Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
CF-RAY
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-Xss-Protection
X-Served-By
CF-Ray
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-DNS-Prefetch-Control
P3p
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
X-CDN
Upgrade
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Template
X-Language
X-Backend
X-Cache-Group
X-Hacker
X-Amz-Request-Id
X-Server
X-Dns-Prefetch-Control
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
X-UA-Device
EagleId
X-Proxy-Cache
Request-Context
X-Turbo-Charged-By
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Grace
Host-Header
Report-To
Xkey
X-Page-Speed
X-Rq
X-Buckets
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
Cf-Railgun
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
X-Vhost
X-WebKit-CSP
X-Host
X-Backend-Server
X-Dispatcher
NEL
X-Device
X-Server-Id
X-Node
Surrogate-Control
X-Ruxit-JS-Agent
Content-Location
Accept-CH-Lifetime
Request-Id
X-Response-Time
X-Cache-Lookup
Accept-CH
X-Origin-Cache
X-Akam-SW-Version
EagleEye-TraceId
X-Ac
Cf-Bgj
X-ASPNET-VERSION
X-Readtime
Rating
X-Country
X-HW
X-Mod-Pagespeed
Allow
X-Cloud-Trace-Context
X-Application-Context
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Edge-Control
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country-Code
X-DataDome
X-Vname
X-TtlSet
X-PC
X-Cnection
X-MS-InvokeApp
X-Varnish-TTL
X-Url
X-Origin-Upstream-Status
X-Content-Type
X-GitHub-Request-Id
X-D2id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
X-Clacks-Overhead
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Component-Id
X-Trace
X-Sol
X-Middleton-Response
Display
Response
Pagespeed
X-Middleton-Display
Pinterest-Version
X-Pinterest-Rid
X-Abt-Application-Version
X-Server-Name
X-Vcap-Request-Id
X-Px
X-B3-TraceId
X-Rack-Cache
X-Navigation-Version
Verso
MS-Author-Via
Service-Worker-Allowed
X-FTR-Request-ID
X-CST
X-ESI
X-Fastly-Request-ID
X-Element-Page-Cache
X-Webkit-CSP
X-Client-IP
X-Cached
X-DynaTrace
X-FastCGI-Cache
Arr-Disable-Session-Affinity
X-Cache-TTL
X-Dw-Request-Base-Id
X-Powered-By-Plesk
X-SharePointHealthScore
X-Upstream
SPRequestGuid
Fastly-Restarts
AR-Request-ID
Content-MD5
AR-PoweredBy
AR-CACHE
X-VARITI-CCR
AR-ATIME
Ar-Sid
X-NF-Request-ID
X-Debug
X-Goog-Hash
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-Exp-Id
X-Kinja
X-Cdn-Fetch
X-Use-Magma
X-TTL
X-Version
X-Forwarded-Proto
X-T
X-MSEdge-Ref
X-Powered-CMS
Access-Control-Request-Method
X-Ttl
X-Jurisdiction
SPRequestDuration
X-Release
SPIisLatency
X-Pinterest-Direct
X-Content-Digest
S
X-Edge
X-Amz-Rid
TP-L2-Cache
TP-Cache
X-XRDS-Location
TCN
RTSS
Cache-Tag
X-Ezoic-Cdn
Public-Key-Pins
X-Node-Name
X-Yandex-Sdch-Disable
X-Request-Received
Accept-Ch
X-Request-Processing-Time
Fastcgi-Cache
X-Mid
X-MCACHE
X-NWS-LOG-UUID
Server-Node
Front-End-Https
X-Cache-Key
X-PressLabs-Stats
X-Accel-Expires
X-Amzn-Trace-Id
X-Ser
X-Recruiting
X-Kinsta-Cache
X-Mg-S
X-Microsite
X-Request-Handler-Origin-Region
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Logged-In
ServerID
X-Origin-Server
X-Cache-Hit
X-Ratelimit-Remaining
Accept-Charset
X-Amz-Server-Side-Encryption
X-Grace
X-Page-Id
X-Varnish-Age
X-HP-Webp
Host
X-B
X-DIS-Request-ID
Nginx-Cache
X-Content-Security-Policy-Report-Only
X-ECACHE
X-Shield-Request-Id
Edge-Cache-Tag
X-Server-ID
X-Mobile-URL
Alternate-Protocol
X-Hostname
MicrosoftSharePointTeamServices
X-Hits
X-Ratelimit-Limit
Realpath
X-F-Cache
X-LB-Cache
X-Content-Options
X-Git-Hash
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Realm
X-FTR-Backend
X-FTR-Cache-Status
X-Az
X-FTR-Expires
X-Activity-Id
X-AppVersion
X-Load-Cache
X-N
Cache-Tags
X-Forwarded-For
X-Seen-By
X-Type
X-Jobs
X-App-Environment
Paypal-Debug-Id
Filterid
X-FireWall-Port
X-Request-Guid
X-Varnish-Backend
X-Rid
DynaTrace
X-Cache-Age
Cleartype
X-Cached-By
X-Correlation-ID
Fastcgi-Useragent
X-Upgrade-Enabled
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Powered-By-ChinaCache
X-WebKit-CSP-Report-Only
Access-Control-Allow-Method
X-Proxy
X-Zen-Fury
X-Varnish-Grace
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Litespeed-Cache
X-Respond-Thread
X-Amz-Meta-S3cmd-Attrs
X-Daa-Tunnel
X-FB-Debug
X-Akamai-Edgescape
X-Goog-Storage-Class
X-Goog-Metageneration
X-Id
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-App-Server
DC
X-HS-Combine-CSS
X-B3-Sampled
X-Geo-Country
X-Host-Name
X-IPLB-Instance
AMP-Access-Control-Allow-Source-Origin
X-Signature
X-B-Cache
X-Cache-Operation
X-Cache-Rule
X-User-Agent
X-AOL-HN
X-Debug-Info
X-Whom
MS-CV
Healthy
X-Region
X-Response-Served-From
X-Original-Request-Id
X-Content-Powered-By
X-Accel-Buffering
X-Mobile
X-XRDS-LOCATION
Content-Disposition
X-Frontend
X-VCache
Accept-Ch-Lifetime
X-Instance
X-HTML-Minification-Powered-By
Payment
X-FW-Type
Charset
X-Distributor
X-Rule
X-FW-Static
X-UUID
X-Wix-Request-Id
X-FW-Server
X-Cacheable-TTL
X-FW-Dynamic
X-FW-Hash
X-Cache-Time
X-FW-Serve
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Liferay-Portal
Refresh
X-Is-Bot
X-Rendered-As
Filters
X-Protected-By
Surrogate-Key
Viewport
X-Acc-Debug-Context
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Ua
Datacenter
X-Endurance-Cache-Level
S-Cnection
X-Via-JSL
Akamai-Age-Ms
Nel
X-Backend-Name
NGB
Arc-Version
PB-PID
PB-RID
X-Hyper-Cache
X-Cache-Expired-At
X-Amz-Replication-Status
Countrycode
X-Ah-Environment
X-Tec-Api-Origin
X-Tec-Api-Version
X-Oneagent-Js-Injection
GEO-INFO
X-Tec-Api-Root
X-App-Version
X-Cache-Server
Section-Io-Cache
X-Varnish-Server
X-Cache-Action
Version
X-Sucuri-ID
Retry-After
X-Unique-Id
X-Source
Referer-Policy
X-EdgeConnect-Cache-Status
X-Air-Hostname
X-Azure-Ref
Eomportal-Instance
X-ProcessESI
X-L-Path
X-Environment-Context
X-Framework
X-RemovedCookies
X-PHP-Backend
X-NewRelic-App-Data
X-Proxy-Cache-Status
X-WA-Info
X-Esi
X-Real-IP
Server-Name
X-Cache-Control
X-Revision
X-Yottaa-Metrics
X-Yottaa-Optimizations
Frame-Options
Ms-Operation-Id
X-URL
X-RTag
X-RN-RSRV
X-ES-SERVER
X-Cache-Var
X-GeoIP
Meta-Geo
X-Cache-Var-Map
X-From
X-Drupal-Cache-Contexts
X-Mode
X-Cache-Host
X-ProxyCache-Key
X-Xfnlog-Site
DB-Nickname
X-BYPASS-REASON
X-Cache-TTL-Remaining
X-Time-Microsecs
X-Qloud-Router
Cache-Tv-Group
X-ProxyCache-Status
X-Sucuri-Cache
X-R9-Blue-Green-Version
X-Loop
Webcakes-App-Name
X-NYM-Debug-Backend
Ec-Rule-Version
TWC-Privacy
X-Labrador-Cache-Channel
Webcakes-Region
TWC-Locale-Group
X-TNCMS
Cross-Origin-Window-Policy
X-VWS-Id
X-LJ-Flow-ID
X-Cluster
Webcakes-App-Version
X-Origin-Hint
X-Human
Mn-Server-Ip
X-FW-Version
X-Server-W
Property-Id
TWC-Connection-Speed
X-Hosted-By
X-Status
TWC-Device-Class
X-DynaTrace-JS-Agent
X-AWS-Id
TWC-GeoIP-Country
X-OCL
TWC-GeoIP-LatLong
X-Handled-By
X-PHP-Host
X-PCL
X-Amzn-Remapped-Content-Length
X-Redis-Cache
X-Format
X-Routing-Service
X-FB-TRIP-ID
X-Proxy-Build
X-Proxied
X-Locale
X-Proto
X-Section
X-ServerID
X-Hl-Ver
X-Access
X-Zipkin-Id
X-Timing-Wait
X-Site-Version
X-Detected-As
Selected-Fe
X-Be
Uber-Trace-Id
X-Via-Fastly
X-Debug-Cache
X-No-Session
X-Drupal-Cache-Tags
Cache
X-Cache-PHP
X-Device-Type
FSS-Cache
X-ATG-Version
X-BCube-Filmed-By
X-Contextid
X-Time
X-Ratelimit-Reset
X-Generated-By
X-CDN-Forward
Powered
X-CSRF-Token
Webserver
X-Varnish-Cache-Hits
CACHE
X-NC
From-Origin
X-FTR-Cache-Host
X-Fastcgi-Cache
X-AIR-PT
X-Adobe-Content
X-Adobe-Loc
X-JoinUs
X-SaId
CF-Cached-On
X-Pinterest-Sli-Response-Type
X-Pinterest-Sli-Endpoint-Name
X-Pinterest-Sli-Latency-Threshold
X-Correlation-Id
X-NCache
Azure-InstanceId
Azure-SlotName
OT-Force-Account-Verify
Azure-Version
Azure-SiteName
Azure-RegionName
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Storage-Class
X-Origin
X-Oss-Server-Time
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-TT
X-TIME
X-Tt-Trace-Tag
X-Hp-Webp
X-Tt-Trace-Host
X-Route-Name
X-GoCache-CacheStatus
X-Varnish-Ttl
X-Flags
X-Is-Crawler
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-APP-VERSION
X-NWS-UUID-VERIFY
Upgrade-Insecure-Requests
X-Akamai-Transformed
Access-Control-Request-Headers
X-Cache-2
SD-X-WS
X-CCM
X-IP
X-Backend-Host
X-Adobe-Source
X-IPS-LoggedIn
X-TA-CDN-Provider
X-Backend-TTL
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-ECache
X-Storefront-Renderer-Rendered
X-ShardId
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Cache-Enabled
X-LAGOON
X-ApacheServer
X-Forwarded-Host
X-Cache-Grace
X-PERF
X-Soup
X-Ruxit-Js-Agent
X-Pubstack
X-Bc-Bl
Decoy-Debug-Key
X-Say-Cacheable
Decoy-Debug-TTL
X-Say-TTL
X-Web-Node
X-SayCDN-TTL
X-Cluster-Name
Decoy-Debug-Status
X-Tumblr-Pixel-3
X-Varnishpool
Fastly-SSL
X-EIG-Tracking-Id
Cache-Status
X-UPSTREAM-Address
X-EC-Lua
X-Storage
X-G
X-Cdn
Node
Country
X-Viewer-Country
X-PAYTM-SRV-ID
Meta-Geo-Continent
Mobile-Detection-Method
Host-ID
X-A
MD5-Digest
Machine
X-External-Request-Id
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Connection-Hash
Rendered-Blocks
Apple-News-Services-Request-Url
X-Destination
DCR-Processing-Time-Ms
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-D
X-ScT
X-S
X-S-Cookie
X-Aed
X-ARC
X-Transaction
X-Application
X-Cache-Backend
X-Vdms-Version
DCR-Decision-By
X-VG-WebCache
X-Trv-Group
X-VG-WebServer
X-Twitter-Response-Tags
Fastcgi-X-Cache-Version
X-PBS-Appsvrname
X-A-Dam
Apple-News-Services-Handled
X-A-Dcw
Apple-News-Services-Host
X-RCS-CacheZone
X-Processor
X-A-Ccd
X-TX-ID
X-Cache-NE
Apple-News-Services-Parsed-Url
X-A-Dgt
X-Rewrite-Enabled
X-Rojux
X-Worker
Xc-Version
X-Request-UUID
X-A-Wwc
X-B-Cookie
X-Vdms-Path
X-Cache-Config
X-CUA
X-Cache-Bucket
CDN-EdgeStorageId
CDN-CachedAt
CDN-Cache
CDN-PullZone
CDN-RequestCountryCode
CDN-Uid
CDN-RequestId
X-Auto-Login
Fastly-SIE
Is-Eu
X-Clara-WADP
X-Cms-Context
CloudFront-Viewer-Country
Adler-Geo
Fastly-SWR
Gh-Request-Id
Platform
X-Ms-Request-Id
X-Rebelmouse-Surrogate-Control
X-Varnish-Remaining-TTL
X-VG-TLSProxy
X-WADP-Cache
X-Varnish-Beresp-Status
X-Platform-Server
X-Variation
X-Micro-Cache
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-Varnish-CookieHashed-On
X-Ms-Version
X-Varnish-CookieINHashed-On
X-Fmm-Version
X-Generation-Time
X-DPWN-IS-SECURE
X-Rebelmouse-Cache-Control
X-DefHash
X-DefElseHash
X-Fastly-Cache
X-Envoy-Decorator-Operation
X-Servername
X-UA
Backend
CacheControlHeader
X-Request-Host
X-Render-Time
X-Skip-Cache
X-Backend-State
X-Thanos
C-Via
X-SN
X-Slack-Backend
X-Request-Start
Country-Code
X-Microcachable
Wxu-Next-Hostname
Wxu-Next-Region
Wxu-Next-Commit
NM-Fastcgi-Cache
Rt-Fastcgi-Cache
Origin
L
X-Page-View
X-Wikidot-Backend
X-Webstats-RespID
X-Amz-Meta-Cb-Modifiedtime
Fastly-Backend-Name
Fastly-Drupal-HTML
X-Core-Value
X-Wikidot-Static-Cache
X-Varnish-Cacheable
X-Bip
X-Is-Gdpr
X-Irp-Debug
Akamai-GRN
X-JWT-State
X-Li-Fabric
X-LI-UUID
X-Li-Pop
X-Hash
X-Has-Esi
X-Core-Mission
X-Developers
X-Dispatcher-Server
X-Esi-Check
X-Gzip
X-Fastly-Backend
X-Method
X-HS-Content-Campaign-Id
X-Platform
X-Owner
X-Cache-Id
X-Policy
AKAMAI
X-Minions-Version
X-OVcl-Cache
X-Cache-NGX
X-Clientip
X-OVcl
X-Old-Content-Length
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-Session-Fingerprint
X-Location
X-Content-Age
X-VarnishDD-TTL
X-Date
X-Csrf-Jwt
X-Cache-Debug
Surrogated-Key
X-Reqid
X-Gamma-Serve
PFcat
X-Accel-Expires-Debug
X-CGP
X-Mvc-Supplant-Cachable
X-Branch-Name
X-Cache-Date
X-Eu-Site
X-HN
X-Geo-Header
X-Generated-On
X-Level-Front-Cache
X-Cache-Tags
HA-Ipaddr
L5d-Success-Class
Ha-Gx-Prefs
X-COUNTRY
X-NGENIX-Cache
Pagetype
FSS-Proxy
X-CS
X-Edge-Location
X-B3-Spanid
X-Up
UCS
X-Req
Time
X-GEO
Ufe-Result
X-Refresh
X-Cdn-Srv
X-Cache-URL
Now
Group
Mail-Subject
Memcached
We-Hiring
X-LB-ID
X-Wa
X-NODE
X-DC
X-Proxy-Upstream
X-Via-Poph
X-PF-Uncompressing
SRV
X-Via-Popn
X-Via-CDN
X-LLID
X-Aicache-OS
X-B3-Traceid
X-RateLimit-Remaining
X-Mvc-Supplant-OutputCached
X-Dc
Hostname
X-Agile-Id
X-ZONE
X-Debug-Cache-Fetch
X-Debug-Cache-Store
HostName
X-Agile
X-Agile-Age
X-BC
NGX
X-Datadome
X-Ftr-Cache-Host
X-Servedbyhost
X-Ua-Device
X-Sql-Count
X-LI-Proto
X-Sql-Duration-Ms
X-FORWARDED-FOR
X-CACHE-AGE
X-Varnish-Hostname
X-SRV
X-Cache-Remote
M-TraceId
X-FPC
X-Nginx-Cache
X-ID
X-NU-AKA-ACS-Version
X-SERVER
Xserver
X-Check-Cacheable
X-Presslabs-Stats
X-Request-Time
X-Www-Served-By
X-Via-SSL
X-SERVER-NAME
X-Via-Edge
Edge-Copy-Time
X-LiteSpeed-Cache-Control
Arc-Country
X-Cdn-Forward
X-Cs
Srv
X-S-Maxage
Cache-Hits
On-Server
Geoip-Latitude
X-Svr
X-CF-Powered-By
WebServer
X-VCL-Version
XServer
X-Bc
X-Zone
GeoIp-Country-Code
X-APP
VivaBuild
Cdn-Host
ServedBy
X-Cluster-Node
Cdn-Request-Time
X-Edge-Server
Viewtype
X-NGINX-Cache
SID
X-UnsetCookies
X-CSRF-TOKEN
X-MP-GENERATED-AT
X-RunCloud-Cache
X-HS-Status
NtCoent-Length
X-Action
X-Dynatrace-Js-Agent
X-Via-Popv
X-Via-Ucdn
X-RPS
X-DSS
X-DW
X-RSL
WWW-Authenticate
X-Srv
X-DB
Memory
X-DI
X-Erf-Stays-Bingo-Pdp-Web
X-RPM
T-Server
X-Oss-Cdn-Auth
X-Pass-Why
Ohc-File-Size
ProcessTime
Processtime
X-We-Are-Hiring
X-Vgn-Hpd-Ssi
Apigw-Requestid
Protected
User-Agent
X-MSEdge-Flight
Sid
N-Cache
Server-Host
X-Instart-Request-ID
W
X-MSEdge-Features
LB
X-Varnish-Hits
X-Geo
X-CACHE-KEY
Server-Info
X-SB
Magicmarker
Pics-Label
CF-IPCountry
X-VC
WZWS-RAY
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Acc-Rdl
X-Uri
X-Vcache
X-HOST
X-Hit
X-Cache-Spec
X-Akamai-Request-ID2
CDN
GeoIP-Country-Code
X-Tb
S-Rt
X-Vcl-Version
GeoIP-Latitude
X-Info
Ohc-Cache-HIT
X-Dynatrace
X-ORACLE-APMCS-REQUEST-ID
X-HITS
Actual-Object-TTL
X-Pjax-Url
X-Epic-Correlation-Id
X-Envoy-Upstream-Healthchecked-Cluster
Geo-Info
X-Unique-ID
Cteonnt-Length
X-Cache-Hfrom
Amp-Access-Control-Allow-Source-Origin
X-Newrelic-App-Data
X-Cache-Hm
X-TT-LOGID
X-Webkit-CSP-Report-Only
User-Cache-Control
A
X-Fastly-Country-Code
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Io-Id
Odigeo-Trace-Id
Tracecode
DSUID
Accept-Language
Section-Origin-Responded
Cache-Name
X-UA-Device-Type
Ssr
Esi-Enabled
X-Fpc
Lb
Cdn
X-FC-Vary-Parameters
X-Mobile-Rewrite
X-Newrelic-Synthetics
X-Provided-By
X-Origin-Date
X-Key
X-Li-Proto
X-Via-NSCOPI
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
Lfy
X-Nc
X-Magnolia-Registration
X-ServedByHost
X-Cache-Tag
Vix-Hermes-Req-Id
Instruction
True-Client-Country-4JS
Thinkindot-Control
SR-User-Adfree
X-Server-IP
X-SD-PageType
Thinkindot-CacheControl
V-Age
Thinkindot-CacheControl-Type
FNAC-ModuleRouting
D-Cc-Upstream
X-Origin-TTL
Path
Locid
X-Cc-Req-Id
X-Scheme
X-Men
X-Cc-Via
Release
X-Request-URI
Server-Hostname
Sever-Int
X-VServer
Server-Ext
X-Origin-Time
X-Response-By
X-Origin-Expires
CDCHOST
X-User
X-Cache-Info
X-SVT-ORM-RULES
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hnp-Log
X-GeoIP-City
X-Origin-CC
X-SRCache-Key
Web-Mar-Node
X-StackifyID
X-SVT-ORM-VERSION
X-Nginx-Cache-Key
X-Node-Id
X-Nyt-Route
X-Matched-Rule
X-Varnish-Authentication
X-Loc
X-Thinkindot-L3
X-Gdpr
X-Gen-Mode
X-Varnish-Url
X-BBXSRF
X-Contensis-Viewer-Groups
X-BBC-Edge-Cache-Status
IsBot
X-SIPLIST1
X-Cache-ASPX
X-API-Version
X-Cache-Expires
X-Block-Status
X-Developer
CountryCode
X-Azure-Ref-OriginShield
X-NodeID
Kp-EeAlive
X-Cdn-Origin
X-Generated-In
Server-ID
X-Device-Os
Pramga
MIME-Version
X-Fetched-On
X-Geo-Region
X-Dispatch
Origin-Cache-Control
Cache-Host
Proxy-Firewall
Server-Ttl
X-Sigma
Cache-Key
X-Akamai-Pragma-Client-IP
X-Traceid
X-Var-Ttl
X-Trace-Id
X-Swa-Ws
X-Sigma-Backend
X-Sn-Servicetimems
X-Served-From
Origin-Edge-Control
X-Instart-Info
X-Rocket-Build-Number
X-TH-Server
Cache-Provider
X-Via-PopN
X-Lb-Id
X-B3-SpanId
X-Parent-Response-Time
X-Via-PopH
X-Via-PopV
Powered-By
X-RAMCache
X-WA
X-No-Cache
Fastcgi-Cache-TTL
X-Batcache
X-RateLimit-Limit-Second
HitType
X-VC-Cache
X-Tt-Logid
Cf-Device-Type
X-ElasticPress-Query
Source
X-Agile-Brick-Ok
X-LiteSpeed-Tag
X-ServiceProvider
X-RateLimit-Remaining-Second
Tcn
Req-Svc-Chain
X-Yottaa-OS
X-RateLimit-Limit
X-Pf-Uncompressing
X-MiniProfiler-Ids
Mime-Version
X-HostName
BehaviorPad-Version
X-Generated
X-TrackingId
Xet-Cookie
X-PJAX-URL
Cf-Alt-Svc
X-Apw-Hits
X-Apw-Access-Token
Who
X-Varnish-Beresp-TTL
X-Request-URL
X-Apw-Access-Object
X-Apw-Access-Action
PICS-Label
X-Selected-Host-Header
X-Selected-Scheme
X-Selected-Name
X-TraceId
X-Origin-Response-Time
X-Miniprofiler-Ids
X-BBC-Origin-Response-Status
Server-Id
X-Fastly-Backend-Reqs
Expiry
X-B3-Parentspanid
Vha6-Origin
X-C
Inserted-Into-Cache-At
Pragrma
X-Vgn-Hpd-Reason
X-Dw-Trace-Id
Resin-Trace
Dnion-Transfer-Encoding
X-Snapshot-Date