Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
Age
CF-RAY
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-Served-By
CF-Ray
X-Xss-Protection
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Request-ID
X-Generator
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
P3p
X-Iinfo
X-DNS-Prefetch-Control
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
Upgrade
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Template
X-Dns-Prefetch-Control
Keep-Alive
X-Language
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Backend
X-Cache-Group
X-Hacker
X-Server
X-Amz-Request-Id
X-Robots-Tag
X-Amz-Id-2
X-UA-Device
EagleId
X-AH-Environment
X-Proxy-Cache
Request-Context
X-Turbo-Charged-By
X-Server-Powered-By
X-Buckets
Server-Timing
Host-Header
X-Nginx-Cache-Status
Grace
Report-To
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Cf-Bgj
X-Vhost
X-Amz-Version-Id
X-Host
X-WebKit-CSP
X-Dispatcher
X-Device
X-Backend-Server
NEL
X-Node
X-Ruxit-JS-Agent
Surrogate-Control
X-Cache-Lookup
Content-Location
X-Response-Time
X-Server-Id
Request-Id
X-Origin-Cache
X-Akam-SW-Version
X-ASPNET-VERSION
X-Ac
EagleEye-TraceId
Accept-CH-Lifetime
X-Country
X-HW
X-Mod-Pagespeed
Rating
X-Readtime
Accept-CH
X-Cloud-Trace-Context
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Application-Context
Pinterest-Generated-By
Edge-Control
X-Country-Code
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Vname
X-TtlSet
X-PC
X-DataDome
Allow
X-Varnish-TTL
X-Url
X-Cnection
X-Origin-Upstream-Status
X-MS-InvokeApp
X-GitHub-Request-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Source
Fusion-Content-Source
X-Content-Type
X-D2id
X-Clacks-Overhead
X-Server-Name
X-Trace
X-ESI
X-Abt-Application-Version
X-Sol
Display
X-Middleton-Display
X-Middleton-Response
Response
Pagespeed
X-Pinterest-Rid
Pinterest-Version
X-Vcap-Request-Id
X-Navigation-Version
X-Px
X-B3-TraceId
X-FTR-Request-ID
X-Rack-Cache
Verso
X-Webkit-CSP
X-DynaTrace
X-Cached
Accept-Ch
X-Element-Page-Cache
X-Fastly-Request-ID
Service-Worker-Allowed
MS-Author-Via
X-Client-IP
Arr-Disable-Session-Affinity
X-Cache-TTL
X-Dw-Request-Base-Id
X-Powered-By-Plesk
X-Upstream
Content-MD5
X-Version
AR-Request-ID
X-TTL
AR-PoweredBy
AR-CACHE
AR-ATIME
X-SharePointHealthScore
Ar-Sid
SPRequestGuid
Fastly-Restarts
X-Forwarded-Proto
X-NF-Request-ID
X-Debug
X-VARITI-CCR
X-T
X-FastCGI-Cache
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Server
X-Use-Magma
X-Exp-Variant
X-Kinja-Revision
X-Cdn-Fetch
X-Exp-Id
X-Goog-Hash
X-CST
X-Jurisdiction
Access-Control-Request-Method
X-Powered-CMS
X-XRDS-Location
TP-Cache
TP-L2-Cache
X-MSEdge-Ref
X-Content-Digest
X-Release
X-Ttl
X-Edge
S
SPRequestDuration
SPIisLatency
TCN
X-NWS-LOG-UUID
X-Amz-Rid
X-Server-ID
RTSS
Cache-Tag
X-Pinterest-Direct
X-Ezoic-Cdn
Public-Key-Pins
X-Node-Name
Fastcgi-Cache
Accept-Ch-Lifetime
X-Request-Processing-Time
X-Request-Received
X-PressLabs-Stats
X-Yandex-Sdch-Disable
X-Mid
X-MCACHE
Server-Node
X-Cache-Key
X-Accel-Expires
Front-End-Https
X-Amzn-Trace-Id
X-Logged-In
X-Cache-Hit
X-Ser
X-Ratelimit-Remaining
ServerID
X-Request-Handler-Origin-Region
X-Microsite
X-Kinsta-Cache
X-Recruiting
X-Origin-Server
X-Page-Id
Accept-Charset
X-SRCache-Store-Status
X-SRCache-Fetch-Status
MRF-Tech
Host
Mrf-Cache-Status
X-B3-TraceId-Primal
Alternate-Protocol
X-B
X-Mg-S
X-Varnish-Age
X-Content-Security-Policy-Report-Only
Filterid
X-Mobile-URL
X-Ratelimit-Limit
X-Shield-Request-Id
X-ECACHE
X-Hostname
Nginx-Cache
X-Grace
X-DIS-Request-ID
X-FireWall-Port
Edge-Cache-Tag
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Expires
X-Content-Options
X-Amz-Server-Side-Encryption
X-Seen-By
X-Load-Cache
X-Forwarded-For
Realpath
X-LB-Cache
X-HP-Webp
X-Jobs
X-Hits
X-Git-Hash
X-F-Cache
X-App-Environment
X-N
X-Activity-Id
X-Az
X-AppVersion
X-Type
X-Request-Guid
X-Varnish-Grace
X-Varnish-Backend
X-Daa-Tunnel
MicrosoftSharePointTeamServices
Paypal-Debug-Id
Fastcgi-Useragent
X-Rid
X-Zen-Fury
DynaTrace
X-Proxy
X-WebKit-CSP-Report-Only
Cache-Tags
Cleartype
X-Upgrade-Enabled
Access-Control-Allow-Method
X-Id
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Cached-By
X-FB-Debug
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-App-Server
X-Akamai-Edgescape
X-Correlation-ID
X-Cache-Age
Content-Disposition
X-Geo-Country
DC
Powered-By-ChinaCache
X-Amz-Meta-S3cmd-Attrs
X-Content-Powered-By
X-Cache-Operation
X-Cache-Rule
X-Host-Name
X-User-Agent
X-HS-Content-Id
X-HS-Cache-Config
X-Respond-Thread
X-HS-Hub-Id
X-Goog-Stored-Content-Length
X-HS-Combine-CSS
X-IPLB-Instance
X-GUploader-UploadID
X-Wix-Request-Id
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Response-Served-From
X-Original-Request-Id
X-Accel-Buffering
X-B3-Sampled
X-HTML-Minification-Powered-By
X-B-Cache
Akamai-Age-Ms
X-Signature
Healthy
X-AOL-HN
AMP-Access-Control-Allow-Source-Origin
X-Whom
X-Debug-Info
MS-CV
NGB
Payment
X-Is-Bot
X-Region
X-Rendered-As
X-Cacheable-TTL
X-Cache-Time
Datacenter
X-FW-Dynamic
X-UUID
X-Endurance-Cache-Level
X-Distributor
X-FW-Hash
X-FW-Serve
X-Rule
X-FW-Static
X-FW-Server
X-VCache
X-FW-Type
X-Frontend
X-Instance
Refresh
X-Mobile
X-Tumblr-User
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Countrycode
X-App-Version
X-Ua
X-XRDS-LOCATION
Nel
Surrogate-Key
X-Via-JSL
X-Ah-Environment
S-Cnection
PB-RID
X-Tec-Api-Version
X-Tec-Api-Root
X-Oneagent-Js-Injection
X-Protected-By
X-Acc-Debug-Context
PB-PID
X-Varnish-Server
Arc-Version
X-Tec-Api-Origin
Liferay-Portal
X-Backend-Name
Viewport
X-Hyper-Cache
Filters
X-PHP-Backend
X-Cache-Expired-At
Charset
X-Cache-Server
X-Azure-Ref
X-Fastcgi-Cache
X-Litespeed-Cache
X-NewRelic-App-Data
Referer-Policy
Retry-After
X-Proxy-Cache-Status
Section-Io-Cache
X-WA-Info
Powered
X-Cache-Action
X-Sucuri-ID
X-Amz-Replication-Status
X-Cache-Control
X-Source
X-EdgeConnect-Cache-Status
X-DynaTrace-JS-Agent
GEO-INFO
X-GeoIP
Version
Eomportal-Instance
Meta-Geo
X-Framework
X-L-Path
X-RN-RSRV
X-ProcessESI
X-Environment-Context
X-Real-IP
X-Cache-Var-Map
X-FB-TRIP-ID
X-ES-SERVER
X-Cache-Var
X-Hp-Webp
X-RemovedCookies
X-Mode
X-From
X-Qloud-Router
Uber-Trace-Id
X-Debug-Cache
X-Revision
X-R9-Blue-Green-Version
X-Yottaa-Metrics
X-Yottaa-Optimizations
Mn-Server-Ip
X-Human
X-VWS-Id
X-Xfnlog-Site
Ms-Operation-Id
Frame-Options
X-RTag
X-ProxyCache-Key
X-ProxyCache-Status
X-Server-W
X-Time-Microsecs
X-Air-Hostname
X-LJ-Flow-ID
X-Unique-Id
X-Cache-TTL-Remaining
X-Cache-Host
X-Time
X-Device-Type
X-BYPASS-REASON
X-AWS-Id
Ec-Rule-Version
DB-Nickname
Cache-Tv-Group
Cross-Origin-Window-Policy
X-FW-Version
X-Hosted-By
X-Labrador-Cache-Channel
Property-Id
X-Handled-By
X-Proxy-Build
Cache
X-Timing-Wait
X-Loop
X-PCL
X-PHP-Host
X-Origin-Hint
X-OCL
X-TNCMS
FSS-Cache
X-Cluster
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Connection-Speed
Selected-Fe
X-CSRF-Token
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Version
Webcakes-App-Name
Webcakes-Region
X-Redis-Cache
X-Zipkin-Id
X-Routing-Service
X-Ratelimit-Reset
X-SaId
X-Site-Version
X-Hl-Ver
X-Detected-As
X-Status
X-Amzn-Remapped-Content-Length
X-Generated-By
X-JoinUs
X-NYM-Debug-Backend
X-Locale
X-Proxied
X-BCube-Filmed-By
X-Format
X-ServerID
X-Section
X-Proto
X-Access
X-Via-Fastly
X-Be
Server-Name
X-Drupal-Cache-Contexts
X-Cache-PHP
X-ATG-Version
X-Sucuri-Cache
X-Correlation-Id
X-No-Session
From-Origin
X-FTR-Cache-Host
X-Varnish-Cache-Hits
X-Drupal-Cache-Tags
X-Contextid
X-URL
Webserver
X-CDN-Forward
X-NWS-UUID-VERIFY
X-NCache
X-Origin
CF-Cached-On
OT-Force-Account-Verify
X-AIR-PT
X-EIG-Tracking-Id
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Adobe-Loc
X-Adobe-Content
X-Oss-Storage-Class
X-Oss-Request-Id
X-GoCache-CacheStatus
X-TA-CDN-Provider
X-NC
X-Bc-Bl
X-IPS-LoggedIn
X-Cache-Enabled
X-TIME
X-Tt-Trace-Host
Azure-Version
Azure-SiteName
Azure-SlotName
Azure-InstanceId
X-Tt-Trace-Tag
Azure-RegionName
X-Esi
X-IP
X-Akamai-Transformed
X-TT
CACHE
X-ECache
VIX-Pulpo-Upstream-Status
X-Backend-Host
VIX-Pulpo-Node
X-UA
X-Ruxit-Js-Agent
X-EC-Lua
X-Cdn
SD-X-WS
X-Cache-2
X-Vgn-Hpd-Variations-Key
Access-Control-Request-Headers
X-Vgn-Hpd-Cached
X-CCM
X-Adobe-Source
X-Cache-Backend
X-Tumblr-Pixel-3
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-Alternate-Cache-Key
X-APP-VERSION
X-Storefront-Renderer-Rendered
X-Soup
X-Sorting-Hat-ShopId
X-ShardId
X-Viewer-Country
Node
X-Backend-TTL
Apple-News-Services-Request-Url
Apple-News-Services-Handled
X-Vdms-Version
Apple-News-Services-Host
X-B-Cookie
X-CF-Lambda-Fn
X-Varnishpool
Apple-News-Services-Parsed-Url
X-Vdms-Path
X-Cache-NE
X-PERF
X-Trv-Group
X-ApacheServer
X-External-Request-Id
X-Connection-Hash
X-Destination
X-D
X-Date
X-Cache-Grace
X-Vtex-Processado-Em
X-Forwarded-Host
X-CF-Lambda-Version
X-Pubstack
X-G
X-VG-WebCache
X-VG-WebServer
X-Vtex-Remote-Cache
Rendered-Blocks
X-ARC
X-Accel-Expires-Debug
X-Twitter-Response-Tags
X-RCS-CacheZone
X-Request-UUID
X-Processor
X-PBS-Appsvrname
X-Rewrite-Enabled
X-Aed
X-A-Wwc
X-A-Dgt
X-Up
Machine
Mobile-Detection-Method
X-A-Ccd
Host-ID
X-A-Dcw
X-A-Dam
X-A
Xc-Version
MD5-Digest
X-Transaction
X-S
Surrogated-Key
X-S-Cookie
X-ScT
X-NGENIX-Cache
X-Application
X-Worker
X-PAYTM-SRV-ID
Meta-Geo-Continent
X-Rojux
Fastcgi-X-Cache-Version
Upgrade-Insecure-Requests
DCR-Decision-By
DCR-Processing-Time-Ms
X-Cluster-Name
X-Cache-Config
X-Storage
Cache-Status
X-Say-Cacheable
Time
Decoy-Debug-TTL
X-Web-Node
Decoy-Debug-Status
X-Say-TTL
X-SayCDN-TTL
Decoy-Debug-Key
Fastly-SSL
We-Hiring
X-Clara-WADP
Wxu-Next-Commit
NM-Fastcgi-Cache
Ufe-Result
Platform
Is-Eu
CDN-CachedAt
CDN-Cache
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestId
CDN-RequestCountryCode
CDN-Uid
CloudFront-Viewer-Country
Wxu-Next-Region
Mail-Subject
Fastly-SWR
Fastly-SIE
X-Cache-Bucket
Adler-Geo
Wxu-Next-Hostname
X-Edge-Location
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Generation-Time
X-Hash
X-Minions-Version
X-Webstats-RespID
X-Varnish-Ttl
X-Micro-Cache
X-Ms-Version
X-Ms-Request-Id
X-Variation
X-WADP-Cache
X-OVcl-Cache
X-VG-TLSProxy
X-OVcl
X-Fmm-Version
X-Req
X-Envoy-Decorator-Operation
X-CUA
X-DPWN-IS-SECURE
X-SN
X-Dispatcher-Server
X-Fastly-Cache
X-Servername
X-LAGOON
X-Route-Name
Now
X-Providence-Cookie
X-TX-ID
X-Flags
X-Aspnet-Duration-Ms
Backend
X-Is-Crawler
Country-Code
X-Thanos
X-Varnish-Cacheable
X-Old-Content-Length
X-Owner
Rt-Fastcgi-Cache
X-Auto-Login
X-Policy
X-Wikidot-Static-Cache
X-Render-Time
L
X-Platform-Server
X-Request-Start
X-Request-Host
X-Skip-Cache
Group
Fastly-Drupal-HTML
X-Platform
Memcached
X-Wikidot-Backend
X-Slack-Backend
Gh-Request-Id
Origin
X-Method
X-Cache-URL
X-Cdn-Srv
X-Li-Fabric
X-Li-Pop
X-Gzip
X-Clientip
X-Esi-Check
X-HS-Content-Campaign-Id
X-Fastly-Backend
X-Irp-Debug
X-Microcachable
X-Cache-NGX
X-Cms-Context
X-Bip
X-Backend-State
C-Via
CacheControlHeader
Country
X-Core-Value
X-Cache-Id
Akamai-GRN
X-Core-Mission
X-LI-UUID
X-UPSTREAM-Address
X-CACHE-AGE
X-Generated-On
X-Developers
X-Gamma-Serve
X-Eu-Site
X-Csrf-Jwt
X-Content-Age
X-CGP
X-JWT-State
X-Amz-Meta-Cb-Modifiedtime
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Cache-Date
X-Mvc-Supplant-Cachable
X-VarnishDD-TTL
X-Proxy-Upstream
X-DefHash
X-Reqid
X-HN
X-DefElseHash
X-Varnish-Remaining-TTL
X-Level-Front-Cache
X-Is-Gdpr
X-Has-Esi
X-Cache-Tags
PFcat
Fastly-Backend-Name
Ha-Gx-Prefs
HA-Ipaddr
L5d-Success-Class
AKAMAI
FSS-Proxy
X-CS
X-Location
X-Branch-Name
X-Geo-Header
X-Aicache-OS
X-Wa
Pagetype
UCS
X-NODE
X-Agile
X-Agile-Id
X-Session-Fingerprint
X-Agile-Age
X-LB-ID
X-Cache-Debug
X-Refresh
X-DC
X-BC
X-ZONE
HostName
X-PF-Uncompressing
X-RateLimit-Remaining
X-Via-Popn
X-Via-Poph
X-Debug-Cache-Fetch
M-TraceId
X-Page-View
X-Debug-Cache-Store
X-Datadome
X-Ftr-Cache-Host
X-Mvc-Supplant-OutputCached
X-B3-Spanid
X-LI-Proto
X-Servedbyhost
NGX
X-Ua-Device
X-GEO
X-Dc
SRV
Arc-Country
X-Instart-Request-ID
X-Nginx-Cache
X-Pinterest-Sli-Latency-Threshold
X-Cdn-Forward
X-Pinterest-Sli-Endpoint-Name
X-Pinterest-Sli-Response-Type
X-SERVER
Viewtype
X-Request-Time
X-Edge-Server
Cdn-Request-Time
Cdn-Host
Hostname
VivaBuild
X-COUNTRY
Xserver
X-Via-CDN
X-Bc
X-RunCloud-Cache
X-Check-Cacheable
X-Varnish-Hostname
X-Zone
X-Via-Ucdn
Srv
X-NU-AKA-ACS-Version
X-VCL-Version
X-Action
X-FPC
X-APP
Memory
WebServer
X-HS-Status
X-Sql-Count
X-Sql-Duration-Ms
X-FORWARDED-FOR
X-UnsetCookies
X-RSL
X-RPS
X-DB
WWW-Authenticate
X-Vgn-Hpd-Ssi
X-B3-Traceid
X-DI
X-DSS
X-DW
X-RPM
X-Cs
X-Cluster-Node
X-NGINX-Cache
X-CSRF-TOKEN
X-Srv
X-Presslabs-Stats
X-Via-SSL
Geoip-Latitude
XServer
Edge-Copy-Time
X-ORACLE-APMCS-REQUEST-ID
X-Oss-Cdn-Auth
X-Via-Edge
X-SRV
X-CF-Powered-By
GeoIp-Country-Code
Actual-Object-TTL
X-Via-Popv
X-LiteSpeed-Cache-Control
SID
X-Geo
X-Vcache
X-Www-Served-By
ProcessTime
X-Dynatrace-Js-Agent
X-Svr
X-MP-GENERATED-AT
X-We-Are-Hiring
On-Server
X-Cache-Remote
X-Hit
ServedBy
Geo-Info
User-Agent
NtCoent-Length
X-Unique-ID
Cache-Hits
Apigw-Requestid
GeoIP-Latitude
X-S-Maxage
W
X-Akamai-Request-ID2
GeoIP-Country-Code
Processtime
Sid
X-SERVER-NAME
Amp-Access-Control-Allow-Source-Origin
LB
X-LLID
Server-Info
X-Epic-Correlation-Id
T-Server
X-ID
Ohc-File-Size
X-Pass-Why
X-HOST
N-Cache
X-Envoy-Upstream-Healthchecked-Cluster
X-MSEdge-Flight
X-MSEdge-Features
X-FC-Vary-Parameters
X-HITS
Accept-Language
S-Rt
Server-Host
Pics-Label
X-Pjax-Url
X-Vcl-Version
CF-IPCountry
X-Cache-Hm
Cdn
X-Cache-Hfrom
X-Mobile-Rewrite
X-Fpc
X-Tb
X-Webkit-CSP-Report-Only
X-Varnish-Hits
X-Nc
X-VC
Cteonnt-Length
CDN
X-SB
Magicmarker
X-Key
Lb
X-Fastly-Country-Code
A
WZWS-RAY
Esi-Enabled
X-CACHE-KEY
Protected
Origin-Cache-Control
Origin-Edge-Control
X-Info
X-Newrelic-App-Data
Ohc-Cache-HIT
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Via-NSCOPI
X-Dispatch
X-Uri
X-Instart-Info
Proxy-Firewall
Powered-By
X-Newrelic-Synthetics
X-ServedByHost
X-StackifyID
X-Geo-Region
User-Cache-Control
X-Erf-Bev-Bev
X-Erf-Stays-Bingo-Pdp-Web
X-TT-LOGID
X-Erf-Bev-Bev-Is-Generated
X-Li-Proto
X-B3-SpanId
X-Dynatrace
Tracecode
X-Akamai-Pragma-Client-IP
Cache-Key
X-RAMCache
X-Served-From
Server-Ttl
X-TH-Server
HitType
Ssr
DSUID
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-UA-Device-Type
X-Provided-By
Section-Origin-Responded
X-Cache-Tag
Odigeo-Trace-Id
X-Acc-Rdl
Section-Io-Id
Cache-Provider
X-Magnolia-Registration
Lfy
X-Generated
Fastcgi-Cache-TTL
Cache-Name
X-Cc-Via
X-Lb-Id
X-Via-PopV
X-Via-PopN
X-Via-PopH
BehaviorPad-Version
X-TrackingId
D-Cc-Upstream
X-Cc-Req-Id
X-Device-Os
X-Developer
X-Fetched-On
X-GeoIP-City
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Gen-Mode
X-Gdpr
X-VServer
X-ElasticPress-Query
X-Cache-Info
Thinkindot-Control
True-Client-Country-4JS
V-Age
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Sever-Int
SR-User-Adfree
Vix-Hermes-Req-Id
Web-Mar-Node
X-Cache-ASPX
X-Cache-Expires
X-Hnp-Log
X-Block-Status
X-BBXSRF
X-API-Version
X-BBC-Edge-Cache-Status
X-Contensis-Viewer-Groups
X-User
X-SVT-ORM-VERSION
Server-ID
X-SVT-ORM-RULES
X-Request-URI
X-RateLimit-Remaining-Second
X-Origin-TTL
X-RateLimit-Limit-Second
X-SRCache-Key
X-Response-By
X-Sigma
X-Server-IP
X-SD-PageType
X-Sigma-Backend
X-Rocket-Build-Number
X-SIPLIST1
X-Origin-Time
X-Origin-Expires
X-ServiceProvider
X-Matched-Rule
X-Loc
X-Var-Ttl
X-Varnish-Url
X-Varnish-Authentication
X-Nginx-Cache-Key
X-Traceid
X-Thinkindot-L3
X-Swa-Ws
X-Origin-Date
X-Origin-CC
X-Node-Id
X-Nyt-Route
X-VC-Cache
X-Tt-Logid
X-App
X-Cache-Spec
X-Scheme
Cache-Host
CDCHOST
X-No-Cache
X-Batcache
Server-Hostname
X-Agile-Brick-Ok
X-WA
Xet-Cookie
FNAC-ModuleRouting
X-Men
Instruction
Server-Ext
Path
Release
Pramga
Locid
MIME-Version
X-LiteSpeed-Tag
IsBot
Kp-EeAlive
Tcn
X-Parent-Response-Time
X-RateLimit-Limit
X-Planisys-CDN-TTL
X-HostName
X-Planisys-CDN-Rules
Inserted-Into-Cache-At
X-Trace-Id
X-Planisys-CDN-Cache
X-Pf-Uncompressing
Cf-Alt-Svc
Dnion-Transfer-Encoding
X-Sn-Servicetimems
X-Yottaa-OS
X-NodeID
X-Azure-Ref-OriginShield
X-Cdn-Origin
X-Varnish-Beresp-TTL
Who
X-PJAX-URL
X-Generated-In
X-Path-Route
X-Selected-Host-Header
X-Selected-Name
X-Selected-Scheme
CountryCode
Source
X-Request-URL
Vha6-Origin
Resin-Trace
X-BBC-Origin-Response-Status
Req-Svc-Chain
X-Proxy-Cachei7
X-Snapshot-Date
X-Apw-Access-Object
X-MiniProfiler-Ids
Mime-Version
X-C
PICS-Label
X-Vgn-Hpd-Reason
X-Apw-Access-Action
X-Apw-Access-Token
X-Dw-Trace-Id
Pragrma
X-Apw-Hits