Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
CF-RAY
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-UA-Compatible
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-Xss-Protection
X-Served-By
CF-Ray
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Request-ID
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-Cacheable
P3p
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
X-AspNetMvc-Version
Status
Content-Encoding
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Backend
X-Cache-Group
X-Server
X-Hacker
X-Amz-Request-Id
X-Robots-Tag
X-Amz-Id-2
X-UA-Device
X-AH-Environment
X-Template
EagleId
Request-Context
X-Proxy-Cache
X-Language
X-Turbo-Charged-By
X-Server-Powered-By
X-Dns-Prefetch-Control
Server-Timing
X-Nginx-Cache-Status
Grace
Host-Header
Report-To
X-Rq
Xkey
X-Page-Speed
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-Buckets
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
X-Vhost
X-WebKit-CSP
X-Host
X-Backend-Server
X-Dispatcher
X-Device
X-Server-Id
NEL
Surrogate-Control
X-Node
X-Ruxit-JS-Agent
Content-Location
Request-Id
X-Response-Time
Accept-CH-Lifetime
EagleEye-TraceId
X-Cache-Lookup
Accept-CH
X-Akam-SW-Version
X-Origin-Cache
X-Ac
X-Ua-Compatible
X-Readtime
Allow
Rating
X-HW
X-Mod-Pagespeed
X-Country
X-Application-Context
X-Cloud-Trace-Context
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Edge-Control
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-PC
X-TtlSet
X-Vname
X-DataDome
X-Cnection
X-Country-Code
X-MS-InvokeApp
X-Varnish-TTL
X-Content-Type
X-GitHub-Request-Id
X-ASPNET-VERSION
X-D2id
X-CST
X-Origin-Upstream-Status
X-Clacks-Overhead
X-Trace
Pagespeed
Display
Response
X-Middleton-Response
X-Sol
X-Middleton-Display
X-Server-Name
Fusion-Deployment-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
Pinterest-Version
Fusion-Content-Id
X-Pinterest-Rid
Fusion-Component-Id
MS-Author-Via
X-Vcap-Request-Id
X-Abt-Application-Version
X-Navigation-Version
X-Px
X-B3-TraceId
X-Rack-Cache
X-Url
Service-Worker-Allowed
Verso
X-ESI
X-TTL
X-Fastly-Request-ID
X-FastCGI-Cache
X-Client-IP
Cf-Bgj
Arr-Disable-Session-Affinity
X-Cached
X-Webkit-CSP
X-Element-Page-Cache
X-DynaTrace
X-FTR-Request-ID
X-Cache-TTL
X-Dw-Request-Base-Id
X-SharePointHealthScore
X-Powered-By-Plesk
SPRequestGuid
X-VARITI-CCR
X-GoogleNews-Bot
X-Exp-Variant
X-Use-Magma
X-Exp-Id
X-Upstream
X-Cdn-Fetch
X-Kinja
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-NF-Request-ID
X-Goog-Hash
Fastly-Restarts
AR-ATIME
AR-Request-ID
AR-PoweredBy
AR-CACHE
Ar-Sid
X-Debug
Content-MD5
X-Forwarded-Proto
X-Version
X-MSEdge-Ref
X-Powered-CMS
X-Pinterest-Direct
SPIisLatency
SPRequestDuration
X-T
Access-Control-Request-Method
X-Release
X-Jurisdiction
X-Amz-Rid
X-Content-Digest
S
X-Edge
X-XRDS-Location
TP-Cache
TP-L2-Cache
RTSS
TCN
Accept-Ch
X-Litespeed-Cache
Cache-Tag
X-Ezoic-Cdn
Public-Key-Pins
X-Cache-Key
X-Node-Name
X-Ttl
X-Mid
X-MCACHE
Front-End-Https
X-Yandex-Sdch-Disable
Server-Node
X-Request-Received
X-Request-Processing-Time
Fastcgi-Cache
X-Mg-S
X-Amzn-Trace-Id
X-Recruiting
X-Accel-Expires
X-Ser
X-NWS-LOG-UUID
X-Amz-Server-Side-Encryption
X-Kinsta-Cache
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-PressLabs-Stats
X-HP-Webp
X-Grace
X-Request-Handler-Origin-Region
X-Microsite
X-Origin-Server
X-Logged-In
Accept-Charset
ServerID
X-Varnish-Age
X-Page-Id
X-Cache-Hit
X-DIS-Request-ID
X-Ratelimit-Remaining
Host
MicrosoftSharePointTeamServices
X-Shield-Request-Id
Nginx-Cache
X-ECACHE
Edge-Cache-Tag
X-Content-Security-Policy-Report-Only
X-Server-ID
X-B
X-Hits
X-Hostname
X-Mobile-URL
X-F-Cache
Cache-Tags
X-LB-Cache
X-Az
X-AppVersion
Realpath
Powered-By-ChinaCache
X-Activity-Id
Alternate-Protocol
Accept-Ch-Lifetime
X-N
X-Git-Hash
Cleartype
X-Ratelimit-Limit
X-Content-Options
X-Forwarded-For
X-Cached-By
X-Respond-Thread
X-Upgrade-Enabled
DynaTrace
X-Type
X-Load-Cache
Paypal-Debug-Id
X-App-Environment
X-Varnish-Backend
X-Rid
X-Jobs
X-Cache-Age
X-Request-Guid
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-FTR-DC
X-FTR-Cache-Status
X-Kong-Upstream-Latency
X-FTR-Realm
X-Kong-Proxy-Latency
X-FTR-Expires
X-Seen-By
Fastcgi-Useragent
X-Amz-Meta-S3cmd-Attrs
Access-Control-Allow-Method
X-Proxy
Nel
X-FireWall-Port
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-WebKit-CSP-Report-Only
X-URL
X-Correlation-ID
Filterid
X-Zen-Fury
X-Akamai-Edgescape
X-Goog-Generation
X-HS-Content-Id
X-GUploader-UploadID
X-HS-Cache-Config
X-HS-Hub-Id
X-Daa-Tunnel
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Varnish-Grace
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-FB-Debug
X-HS-Combine-CSS
X-B3-Sampled
Charset
X-VCache
X-IPLB-Instance
X-Signature
X-Host-Name
DC
X-B-Cache
X-AOL-HN
Healthy
X-Debug-Info
MS-CV
X-Whom
X-App-Server
X-Region
X-Mobile
X-Geo-Country
X-User-Agent
Filters
AMP-Access-Control-Allow-Source-Origin
X-Cache-Rule
X-Cache-Operation
X-Frontend
X-Original-Request-Id
X-Accel-Buffering
X-Response-Served-From
Viewport
X-Id
X-XRDS-LOCATION
Payment
Liferay-Portal
X-Instance
X-HTML-Minification-Powered-By
X-Content-Powered-By
X-UUID
X-Distributor
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Rule
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Tumblr-User
X-FW-Hash
X-FW-Serve
X-FW-Server
X-FW-Dynamic
X-Cacheable-TTL
X-FW-Type
X-FW-Static
X-Cache-Time
X-Acc-Debug-Context
Surrogate-Key
Refresh
X-Protected-By
Content-Disposition
X-Via-JSL
S-Cnection
X-Is-Bot
X-Wix-Request-Id
X-Rendered-As
X-Amz-Replication-Status
X-Cache-Expired-At
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Hyper-Cache
Section-Io-Cache
X-Backend-Name
X-App-Version
Datacenter
Version
X-Sucuri-ID
X-Endurance-Cache-Level
X-Ah-Environment
X-Ua
PB-RID
X-Tec-Api-Version
PB-PID
X-Cache-Action
X-Oneagent-Js-Injection
Arc-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Cache-Server
Akamai-Age-Ms
Retry-After
GEO-INFO
Server-Name
X-Pinterest-Sli-Latency-Threshold
X-Pinterest-Sli-Response-Type
X-Pinterest-Sli-Endpoint-Name
X-Source
X-Air-Hostname
NGB
X-Varnish-Server
X-EdgeConnect-Cache-Status
Eomportal-Instance
Referer-Policy
Countrycode
X-Real-IP
X-RemovedCookies
X-ProcessESI
X-L-Path
X-Framework
CACHE
X-Environment-Context
X-Sucuri-Cache
X-RTag
Ms-Operation-Id
X-Revision
Frame-Options
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Unique-Id
X-Esi
X-Drupal-Cache-Contexts
X-Cache-Control
X-DynaTrace-JS-Agent
X-Proxy-Cache-Status
X-Azure-Ref
X-WA-Info
X-Cache-Var-Map
X-ES-SERVER
X-RN-RSRV
X-Cache-Var
Meta-Geo
X-NewRelic-App-Data
X-GeoIP
X-Mode
X-Drupal-Cache-Tags
Webserver
X-Cache-Host
X-BYPASS-REASON
X-Qloud-Router
DB-Nickname
X-ProxyCache-Status
X-ProxyCache-Key
Cache-Tv-Group
X-Time-Microsecs
X-R9-Blue-Green-Version
X-Xfnlog-Site
X-Cache-TTL-Remaining
X-Human
X-Cluster
Webcakes-App-Name
X-Status
TWC-Privacy
X-From
TWC-Locale-Group
X-Origin-Hint
X-Server-W
X-Redis-Cache
X-Amzn-Remapped-Content-Length
X-AWS-Id
Webcakes-Region
X-PHP-Host
X-Loop
X-PCL
X-FW-Version
X-TNCMS
X-Hosted-By
Ec-Rule-Version
Mn-Server-Ip
Cross-Origin-Window-Policy
X-OCL
X-Labrador-Cache-Channel
X-NYM-Debug-Backend
Property-Id
TWC-Connection-Speed
X-VWS-Id
X-Handled-By
X-Hl-Ver
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-GeoIP-Country
X-LJ-Flow-ID
Webcakes-App-Version
X-Zipkin-Id
X-Section
X-FB-TRIP-ID
X-Format
X-Be
X-Detected-As
X-Via-Fastly
X-Site-Version
X-ServerID
X-Timing-Wait
X-Routing-Service
X-Proxied
X-Access
X-Locale
X-Proxy-Build
X-Proto
X-No-Session
Selected-Fe
X-PHP-Backend
X-Contextid
X-Fastcgi-Cache
Uber-Trace-Id
FSS-Cache
X-CDN-Forward
X-Debug-Cache
X-Cache-PHP
X-Correlation-Id
X-Generated-By
X-ATG-Version
X-Device-Type
X-Ratelimit-Reset
X-AIR-PT
X-Adobe-Content
X-Adobe-Loc
X-TIME
X-BCube-Filmed-By
X-Providence-Cookie
X-Is-Crawler
X-Route-Name
X-Aspnet-Duration-Ms
X-Flags
X-TT
X-CSRF-Token
Cache
X-Tt-Trace-Tag
X-Tt-Trace-Host
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-NC
X-Varnish-Cache-Hits
Azure-SlotName
Azure-SiteName
From-Origin
Azure-Version
Upgrade-Insecure-Requests
Azure-RegionName
Azure-InstanceId
Powered
OT-Force-Account-Verify
Access-Control-Request-Headers
X-NCache
X-Time
X-Oss-Storage-Class
X-COUNTRY
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Origin
X-SaId
X-JoinUs
X-Oss-Object-Type
CF-Cached-On
X-GoCache-CacheStatus
X-Akamai-Transformed
X-Cache-2
X-FTR-Cache-Host
SD-X-WS
X-Adobe-Source
X-CCM
X-UPSTREAM-Address
X-Backend-TTL
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-ShardId
X-Backend-Host
X-LAGOON
X-LLID
X-Sorting-Hat-ShopId
X-Varnishpool
X-Storefront-Renderer-Rendered
X-Pubstack
X-Forwarded-Host
X-ApacheServer
X-PERF
X-Cache-Grace
Decoy-Debug-Key
Country
X-Page-View
X-Web-Node
Decoy-Debug-Status
Fastly-SSL
Decoy-Debug-TTL
X-G
X-Say-Cacheable
X-Storage
X-Cluster-Name
X-Soup
X-SayCDN-TTL
X-Say-TTL
Node
X-IP
X-ECache
X-NWS-UUID-VERIFY
X-Ruxit-Js-Agent
Cache-Status
X-TA-CDN-Provider
X-Cache-Enabled
X-APP-VERSION
X-Tumblr-Pixel-3
X-IPS-LoggedIn
X-Cdn
X-Cache-Spec
X-Viewer-Country
X-TX-ID
SRV
Host-ID
X-Connection-Hash
X-B-Cookie
X-Vdms-Path
X-Vdms-Version
X-VG-WebCache
X-D
Apple-News-Services-Handled
X-ARC
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-VG-WebServer
X-Destination
X-Request-UUID
X-External-Request-Id
X-ScT
Rendered-Blocks
Apple-News-Services-Request-Url
Machine
X-Trv-Group
Apple-News-Services-Host
MD5-Digest
X-Rojux
X-Rewrite-Enabled
Meta-Geo-Continent
X-S
X-S-Cookie
Apple-News-Services-Parsed-Url
X-Application
X-A-Wwc
X-A-Dcw
X-A-Dam
X-Processor
Xc-Version
X-RCS-CacheZone
X-A-Dgt
X-CF-Lambda-Version
X-PAYTM-SRV-ID
X-Cache-NE
Fastcgi-X-Cache-Version
X-PBS-Appsvrname
X-CF-Lambda-Fn
X-A
X-A-Ccd
DCR-Decision-By
Mobile-Detection-Method
DCR-Processing-Time-Ms
X-Aed
X-Worker
X-Bc-Bl
X-Varnish-Beresp-Status
X-Cache-Config
X-Varnish-Beresp-Grace
X-EC-Lua
X-Varnish-Beresp-Ttl
X-CUA
X-WADP-Cache
X-Cache-Bucket
X-Core-Value
Is-Eu
X-Session-Fingerprint
X-Clara-WADP
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Cms-Context
X-Varnish-CookieHashed-On
Platform
X-Variation
X-VG-TLSProxy
Adler-Geo
X-Fastly-Cache
CloudFront-Viewer-Country
X-Cache-Backend
X-Micro-Cache
CDN-Uid
CDN-RequestId
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestCountryCode
X-Microcachable
X-Rebelmouse-Surrogate-Control
Fastly-SWR
X-Cache-Debug
Fastly-SIE
X-Ms-Version
X-Platform-Server
X-Rebelmouse-Cache-Control
X-Ms-Request-Id
Gh-Request-Id
CDN-CachedAt
X-Auto-Login
X-Fmm-Version
X-DefHash
X-Servername
X-DefElseHash
X-Envoy-Decorator-Operation
CDN-Cache
X-Generation-Time
X-DPWN-IS-SECURE
X-ID
X-UA
Backend
Rt-Fastcgi-Cache
L
Fastly-Drupal-HTML
X-Cache-Date
X-Branch-Name
Wxu-Next-Commit
NM-Fastcgi-Cache
Wxu-Next-Region
CacheControlHeader
Wxu-Next-Hostname
X-Backend-State
Fastly-Backend-Name
C-Via
Akamai-GRN
PFcat
X-Bip
AKAMAI
X-Location
X-Platform
X-Owner
X-Policy
X-EIG-Tracking-Id
X-Render-Time
X-OVcl-Cache
X-OVcl
Origin
X-LI-UUID
X-Cache-Id
X-Varnish-Ttl
X-Old-Content-Length
X-Request-Host
X-Request-Start
X-VarnishDD-TTL
X-Varnish-Cacheable
X-Webstats-RespID
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Twitter-Response-Tags
X-Transaction
X-Skip-Cache
X-Slack-Backend
X-SN
X-Thanos
X-Li-Pop
X-Method
X-Fastly-Backend
X-Gamma-Serve
X-Li-Fabric
X-Geo-Header
X-Esi-Check
X-Dispatcher-Server
X-Cache-NGX
X-Clientip
X-Core-Mission
X-Developers
X-Gzip
X-Generated-On
X-HS-Content-Campaign-Id
X-Irp-Debug
X-JWT-State
X-Level-Front-Cache
X-HN
X-Is-Gdpr
X-Hash
X-Has-Esi
X-Via-CDN
X-Hp-Webp
X-CS
X-CGP
X-Cache-Tags
Pagetype
X-Minions-Version
X-Eu-Site
X-Mvc-Supplant-Cachable
X-Csrf-Jwt
X-Reqid
X-Content-Age
L5d-Success-Class
X-B3-Spanid
X-GEO
HA-Ipaddr
Ha-Gx-Prefs
Country-Code
X-Refresh
X-B3-Traceid
X-Amz-Meta-Cb-Modifiedtime
UCS
X-PF-Uncompressing
FSS-Proxy
X-DC
X-Date
X-Aicache-OS
X-Wa
Surrogated-Key
X-Accel-Expires-Debug
X-NGENIX-Cache
X-NODE
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-Edge-Location
X-LB-ID
X-Sql-Count
X-Sql-Duration-Ms
X-Req
X-Via-Popn
X-Cache-Remote
X-Up
X-Via-Poph
X-Ftr-Cache-Host
We-Hiring
X-Mvc-Supplant-OutputCached
Mail-Subject
X-Cache-URL
NGX
Memcached
X-Cdn-Srv
X-RateLimit-Remaining
Ufe-Result
X-Presslabs-Stats
Group
Time
X-Dc
X-NU-AKA-ACS-Version
Hostname
X-Debug-Cache-Fetch
X-Debug-Cache-Store
HostName
X-SRV
Now
X-Proxy-Upstream
X-Erf-Bev-Bev
X-Www-Served-By
X-Erf-Bev-Bev-Is-Generated
X-Nginx-Cache
X-BC
X-Servedbyhost
XServer
X-ZONE
X-Ua-Device
X-LI-Proto
X-FPC
X-FORWARDED-FOR
X-S-Maxage
X-CACHE-AGE
Cache-Hits
X-Check-Cacheable
Edge-Copy-Time
X-Agile-Id
X-Varnish-Hostname
X-Via-Edge
X-Agile
X-Via-SSL
X-Agile-Age
X-Svr
GeoIp-Country-Code
ServedBy
Protected
On-Server
X-Request-Time
Geoip-Latitude
M-TraceId
X-Cdn-Forward
X-CSRF-TOKEN
Xserver
X-LiteSpeed-Cache-Control
X-Pass-Why
X-Cluster-Node
T-Server
X-VCL-Version
X-NGINX-Cache
X-UnsetCookies
SID
X-HS-Status
Arc-Country
X-APP
NtCoent-Length
X-Datadome
X-MP-GENERATED-AT
X-Cs
X-Via-Popv
X-CF-Powered-By
X-Bc
X-Acc-Rdl
X-Zone
Server-Host
VivaBuild
X-Erf-Stays-Bingo-Pdp-Web
Cdn-Host
Pics-Label
Viewtype
X-Srv
N-Cache
Cdn-Request-Time
X-Edge-Server
X-Varnish-Hits
X-Uri
Ohc-File-Size
ProcessTime
X-Action
Magicmarker
X-We-Are-Hiring
Apigw-Requestid
Processtime
Memory
X-Via-Ucdn
X-VC
X-SB
X-RunCloud-Cache
WZWS-RAY
Srv
User-Agent
X-Dynatrace-Js-Agent
X-RSL
X-RPM
X-RPS
X-MSEdge-Features
WebServer
X-Info
Sid
X-MSEdge-Flight
WWW-Authenticate
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
W
Section-Io-Id
X-DI
X-Oss-Cdn-Auth
X-DSS
X-DB
X-DW
Geo-Info
X-TT-LOGID
Ohc-Cache-HIT
LB
X-Vgn-Hpd-Ssi
DSUID
CF-IPCountry
Server-Info
X-Geo
X-Unique-ID
X-SERVER-NAME
X-UA-Device-Type
Odigeo-Trace-Id
X-HOST
Cache-Name
X-Newrelic-App-Data
CDN
X-Vcl-Version
Cteonnt-Length
User-Cache-Control
S-Rt
Tracecode
X-Tb
X-HITS
X-Dynatrace
X-Origin-Date
X-Hit
X-Cache-Hm
Ssr
Amp-Access-Control-Allow-Source-Origin
X-Pjax-Url
X-Cache-Hfrom
X-Webkit-CSP-Report-Only
CountryCode
A
GeoIP-Country-Code
GeoIP-Latitude
X-CLOUD-TRACE-CONTEXT
X-Magnolia-Registration
X-Akamai-Request-ID2
Lfy
X-Fastly-Country-Code
X-Nc
X-CACHE-KEY
X-BBC-Edge-Cache-Status
IsBot
X-API-Version
X-Cache-Info
X-BBXSRF
X-Block-Status
X-Epic-Correlation-Id
X-Envoy-Upstream-Healthchecked-Cluster
CDCHOST
X-Cache-ASPX
Locid
Thinkindot-CacheControl
D-Cc-Upstream
X-FC-Vary-Parameters
Release
SR-User-Adfree
Server-Ext
Server-Hostname
Sever-Int
Path
X-Cc-Req-Id
True-Client-Country-4JS
V-Age
Vix-Hermes-Req-Id
Thinkindot-Control
X-Scheme
X-Cc-Via
Thinkindot-CacheControl-Type
Web-Mar-Node
X-SVT-ORM-VERSION
X-Origin-Time
X-Varnish-Authentication
X-SRCache-Key
X-Matched-Rule
X-Origin-CC
X-Newrelic-Synthetics
X-Node-Id
X-VServer
X-Varnish-Url
Instruction
X-Request-URI
X-Nyt-Route
X-Hnp-Log
X-Origin-TTL
X-User
X-Server-IP
X-SIPLIST1
X-Response-By
X-SD-PageType
X-GeoIP-City
X-Nginx-Cache-Key
X-Gen-Mode
Lb
X-Gdpr
X-Developer
X-Thinkindot-L3
X-Contensis-Viewer-Groups
X-SVT-ORM-RULES
X-Origin-Expires
X-Provided-By
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Fetched-On
Pramga
X-Traceid
X-Loc
MIME-Version
X-Device-Os
Server-ID
X-Cdn-Origin
X-ServedByHost
X-Sn-Servicetimems
X-Var-Ttl
X-Azure-Ref-OriginShield
X-Trace-Id
X-NodeID
X-Li-Proto
Cdn
Accept-Language
X-Generated-In
X-Cache-Expires
X-Fpc
X-Via-NSCOPI
Tcn
Actual-Object-TTL
X-Cache-Tag
X-ORACLE-APMCS-REQUEST-ID
X-Swa-Ws
X-Amzn-Remapped-Connection
X-Instart-Request-ID
X-StackifyID
Esi-Enabled
X-Men
FNAC-ModuleRouting
Cache-Host
X-Amzn-Remapped-Date
X-Vcache
Cache-Key
Server-Ttl
X-Akamai-Pragma-Client-IP
X-Rocket-Build-Number
X-Key
X-Lb-Id
X-TH-Server
X-Sigma
X-Sigma-Backend
X-Served-From
Cf-Device-Type
Source
Kp-EeAlive
X-Mobile-Rewrite
X-B3-SpanId
X-Via-PopN
X-Parent-Response-Time
Req-Svc-Chain
X-Via-PopH
X-Via-PopV
Cache-Provider
X-WA
X-No-Cache
X-Origin-Response-Time
Content-Style-Type
Origin-Cache-Control
Origin-Edge-Control
Expiry
X-Dispatch
Content-Script-Type
X-BBC-Origin-Response-Status
X-ServiceProvider
X-Agile-Brick-Ok
X-Geo-Region
X-VC-Cache
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
Proxy-Firewall
X-MiniProfiler-Ids
X-Yottaa-OS
X-ElasticPress-Query
X-Tt-Logid
X-Batcache
X-Instart-Info
X-Apw-Access-Object
Who
NnCoection
X-Apw-Access-Action
X-RateLimit-Limit
X-HostName
X-Varnish-Beresp-TTL
X-Request-URL
X-B3-Parentspanid
Location
X-PJAX-URL
X-Apw-Hits
X-Apw-Access-Token
Url
Inserted-Into-Cache-At
Powered-By
X-RAMCache
HitType
Cf-Alt-Svc
X-Selected-Scheme
X-Selected-Name
X-Selected-Host-Header
X-Request-Url
X-TraceId
Xkeyi7
X-Akamai-Request-ID
Vha6-Origin
EpKe-Alive
X-Snapshot-Date
X-Miniprofiler-Ids
X-Proxy-Cachei7
PICS-Label
Fastcgi-Cache-TTL
X-Dw-Trace-Id
X-Pf-Uncompressing
X-LiteSpeed-Tag
Mime-Version
Dnion-Transfer-Encoding
X-Vgn-Hpd-Reason
Xet-Cookie
Pragrma
X-C
Resin-Trace