Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
Age
CF-RAY
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Xss-Protection
Alt-Svc
X-Served-By
CF-Ray
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Methods
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
P3p
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Upgrade
X-Template
Content-Encoding
X-Language
X-CDN
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Ws-Request-Id
X-Buckets
X-Age
Feature-Policy
X-Backend
X-AH-Environment
X-UA-Device
X-Hacker
X-Cache-Group
X-Robots-Tag
EagleId
X-Server
X-Amz-Request-Id
X-Amz-Id-2
X-Proxy-Cache
X-Turbo-Charged-By
X-Server-Powered-By
Request-Context
Server-Timing
Host-Header
X-Nginx-Cache-Status
Grace
Xkey
X-Dns-Prefetch-Control
Report-To
X-Page-Speed
X-Rq
Cf-Bgj
X-LiteSpeed-Cache
X-Varnish-Cache
X-OneAgent-JS-Injection
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-Vhost
NEL
X-Dispatcher
X-Host
X-Device
X-Backend-Server
X-Node
Surrogate-Control
X-Cache-Lookup
X-Origin-Cache
X-Response-Time
X-Ruxit-JS-Agent
Content-Location
X-Akam-SW-Version
Request-Id
X-ASPNET-VERSION
X-Ac
Akamai-Age-Ms
X-Country
X-Server-Id
X-Mod-Pagespeed
X-HW
Rating
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-Readtime
X-Cloud-Trace-Context
X-ORACLE-DMS-RID
Pinterest-Generated-By
X-Application-Context
X-Origin-Upstream-Status
X-DataDome
Edge-Control
Accept-CH
Accept-CH-Lifetime
X-Country-Code
X-PC
X-Url
X-Vname
X-TtlSet
Fusion-Content-Source
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
X-Varnish-TTL
X-Cnection
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-D2id
X-ESI
X-GitHub-Request-Id
X-Server-Name
X-MS-InvokeApp
X-Clacks-Overhead
Accept-Ch
X-Content-Type
X-Navigation-Version
X-FTR-Request-ID
X-Abt-Application-Version
Verso
X-Vcap-Request-Id
X-Trace
Accept-Ch-Lifetime
X-Px
X-Pinterest-Rid
Pinterest-Version
X-Server-ID
Allow
Display
Pagespeed
X-Middleton-Response
X-Sol
Response
X-Middleton-Display
X-Cached
X-Element-Page-Cache
X-Rack-Cache
Service-Worker-Allowed
X-Fastly-Request-ID
X-B3-TraceId
X-DynaTrace
X-Client-IP
X-Cache-TTL
X-Powered-By-Plesk
X-Version
Arr-Disable-Session-Affinity
MS-Author-Via
X-Forwarded-Proto
X-TTL
X-T
X-Upstream
X-NF-Request-ID
X-Debug
Content-MD5
Fastly-Restarts
X-Dw-Request-Base-Id
X-SharePointHealthScore
SPRequestGuid
Ar-Sid
AR-Request-ID
AR-ATIME
AR-PoweredBy
AR-CACHE
X-VARITI-CCR
X-Jurisdiction
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Kinja
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Use-Magma
X-Goog-Hash
Access-Control-Request-Method
X-Powered-CMS
TP-L2-Cache
X-Content-Digest
TP-Cache
X-PressLabs-Stats
X-XRDS-Location
X-Release
X-NWS-LOG-UUID
X-Edge
X-MSEdge-Ref
RTSS
X-Ttl
SPRequestDuration
SPIisLatency
X-Amz-Rid
Public-Key-Pins
Cache-Tag
Fastcgi-Cache
TCN
X-Request-Received
X-Request-Processing-Time
S
X-Yandex-Sdch-Disable
X-FastCGI-Cache
X-Accel-Expires
X-MCACHE
X-Cache-Hit
X-Mid
X-Ezoic-Cdn
ServerID
Server-Node
X-Logged-In
X-Amzn-Trace-Id
X-Cache-Key
X-Node-Name
X-ECACHE
Alternate-Protocol
Front-End-Https
X-Microsite
X-Request-Handler-Origin-Region
X-Ratelimit-Remaining
X-Ser
X-Pinterest-Direct
X-Webkit-CSP
X-Recruiting
X-Origin-Server
X-Kinsta-Cache
X-Page-Id
X-B
X-Mobile-URL
Host
X-Ratelimit-Limit
Accept-Charset
Realpath
X-Forwarded-For
X-Hostname
X-FTR-Realm
X-FTR-Expires
X-FireWall-Port
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Backend
X-Country-Code-Real
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Content-Security-Policy-Report-Only
Nginx-Cache
X-Seen-By
Filterid
X-Load-Cache
X-Jobs
X-Varnish-Age
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Id
X-Content-Options
X-CST
X-Shield-Request-Id
X-DIS-Request-ID
X-Daa-Tunnel
X-AppVersion
X-Activity-Id
X-Az
Paypal-Debug-Id
X-App-Environment
X-Zen-Fury
X-Type
X-F-Cache
X-LB-Cache
Edge-Cache-Tag
X-Rid
X-Git-Hash
X-Varnish-Backend
X-N
X-Grace
X-Varnish-Grace
X-Request-Guid
X-Correlation-ID
X-Amz-Server-Side-Encryption
X-Hits
X-FB-Debug
X-App-Server
X-Proxy
Fastcgi-Useragent
X-Cdn
DC
AMP-Access-Control-Allow-Source-Origin
X-Akamai-Edgescape
X-WebKit-CSP-Report-Only
Content-Disposition
X-Content-Powered-By
Cache-Tags
X-Hp-Webp
X-Endurance-Cache-Level
DynaTrace
X-Cache-Rule
X-Cache-Operation
X-Upgrade-Enabled
Access-Control-Allow-Method
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Mg-S
X-VCache
X-Geo-Country
Cleartype
X-Wix-Request-Id
MicrosoftSharePointTeamServices
X-Cached-By
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Powered
X-Amz-Meta-S3cmd-Attrs
X-XRDS-LOCATION
X-Response-Served-From
X-Accel-Buffering
X-Original-Request-Id
Refresh
X-B3-Sampled
X-IPLB-Instance
MS-CV
X-Amzn-RequestId
X-HS-Combine-CSS
X-Fastcgi-Cache
X-User-Agent
NGB
X-HS-Hub-Id
X-Amz-Apigw-Id
X-HS-Content-Id
X-HS-Cache-Config
X-AOL-HN
X-B-Cache
X-Tumblr-Pixel-0
Healthy
X-Tumblr-Pixel
X-Region
X-Rule
X-Signature
Payment
X-Tumblr-User
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Tumblr-Pixel-1
X-HTML-Minification-Powered-By
X-Whom
X-UUID
X-Host-Name
X-Tumblr-Pixel-2
X-FW-Type
X-FW-Hash
X-Cache-Time
X-FW-Server
X-FW-Static
X-Distributor
X-FW-Dynamic
X-FW-Serve
X-Instance
X-Tec-Api-Origin
X-Cacheable-TTL
Datacenter
X-Tec-Api-Root
X-Tec-Api-Version
X-Rendered-As
X-Is-Bot
X-Frontend
Arc-Version
PB-RID
PB-PID
Countrycode
X-Mobile
X-Varnish-Server
Surrogate-Key
X-Debug-Info
X-Cache-Age
X-DynaTrace-JS-Agent
X-HP-Webp
X-PHP-Backend
X-Oneagent-Js-Injection
X-App-Version
X-FTR-Cache-Host
X-NewRelic-App-Data
X-Backend-Name
X-Azure-Ref
X-Via-JSL
X-Ua
Cache
X-Cache-Server
S-Cnection
X-WA-Info
Webserver
Powered-By-ChinaCache
X-Protected-By
X-Hyper-Cache
X-Cache-Control
Referer-Policy
Retry-After
Filters
X-Respond-Thread
From-Origin
Liferay-Portal
Charset
Viewport
X-Time
X-EdgeConnect-Cache-Status
X-Proxy-Cache-Status
X-ProcessESI
X-Cache-Expired-At
X-RemovedCookies
X-Revision
X-ES-SERVER
X-R9-Blue-Green-Version
X-Cache-Var
X-Debug-Cache
X-Source
Eomportal-Instance
X-RN-RSRV
X-Mode
Meta-Geo
X-Cache-Var-Map
Section-Io-Cache
X-FB-TRIP-ID
X-GeoIP
X-Cache-Action
X-Device-Type
X-RTag
X-Server-W
X-Framework
X-Sucuri-ID
Ms-Operation-Id
X-Amz-Replication-Status
X-From
X-Qloud-Router
X-Ruxit-Js-Agent
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Connection-Speed
X-Time-Microsecs
X-Origin-Hint
X-OCL
TWC-Locale-Group
TWC-Device-Class
Webcakes-App-Name
X-Site-Version
X-AWS-Id
X-BYPASS-REASON
X-Locale
X-LJ-Flow-ID
Property-Id
Webcakes-App-Version
Webcakes-Region
TWC-Privacy
X-PCL
X-Ratelimit-Reset
X-L-Path
X-ProxyCache-Status
X-Environment-Context
DB-Nickname
X-Via-Fastly
X-VWS-Id
X-ProxyCache-Key
Mn-Server-Ip
X-Zipkin-Id
X-CSRF-Token
Cross-Origin-Window-Policy
X-Proxy-Build
X-Routing-Service
X-Hl-Ver
X-ServerID
Cache-Tv-Group
X-Cache-Host
X-Handled-By
X-Amzn-Remapped-Content-Length
X-Timing-Wait
X-Proxied
X-Status
X-FW-Version
X-Acc-Debug-Context
Selected-Fe
X-Format
X-Real-IP
X-Access
X-Redis-Cache
X-SaId
X-Section
X-JoinUs
X-Hosted-By
X-PHP-Host
X-Human
X-Proto
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Labrador-Cache-Channel
X-NYM-Debug-Backend
X-Cluster
X-Varnish-Cache-Hits
X-Be
X-Xfnlog-Site
X-Generated-By
Uber-Trace-Id
X-TNCMS
X-Loop
X-TA-CDN-Provider
Ec-Rule-Version
X-NWS-UUID-VERIFY
X-Detected-As
X-BCube-Filmed-By
CF-Cached-On
Frame-Options
X-Origin
X-ATG-Version
Server-Name
X-Cache-TTL-Remaining
X-NCache
X-No-Session
Version
X-Cache-PHP
X-URL
X-Instart-Request-ID
FSS-Cache
X-Sucuri-Cache
X-EIG-Tracking-Id
X-Contextid
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Air-Hostname
X-Drupal-Cache-Tags
X-Vgn-Hpd-Cached
X-Drupal-Cache-Contexts
X-Vgn-Hpd-Variations-Key
X-IPS-LoggedIn
X-EC-Lua
GEO-INFO
X-Cache-Enabled
Now
X-IP
X-Tumblr-Pixel-3
X-Unique-Id
X-Bc-Bl
X-CACHE-AGE
X-Litespeed-Cache
X-Akamai-Transformed
Time
X-UA
X-TT
X-Cache-Backend
X-Backend-Host
X-TIME
Node
OT-Force-Account-Verify
X-Correlation-Id
Azure-InstanceId
X-RCS-CacheZone
Azure-RegionName
Azure-Version
Azure-SlotName
Azure-SiteName
X-GoCache-CacheStatus
X-Adobe-Loc
X-Adobe-Content
Access-Control-Request-Headers
X-RateLimit-Remaining
X-Cache-NE
VIX-Pulpo-Upstream-Status
X-NGENIX-Cache
VIX-Pulpo-Node
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Request-Id
X-CDN-Forward
X-Dc
X-APP-VERSION
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Pubstack
X-Adobe-Source
X-CCM
X-Connection-Hash
Apple-News-Services-Request-Url
X-D
X-CF-Lambda-Version
DCR-Decision-By
X-CF-Lambda-Fn
X-Date
CloudFront-Viewer-Country
X-External-Request-Id
Apple-News-Services-Host
X-OVcl
Apple-News-Services-Handled
X-Minions-Version
Apple-News-Services-Parsed-Url
X-B-Cookie
X-Generation-Time
X-Destination
X-Application
Host-ID
X-A
X-A-Ccd
Machine
MD5-Digest
Rendered-Blocks
Surrogated-Key
Meta-Geo-Continent
Fastcgi-X-Cache-Version
X-A-Dam
X-Aed
DCR-Processing-Time-Ms
Mobile-Detection-Method
X-Accel-Expires-Debug
X-A-Wwc
X-A-Dcw
X-A-Dgt
X-ARC
X-G
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-ScT
X-S-Cookie
X-Rewrite-Enabled
X-Rojux
X-Up
X-Vdms-Path
X-Vtex-Remote-Cache
X-Worker
Xc-Version
X-Vtex-Processado-Em
X-VG-WebServer
X-Vdms-Version
X-VG-WebCache
X-Processor
X-S
X-PAYTM-SRV-ID
X-OVcl-Cache
X-PBS-Appsvrname
X-Varnishpool
X-ApacheServer
X-Alternate-Cache-Key
X-PERF
X-Storefront-Renderer-Rendered
X-ShardId
X-Forwarded-Host
X-ShopId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Viewer-Country
X-Shopify-Stage
CDN-Cache
X-Micro-Cache
X-Microcachable
CDN-CachedAt
NM-Fastcgi-Cache
X-VG-TLSProxy
X-Request-UUID
X-Level-Front-Cache
We-Hiring
X-Method
Mail-Subject
X-Owner
X-Webstats-RespID
CacheControlHeader
CDN-Uid
CDN-RequestId
X-WADP-Cache
CDN-PullZone
SD-X-WS
CDN-EdgeStorageId
Fastly-SSL
CDN-RequestCountryCode
Wxu-Next-Hostname
X-Cache-2
X-Cache-Bucket
X-Bip
X-Req
X-Platform
X-Reqid
X-Cache-Grace
X-Render-Time
X-CUA
X-Envoy-Decorator-Operation
X-Core-Value
X-Cms-Context
X-Clara-WADP
X-Agile-Id
X-Agile-Age
Wxu-Next-Region
X-Thanos
X-Dispatcher-Server
Wxu-Next-Commit
X-Hash
X-Storage
X-Soup
X-Fmm-Version
X-Agile
AKAMAI
X-Generated-On
X-SN
X-HS-Content-Campaign-Id
X-Edge-Location
HostName
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Varnish-Ttl
X-TX-ID
X-AIR-PT
Decoy-Debug-TTL
X-Cdn-Forward
Decoy-Debug-Key
Decoy-Debug-Status
Akamai-GRN
X-Policy
Pagetype
X-Proxy-Upstream
HA-Ipaddr
Gh-Request-Id
Fastly-Drupal-HTML
X-Amz-Meta-Cb-Modifiedtime
Ha-Gx-Prefs
L5d-Success-Class
PFcat
M-TraceId
X-Location
X-Cdn-Srv
X-CGP
X-Cluster-Name
X-Cache-URL
X-Cache-NGX
X-Auto-Login
X-Cache-Config
X-Cache-Id
X-Core-Mission
X-Csrf-Jwt
X-Gamma-Serve
X-Geo-Header
X-Gzip
X-Fastly-Cache
X-Eu-Site
X-Developers
Ufe-Result
X-Esi-Check
X-HN
Group
X-DPWN-IS-SECURE
X-VHOST
Adler-Geo
X-Varnish-Cacheable
Cache-Status
Platform
Fastly-SIE
Fastly-SWR
Is-Eu
Backend
X-Rebelmouse-Cache-Control
X-VarnishDD-TTL
X-Skip-Cache
Country
X-Variation
Country-Code
X-Servername
X-Backend-TTL
X-Rebelmouse-Surrogate-Control
X-NC
L
C-Via
Fastly-Backend-Name
UCS
Rt-Fastcgi-Cache
X-Has-Esi
X-Backend-State
X-Content-Age
X-Is-Gdpr
X-Cache-Tags
X-Cache-Date
Memcached
X-Fastly-Backend
X-LI-UUID
X-Li-Pop
X-Li-Fabric
X-Request-Host
X-Say-Cacheable
X-SayCDN-TTL
X-Say-TTL
X-Request-Start
X-Web-Node
X-Esi
X-Old-Content-Length
X-Slack-Backend
X-JWT-State
X-Wikidot-Static-Cache
X-Clientip
X-Irp-Debug
X-Wikidot-Backend
Nel
X-ORACLE-APMCS-REQUEST-ID
X-B3-Spanid
X-Mvc-Supplant-Cachable
X-Refresh
X-PF-Uncompressing
Origin
X-Ms-Request-Id
X-Ms-Version
Actual-Object-TTL
Arc-Country
X-NODE
X-CS
Viewtype
X-Aicache-OS
X-Wa
VivaBuild
NGX
X-BC
Srv
X-ZONE
FSS-Proxy
X-Via-Ucdn
X-RunCloud-Cache
X-LB-ID
X-Via-Popn
X-Via-Poph
X-LAGOON
X-B3-Traceid
X-Platform-Server
Geo-Info
X-Unique-ID
X-Srv
X-DefHash
X-DefElseHash
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
Upgrade-Insecure-Requests
X-LI-Proto
X-Servedbyhost
X-Vgn-Hpd-Ssi
Cdn-Host
Cdn-Request-Time
X-Mvc-Supplant-OutputCached
X-Edge-Server
X-Branch-Name
Memory
X-SERVER
X-UPSTREAM-Address
Sid
X-Zone
X-Bc
X-Cache-Debug
X-Session-Fingerprint
X-Mobile-Rewrite
X-Geo
X-Request-Time
X-LiteSpeed-Cache-Control
X-Cluster-Node
Server-Info
X-Cs
X-FPC
X-Action
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-APP
X-Akamai-Request-ID2
X-FC-Vary-Parameters
X-NGINX-Cache
X-Epic-Correlation-Id
X-Hit
CACHE
X-DB
X-RSL
X-DW
X-Varnish-Hostname
X-CF-Powered-By
X-RPS
X-DI
X-Via-Popv
WWW-Authenticate
X-RPM
X-DSS
X-Nc
X-CSRF-TOKEN
X-Nginx-Cache
X-ECache
Apigw-Requestid
X-Oss-Cdn-Auth
GeoIp-Country-Code
X-MP-GENERATED-AT
X-Route-Name
X-Aspnet-Duration-Ms
X-Is-Crawler
Xserver
Geoip-Latitude
X-Flags
X-Providence-Cookie
Hostname
XServer
X-GEO
X-Vcache
NtCoent-Length
X-HS-Status
X-Vcl-Version
Processtime
User-Agent
X-DC
X-VCL-Version
Origin-Cache-Control
X-SERVER-NAME
Origin-Edge-Control
X-Check-Cacheable
X-FORWARDED-FOR
CF-IPCountry
X-NU-AKA-ACS-Version
X-Tb
ProcessTime
X-Page-View
Accept-Language
GeoIP-Latitude
X-Ftr-Cache-Host
X-Key
X-Dispatch
X-Dynatrace-Js-Agent
GeoIP-Country-Code
X-HOST
X-Dynatrace
X-Via-CDN
X-Envoy-Upstream-Healthchecked-Cluster
Esi-Enabled
X-UnsetCookies
X-Webkit-CSP-Report-Only
HitType
SRV
X-HITS
X-App
X-Cache-Hfrom
X-Pass-Why
X-Svr
W
X-Fpc
X-Via-SSL
Edge-Copy-Time
X-Via-Edge
X-Cache-Hm
Proxy-Firewall
X-Fastly-Country-Code
SID
X-We-Are-Hiring
X-Www-Served-By
Fastcgi-Cache-TTL
Lb
On-Server
X-Path-Route
X-Generated
CDN
BehaviorPad-Version
X-Sql-Count
Cdn
A
X-Sql-Duration-Ms
X-RAMCache
X-COUNTRY
X-CACHE-KEY
Cache-Hits
Cteonnt-Length
ServedBy
S-Rt
X-Geo-Region
Ohc-File-Size
X-TrackingId
Amp-Access-Control-Allow-Source-Origin
X-Oracle-Dms-Rid
WebServer
LB
Xet-Cookie
X-Amzn-Remapped-Date
N-Cache
Powered-By
T-Server
X-MSEdge-Features
X-Instart-Info
X-MSEdge-Flight
X-Newrelic-App-Data
X-Amzn-Remapped-Connection
X-Pjax-Url
X-S-Maxage
X-Li-Proto
X-SRV
X-ServedByHost
X-Newrelic-Synthetics
Server-Host
X-Cache-Remote
X-Origin-Response-Time
X-Datadome
X-Via-PopN
Content-Script-Type
Content-Style-Type
X-Batcache
X-TH-Server
X-Akamai-Pragma-Client-IP
X-Via-PopH
Cache-Key
WZWS-RAY
Pics-Label
Magicmarker
X-HostName
X-Served-From
X-Lb-Id
X-LiteSpeed-Tag
Tcn
Dnion-Transfer-Encoding
X-StackifyID
Odigeo-Trace-Id
X-TT-LOGID
User-Cache-Control
X-Via-PopV
X-Region-Sid
Cache-Provider
X-RateLimit-Limit
X-SB
X-Via-NSCOPI
Ohc-Cache-HIT
X-VC
X-Presslabs-Stats
X-Planisys-CDN-Cache
X-Varnish-Hits
X-Info
X-Agile-Brick-Ok
X-ID
X-Planisys-CDN-Rules
X-B3-SpanId
X-Tt-Logid
Load-Balancing
X-Planisys-CDN-TTL
Cf-Alt-Svc
X-WA
X-Erf-Bev-Bev-Is-Generated
X-Cache-Tag
X-Vgn-Hpd-Reason
X-Erf-Bev-Bev
X-Origin-CC
GEO-REGION-INFO
X-Parent-Response-Time
Inserted-Into-Cache-At
X-PJAX-URL
X-SRCache-Key
Who
AsisCache
X-DevSite-Last-Modified
X-Origin-TTL
X-Tid
X-Pf-Uncompressing
X-Yottaa-OS
Server-Ttl
X-Magnolia-Registration
X-Developer
X-Pad
Section-Origin-Responded
CountryCode
X-Selected-Host-Header
X-BACKEND-TTL
X-ElasticPress-Query
Section-Io-Origin-Time-Seconds
Source
X-Selected-Scheme
X-Selected-Name
Proxy-Connection
DSUID
Section-Io-Id
Section-Io-Origin-Status
Cache-Name
X-UA-Device-Type
X-MiniProfiler-Ids
Mime-Version
X-Dw-Trace-Id
Pragrma
X-Uri
X-C
Warning
X-Apw-Access-Action
X-Apw-Hits
X-Apw-Access-Token
X-Varnish-Beresp-TTL
X-Request-URL
X-Apw-Access-Object
Protected
PICS-Label
X-Request-URI
X-Azure-Ref-OriginShield
X-BBXSRF
X-Akamai-Request-ID
Web-Mar-Node
V-Age
Vix-Hermes-Req-Id
X-Block-Status
X-Cache-ASPX
X-Device-Os
X-Fetched-On
X-Contensis-Viewer-Groups
X-Cdn-Request-ID
X-Cache-Info
X-Cdn-Origin
Tracecode
Thinkindot-Control
Locid
MIME-Version
Kp-EeAlive
IsBot
CDCHOST
FNAC-ModuleRouting
Path
Pramga
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Sever-Int
Server-Hostname
Release
Server-Ext
X-Gen-Mode
X-Generated-In
X-Var-Ttl
X-Varnish-Authentication
X-Trace-Id
X-Thinkindot-L3
X-SVT-ORM-VERSION
X-Swa-Ws
X-Varnish-URL
X-Akamai-ERPolicy
X-Nananana
X-Proxy-Cachei7
Cneonction
X-Fastly-Cache-Hits
X-Akamai-ERRuleID
X-Compress-Hint
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-Logging-Id
X-Matched-Rule
X-Loc
X-Hnp-Log
X-GeoIP-City
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Nginx-Cache-Key
X-NodeID
X-ServiceProvider
X-SIPLIST1
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Origin-Date
X-Origin-Expires
Vha6-Origin