
X-Amz-Rid
X-Release
X-Version
X-T
X-Jurisdiction
S
X-Edge
X-Content-Digest
TCN
X-XRDS-Location
RTSS
TP-Cache
TP-L2-Cache
Public-Key-Pins
X-Ezoic-Cdn
Cache-Tag
X-Litespeed-Cache
Front-End-Https
X-MCACHE
X-Mid
X-Node-Name
Server-Node
X-Mg-S
X-Yandex-Sdch-Disable
X-Cache-Key
X-Amz-Server-Side-Encryption
X-HP-Webp
X-Request-Processing-Time
X-Request-Received
Fastcgi-Cache
X-B3-TraceId-Primal
X-Recruiting
Mrf-Cache-Status
MRF-Tech
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ttl
X-PressLabs-Stats
X-Accel-Expires
X-Amzn-Trace-Id
X-Grace
X-Ser
X-Kinsta-Cache
Accept-Ch
X-Request-Handler-Origin-Region
X-Microsite
MicrosoftSharePointTeamServices
X-NWS-LOG-UUID
X-Origin-Server
X-Varnish-Age
Accept-Charset
X-DIS-Request-ID
ServerID
X-Logged-In
Edge-Cache-Tag
Host
X-Shield-Request-Id
X-Page-Id
X-Content-Security-Policy-Report-Only
Nginx-Cache
X-ECACHE
Powered-By-ChinaCache
X-Cache-Hit
X-Ratelimit-Remaining
X-Forwarded-For
X-Server-ID
Cache-Tags
X-B
X-F-Cache
X-LB-Cache
X-Hostname
Cleartype
X-Mobile-URL
X-Hits
X-Respond-Thread
X-Az
X-AppVersion
X-Activity-Id
X-Git-Hash
X-Upgrade-Enabled
Realpath
X-N
X-Cached-By
X-Kong-Upstream-Latency
X-Amz-Meta-S3cmd-Attrs
X-Kong-Proxy-Latency
X-Content-Options
X-Cache-Age
X-Type
X-Rid
X-Load-Cache
DynaTrace
Alternate-Protocol
X-Ratelimit-Limit
Paypal-Debug-Id
X-Request-Guid
X-App-Environment
X-Varnish-Backend
X-Jobs
Access-Control-Allow-Method
X-FTR-Realm
X-FTR-DC
X-FTR-Balancer
Nel
X-Country-Code-Real
X-FTR-Backend-Server
Fastcgi-Useragent
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Expires
X-Seen-By
X-Proxy
X-WebKit-CSP-Report-Only
Charset
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Combine-CSS
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-VCache
X-B3-Sampled
X-Zen-Fury
X-Akamai-Edgescape
Filters
X-Correlation-ID
X-TEC-API-ROOT
X-IPLB-Instance
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-FireWall-Port
X-FB-Debug
X-Signature
X-B-Cache
X-Mobile
X-AOL-HN
Viewport
X-Debug-Info
X-Whom
MS-CV
Healthy
X-Host-Name
X-Daa-Tunnel
X-Varnish-Grace
Filterid
X-Region
DC
X-User-Agent
X-Geo-Country
AMP-Access-Control-Allow-Source-Origin
Payment
Liferay-Portal
X-Original-Request-Id
X-Response-Served-From
X-Frontend
X-Accel-Buffering
X-XRDS-LOCATION
X-App-Server
X-Cache-Operation
X-Cache-Rule
X-URL
Accept-Ch-Lifetime
X-Id
X-HTML-Minification-Powered-By
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Instance
X-Amz-Replication-Status
X-Distributor
Surrogate-Key
X-Tumblr-Pixel-1
X-UUID
X-Tumblr-Pixel-2
X-Tumblr-User
X-FW-Type
X-FW-Static
X-FW-Dynamic
X-Rule
X-Cache-Time
X-FW-Server
X-FW-Hash
X-Protected-By
X-FW-Serve
X-Cacheable-TTL
Refresh
X-Content-Powered-By
S-Cnection
Section-Io-Cache
X-Via-JSL
X-Acc-Debug-Context
X-Cache-Expired-At
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
Version
X-Is-Bot
X-Rendered-As
X-Wix-Request-Id
X-Hyper-Cache
X-Cache-Action
X-Sucuri-ID
GEO-INFO
X-Backend-Name
CACHE
Content-Disposition
Server-Name
X-Ua
X-Amz-Apigw-Id
X-Ah-Environment
X-Amzn-RequestId
X-Oneagent-Js-Injection
Retry-After
X-Air-Hostname
PB-PID
X-Endurance-Cache-Level
X-Cache-Server
Arc-Version
PB-RID
Datacenter
X-Source
X-Pinterest-Sli-Endpoint-Name
X-Pinterest-Sli-Latency-Threshold
X-Pinterest-Sli-Response-Type
X-Framework
Eomportal-Instance
X-Real-IP
X-Unique-Id
Webserver
X-EdgeConnect-Cache-Status
X-Environment-Context
X-L-Path
X-ProcessESI
X-RemovedCookies
X-App-Version
X-Sucuri-Cache
X-Revision
Referer-Policy
Frame-Options
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cache-Spec
X-RTag
Ms-Operation-Id
X-Drupal-Cache-Contexts
Countrycode
X-Varnish-Server
X-Correlation-Id
X-Drupal-Cache-Tags
X-Cache-Control
NGB
X-Flags
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Providence-Cookie
X-ES-SERVER
X-Cache-Var
X-RN-RSRV
X-Cache-Var-Map
X-Route-Name
X-Proxy-Cache-Status
Meta-Geo
Akamai-Age-Ms
X-ProxyCache-Key
X-WA-Info
X-ProxyCache-Status
X-BYPASS-REASON
X-Mode
X-Cache-TTL-Remaining
Cache-Tv-Group
X-Cache-Host
X-Qloud-Router
X-Hl-Ver
X-R9-Blue-Green-Version
X-Time-Microsecs
X-Xfnlog-Site
DB-Nickname
X-Contextid
Property-Id
X-Amzn-Remapped-Content-Length
X-GeoIP
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Mn-Server-Ip
X-PCL
Webcakes-App-Version
Cross-Origin-Window-Policy
X-Server-W
X-Proto
X-Redis-Cache
X-Be
X-ServerID
X-AWS-Id
TWC-Connection-Speed
X-Cluster
Ec-Rule-Version
X-LJ-Flow-ID
Webcakes-App-Name
TWC-Privacy
X-Handled-By
X-No-Session
X-PHP-Host
X-VWS-Id
X-Labrador-Cache-Channel
X-Human
TWC-Locale-Group
X-Origin-Hint
X-OCL
X-NYM-Debug-Backend
TWC-Device-Class
X-Status
X-FW-Version
Webcakes-Region
X-Azure-Ref
X-DynaTrace-JS-Agent
X-NewRelic-App-Data
X-Timing-Wait
X-TNCMS
X-Site-Version
X-Proxied
X-Section
X-Routing-Service
X-Locale
X-Loop
X-Hosted-By
Selected-Fe
X-Proxy-Build
X-Access
X-FB-TRIP-ID
X-Zipkin-Id
X-Format
X-Via-Fastly
X-Adobe-Content
X-Detected-As
X-TIME
X-Adobe-Loc
X-From
X-TT
FSS-Cache
X-LLID
X-CDN-Forward
X-AIR-PT
X-Tt-Trace-Tag
Uber-Trace-Id
X-Tt-Trace-Host
Cf-Bgj
X-Debug-Cache
Upgrade-Insecure-Requests
X-Cache-PHP
X-Device-Type
VIX-Pulpo-Node
X-ATG-Version
VIX-Pulpo-Upstream-Status
X-Generated-By
X-Ratelimit-Reset
X-NC
X-BCube-Filmed-By
X-Aspnetmvc-Version
Azure-SlotName
Azure-SiteName
Azure-Version
Azure-RegionName
Azure-InstanceId
X-CSRF-Token
X-PHP-Backend
Access-Control-Request-Headers
X-Varnish-Cache-Hits
X-UPSTREAM-Address
OT-Force-Account-Verify
X-Page-View
Cache
Cache-Status
From-Origin
X-Akamai-Transformed
X-NCache
X-CCM
X-Adobe-Source
X-GoCache-CacheStatus
SD-X-WS
X-Varnish-Ttl
X-Oss-Storage-Class
X-FTR-Cache-Host
X-Cache-2
X-Origin
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Backend-TTL
X-Cluster-Name
X-APP-VERSION
X-LAGOON
X-G
CF-Cached-On
X-Varnishpool
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Soup
X-ShopId
Country
X-ApacheServer
X-Cache-Grace
X-ShardId
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-Pubstack
X-Forwarded-Host
X-PERF
X-Web-Node
X-Esi
X-Storage
Decoy-Debug-TTL
X-Say-Cacheable
X-Say-TTL
X-Time
X-SayCDN-TTL
Fastly-SSL
X-ID
Decoy-Debug-Key
Decoy-Debug-Status
X-Backend-Host
X-JoinUs
X-SaId
Node
X-ECache
SRV
X-Via-CDN
X-Ruxit-Js-Agent
Powered
X-GEO
X-IP
X-TX-ID
X-EC-Lua
X-Viewer-Country
X-Aed
Apple-News-Services-Parsed-Url
X-Vdms-Path
Apple-News-Services-Host
X-D
Xc-Version
Apple-News-Services-Request-Url
X-A-Dcw
X-External-Request-Id
X-Vdms-Version
X-RCS-CacheZone
X-A-Dam
X-A-Ccd
Machine
X-A-Wwc
X-Processor
X-A
X-A-Dgt
X-Connection-Hash
Meta-Geo-Continent
Host-ID
Mobile-Detection-Method
Apple-News-Services-Handled
X-Application
X-Vtex-Processado-Em
X-VG-WebServer
DCR-Decision-By
X-S
X-Cache-Enabled
X-Rojux
X-Vtex-Remote-Cache
X-S-Cookie
X-VG-WebCache
X-PAYTM-SRV-ID
X-CF-Lambda-Fn
Rendered-Blocks
X-CF-Lambda-Version
X-ScT
X-PBS-Appsvrname
X-Session-Fingerprint
X-Rewrite-Enabled
X-Cache-NE
DCR-Processing-Time-Ms
X-Destination
X-Worker
MD5-Digest
X-B-Cookie
X-ARC
Fastcgi-X-Cache-Version
X-Request-UUID
X-B3-Spanid
X-Trv-Group
X-Cache-Config
X-Tumblr-Pixel-3
X-Core-Value
X-CUA
X-IPS-LoggedIn
Is-Eu
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Variation
Platform
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Cms-Context
X-Clara-WADP
X-Platform-Server
X-Fmm-Version
X-Cache-Debug
CDN-PullZone
X-Micro-Cache
CDN-EdgeStorageId
CDN-CachedAt
X-Servername
X-VG-TLSProxy
CDN-Cache
X-Microcachable
X-WADP-Cache
CDN-RequestId
CloudFront-Viewer-Country
CDN-Uid
CDN-RequestCountryCode
X-Cache-Bucket
X-Ms-Request-Id
X-Ms-Version
Fastly-SIE
X-Platform
Fastly-SWR
X-Auto-Login
X-Envoy-Decorator-Operation
X-DPWN-IS-SECURE
X-DefElseHash
X-DefHash
Gh-Request-Id
X-Fastly-Cache
X-Irp-Debug
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-Generation-Time
Adler-Geo
X-Varnish-Beresp-Status
X-Erf-Bev-Bev
Backend
X-Erf-Bev-Bev-Is-Generated
X-B3-Traceid
X-Branch-Name
X-Backend-State
NM-Fastcgi-Cache
Wxu-Next-Commit
Rt-Fastcgi-Cache
X-Cache-Backend
Pagetype
Origin
Wxu-Next-Region
Wxu-Next-Hostname
PFcat
X-Li-Fabric
X-Reqid
X-Skip-Cache
X-Varnish-Cacheable
X-VarnishDD-TTL
X-PF-Uncompressing
X-Owner
X-Mvc-Supplant-Cachable
X-Old-Content-Length
X-OVcl
X-OVcl-Cache
X-Webstats-RespID
X-Wikidot-Backend
X-Request-Host
X-Request-Start
X-SN
X-Thanos
X-Policy
X-Clientip
X-Wikidot-Static-Cache
C-Via
X-Bip
X-Cache-NGX
X-Method
X-Location
X-Eu-Site
X-Fastly-Backend
X-Gamma-Serve
X-Generated-On
X-Esi-Check
X-Dispatcher-Server
X-Cache-Tags
X-CGP
X-Csrf-Jwt
X-Developers
X-Geo-Header
X-Gzip
X-Level-Front-Cache
L5d-Success-Class
X-Li-Pop
X-LI-UUID
X-JWT-State
X-Is-Gdpr
X-Has-Esi
X-HN
X-HS-Content-Campaign-Id
X-Cache-Id
X-Cache-Date
X-NWS-UUID-VERIFY
Fastly-Backend-Name
CacheControlHeader
L
X-Cache-Remote
Akamai-GRN
Fastly-Drupal-HTML
AKAMAI
HA-Ipaddr
Ha-Gx-Prefs
X-Bc-Bl
X-Sql-Duration-Ms
X-Sql-Count
X-Content-Age
X-Hash
X-COUNTRY
X-Render-Time
X-Refresh
X-Slack-Backend
X-Core-Mission
UCS
X-Aicache-OS
FSS-Proxy
X-Twitter-Response-Tags
X-Transaction
X-UA
X-Minions-Version
X-EIG-Tracking-Id
X-Wa
X-Www-Served-By
X-DC
X-NODE
X-CS
X-Amz-Meta-Cb-Modifiedtime
X-Dc
X-SRV
X-Fastcgi-Cache
Country-Code
XServer
X-NU-AKA-ACS-Version
X-S-Maxage
Cache-Hits
X-Date
X-Via-Popn
X-Accel-Expires-Debug
Surrogated-Key
Protected
NGX
X-Via-Poph
X-RateLimit-Remaining
X-Mvc-Supplant-OutputCached
X-TA-CDN-Provider
X-NGENIX-Cache
X-Check-Cacheable
HostName
X-Vgn-Hpd-Cached
X-Debug-Cache-Fetch
X-Vgn-Hpd-Variations-Key
X-Req
X-Up
X-Edge-Location
X-Ftr-Cache-Host
X-Debug-Cache-Store
X-LB-ID
Mail-Subject
We-Hiring
Hostname
X-Via-Edge
Ufe-Result
X-Servedbyhost
X-Svr
X-Proxy-Upstream
X-FPC
X-LI-Proto
X-Ua-Device
X-Cache-URL
Edge-Copy-Time
X-Via-SSL
ServedBy
Group
X-Cdn-Srv
Memcached
On-Server
X-CACHE-AGE
X-Varnish-Hostname
Time
Geoip-Latitude
GeoIp-Country-Code
X-Request-Time
X-Nginx-Cache
Now
X-Hp-Webp
X-Presslabs-Stats
T-Server
X-Cs
X-Webkit-Csp
X-Pass-Why
X-NGINX-Cache
X-Cdn-Forward
X-Erf-Stays-Bingo-Pdp-Web
X-Agile
X-Agile-Age
X-BC
X-ZONE
X-Agile-Id
X-Uri
X-VCL-Version
Section-Io-Origin-Time-Seconds
WZWS-RAY
X-Cluster-Node
Section-Io-Origin-Status
Server-Host
Section-Origin-Responded
N-Cache
X-Acc-Rdl
Section-Io-Id
X-Varnish-Hits
Xserver
X-UnsetCookies
X-VC
X-MP-GENERATED-AT
X-Oracle-Dms-Rid
X-SB
X-CSRF-TOKEN
X-Datadome
M-TraceId
X-LiteSpeed-Cache-Control
Magicmarker
Pics-Label
X-Dynatrace
X-TT-LOGID
X-Dynatrace-Js-Agent
SID
Ohc-File-Size
X-Bc
X-Zone
X-Info
X-CF-Powered-By
X-HS-Status
X-Via-Popv
DSUID
X-Srv
X-FORWARDED-FOR
Ohc-Cache-HIT
X-UA-Device-Type
Cache-Name
NtCoent-Length
X-We-Are-Hiring
X-HITS
Processtime
X-APP
Apigw-Requestid
ProcessTime
Arc-Country
Odigeo-Trace-Id
Srv
User-Agent
User-Cache-Control
X-Origin-Date
X-MSEdge-Features
Cdn-Host
X-Via-Ucdn
X-MSEdge-Flight
Cteonnt-Length
Sid
Tracecode
X-Edge-Server
Cdn-Request-Time
Viewtype
VivaBuild
W
LB
X-CACHE-KEY
X-Action
Ssr
CF-IPCountry
Memory
S-Rt
X-RunCloud-Cache
X-Magnolia-Registration
X-HOST
CountryCode
Server-Info
Lfy
X-Vcl-Version
WWW-Authenticate
CDN
X-DSS
X-RPM
X-DI
X-DB
X-Oss-Cdn-Auth
X-RSL
X-RPS
X-Tb
X-DW
Vix-Hermes-Req-Id
V-Age
Web-Mar-Node
X-BBC-Edge-Cache-Status
X-API-Version
X-Block-Status
X-BBXSRF
X-Cache-Expires
X-Developer
X-Gdpr
X-Contensis-Viewer-Groups
X-Cache-Info
True-Client-Country-4JS
X-Cache-ASPX
Thinkindot-CacheControl
Instruction
IsBot
Locid
CDCHOST
X-Vgn-Hpd-Ssi
X-Cc-Req-Id
X-Cc-Via
X-Scheme
Path
X-Pjax-Url
D-Cc-Upstream
X-Unique-ID
Thinkindot-CacheControl-Type
SR-User-Adfree
Sever-Int
Server-Ext
Server-Hostname
Thinkindot-Control
X-Gen-Mode
X-Origin-TTL
X-Request-URI
X-Origin-Time
X-Thinkindot-L3
X-Origin-CC
X-Origin-Expires
X-Response-By
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
Geo-Info
X-SIPLIST1
X-Server-IP
X-SD-PageType
X-Nyt-Route
X-User
Amp-Access-Control-Allow-Source-Origin
X-Varnish-Url
X-Cache-Hfrom
X-VServer
X-Cache-Hm
X-SRCache-Key
X-Varnish-Authentication
X-Node-Id
X-Nginx-Cache-Key
X-Matched-Rule
X-Hnp-Log
X-Loc
X-Webkit-CSP-Report-Only
WebServer
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Var-Ttl
X-NodeID
X-Cdn-Origin
X-GeoIP-City
X-Fetched-On
X-Device-Os
X-Trace-Id
MIME-Version
X-Generated-In
X-Sn-Servicetimems
X-Swa-Ws
Release
X-Azure-Ref-OriginShield
Pramga
Server-ID
Cache-Host
X-Fastly-Country-Code
X-Newrelic-App-Data
X-Newrelic-Synthetics
A
X-Hit
X-Geo
GeoIP-Country-Code
Lb
GeoIP-Latitude
X-Traceid
X-FC-Vary-Parameters
X-Provided-By
Source
Cdn
X-Akamai-Request-ID2
X-Via-NSCOPI
X-Nc
X-ServedByHost
Cf-Device-Type
X-Browser-Type
X-Li-Proto
X-Fpc
X-Lb-Id
X-Origin-Response-Time
X-Cache-Tag
X-Men
X-Envoy-Upstream-Healthchecked-Cluster
X-Epic-Correlation-Id
FNAC-ModuleRouting
X-Fastly-Request-Id
X-Sigma-Backend
X-Via-PopH
Server-Ttl
Expiry
Cache-Key
X-Akamai-Pragma-Client-IP
X-Rocket-Build-Number
X-Sigma
X-Via-PopV
X-SERVER-NAME
X-Via-PopN
X-TH-Server
X-Served-From
Kp-EeAlive
Accept-Language
Url
X-Parent-Response-Time
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
Content-Script-Type
Content-Style-Type
Esi-Enabled
X-WA
X-Vgn-Hpd-Reason
X-StackifyID
Cache-Provider
X-No-Cache
X-Request-URL
X-B3-SpanId
X-ORACLE-APMCS-REQUEST-ID
X-RateLimit-Limit-Second
X-Key
X-RateLimit-Remaining-Second
X-ServiceProvider
X-VC-Cache
Req-Svc-Chain
X-BBC-Origin-Response-Status
Actual-Object-TTL
X-B3-Parentspanid
X-MiniProfiler-Ids
X-ElasticPress-Query
X-Akamai-Request-ID
X-Proxy-Cachei7
Xkeyi7
X-Agile-Brick-Ok
X-Yottaa-OS
X-Tt-Logid
Content-Secure-Policy
Location
EpKe-Alive
X-Instart-Request-ID
Tcn
X-TraceId
X-ND-Cache
URI
X-Varnish-Beresp-TTL
BehaviorPad-Version
X-Apw-Access-Object
PICS-Label
Mime-Version
X-RateLimit-Limit
X-Apw-Hits
X-PJAX-URL
X-HostName
X-Apw-Access-Action
Inserted-Into-Cache-At
Who
X-Apw-Access-Token
X-Batcache
X-Selected-Scheme
X-Selected-Name
X-Selected-Host-Header
X-Mobile-Rewrite
X-Dispatch
X-TrackingId
X-Litespeed-Cache-Control
DataCenter
Server-Id
Pragrma
X-Fastly-Backend-Reqs
Xet-Cookie
NnCoection
X-Snapshot-Date
Origin-Cache-Control
X-Instart-Info
Proxy-Firewall
Resin-Trace
Vha6-Origin
Origin-Edge-Control
X-C