Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
CF-RAY
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-Xss-Protection
X-Served-By
CF-Ray
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-DNS-Prefetch-Control
P3p
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
X-CDN
Upgrade
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Template
X-Language
X-Backend
X-Cache-Group
X-Hacker
X-Amz-Request-Id
X-Server
X-Dns-Prefetch-Control
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
X-UA-Device
EagleId
X-Proxy-Cache
Request-Context
X-Turbo-Charged-By
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Grace
Host-Header
Report-To
Xkey
X-Page-Speed
X-Rq
X-Buckets
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
Cf-Railgun
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
X-Vhost
X-WebKit-CSP
X-Host
X-Backend-Server
X-Dispatcher
NEL
X-Device
X-Server-Id
X-Node
Surrogate-Control
X-Ruxit-JS-Agent
Content-Location
Accept-CH-Lifetime
Request-Id
X-Response-Time
X-Cache-Lookup
Accept-CH
X-Origin-Cache
X-Akam-SW-Version
EagleEye-TraceId
X-Ac
Cf-Bgj
X-ASPNET-VERSION
X-Readtime
Rating
X-Country
X-HW
X-Mod-Pagespeed
Allow
X-Cloud-Trace-Context
X-Application-Context
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Edge-Control
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country-Code
X-DataDome
X-Vname
X-TtlSet
X-PC
X-Cnection
X-Varnish-TTL
X-MS-InvokeApp
X-Url
X-Origin-Upstream-Status
X-Content-Type
X-GitHub-Request-Id
X-Clacks-Overhead
Fusion-Template-Id
Fusion-Source
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
X-D2id
X-Trace
Pagespeed
Display
Response
X-Middleton-Display
X-Sol
X-Middleton-Response
Pinterest-Version
X-Pinterest-Rid
X-Abt-Application-Version
X-Server-Name
X-Vcap-Request-Id
X-Px
X-B3-TraceId
X-Rack-Cache
X-Navigation-Version
MS-Author-Via
Verso
Service-Worker-Allowed
X-CST
X-FTR-Request-ID
X-ESI
X-Fastly-Request-ID
X-Webkit-CSP
X-Element-Page-Cache
X-Cached
X-Client-IP
X-FastCGI-Cache
X-DynaTrace
Arr-Disable-Session-Affinity
X-Cache-TTL
X-TTL
X-Dw-Request-Base-Id
X-Powered-By-Plesk
X-Upstream
X-SharePointHealthScore
SPRequestGuid
Fastly-Restarts
AR-ATIME
AR-PoweredBy
Content-MD5
AR-CACHE
AR-Request-ID
X-VARITI-CCR
Ar-Sid
X-NF-Request-ID
X-Debug
X-Goog-Hash
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-Use-Magma
X-Kinja
X-Version
X-Forwarded-Proto
X-T
X-MSEdge-Ref
X-Powered-CMS
Access-Control-Request-Method
X-Jurisdiction
X-Release
SPRequestDuration
SPIisLatency
X-Pinterest-Direct
S
X-Content-Digest
X-Amz-Rid
X-Edge
TP-L2-Cache
TP-Cache
X-XRDS-Location
TCN
X-Ttl
RTSS
Cache-Tag
X-Ezoic-Cdn
Public-Key-Pins
X-Node-Name
X-Yandex-Sdch-Disable
X-Cache-Key
Accept-Ch
X-Request-Received
Fastcgi-Cache
X-Request-Processing-Time
X-MCACHE
X-Mid
X-NWS-LOG-UUID
Server-Node
Front-End-Https
X-PressLabs-Stats
X-Accel-Expires
X-Amzn-Trace-Id
X-Ser
X-Recruiting
X-Kinsta-Cache
X-Mg-S
X-Microsite
X-Request-Handler-Origin-Region
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-SRCache-Fetch-Status
X-SRCache-Store-Status
ServerID
X-Logged-In
X-Origin-Server
Accept-Charset
X-Cache-Hit
X-Amz-Server-Side-Encryption
X-Grace
X-Page-Id
X-Ratelimit-Remaining
X-Varnish-Age
X-HP-Webp
Host
X-Content-Security-Policy-Report-Only
X-B
X-DIS-Request-ID
Nginx-Cache
X-ECACHE
X-Shield-Request-Id
Edge-Cache-Tag
X-Server-ID
X-Mobile-URL
X-Hostname
Alternate-Protocol
MicrosoftSharePointTeamServices
X-Ratelimit-Limit
X-Hits
Realpath
X-F-Cache
X-Content-Options
X-Git-Hash
X-LB-Cache
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend
X-Country-Code-Real
X-Activity-Id
X-FTR-Expires
X-Az
X-AppVersion
X-N
X-Load-Cache
Cache-Tags
X-Seen-By
X-Forwarded-For
X-Type
Filterid
X-Request-Guid
X-Jobs
X-FireWall-Port
Paypal-Debug-Id
X-App-Environment
X-Varnish-Backend
DynaTrace
X-Rid
Cleartype
X-Cache-Age
Fastcgi-Useragent
X-Correlation-ID
X-Cached-By
X-Upgrade-Enabled
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Powered-By-ChinaCache
X-Proxy
X-WebKit-CSP-Report-Only
Access-Control-Allow-Method
X-Varnish-Grace
X-Zen-Fury
X-Litespeed-Cache
X-Respond-Thread
X-Amz-Meta-S3cmd-Attrs
X-Daa-Tunnel
X-FB-Debug
X-Akamai-Edgescape
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-GUploader-UploadID
X-Id
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-HS-Hub-Id
X-App-Server
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
DC
X-B3-Sampled
X-IPLB-Instance
X-Host-Name
X-Geo-Country
X-Cache-Operation
X-Signature
X-B-Cache
X-Cache-Rule
AMP-Access-Control-Allow-Source-Origin
X-User-Agent
X-AOL-HN
X-Debug-Info
X-Whom
MS-CV
X-Region
Healthy
X-Original-Request-Id
X-Content-Powered-By
X-Response-Served-From
X-Accel-Buffering
X-Mobile
Content-Disposition
X-XRDS-LOCATION
X-Frontend
X-VCache
Accept-Ch-Lifetime
X-HTML-Minification-Powered-By
Payment
X-Instance
X-FW-Type
X-FW-Static
X-Distributor
Charset
X-UUID
X-FW-Server
X-Rule
X-FW-Serve
X-Cache-Time
X-Wix-Request-Id
X-Cacheable-TTL
X-FW-Dynamic
X-FW-Hash
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel-2
Filters
X-Is-Bot
X-Rendered-As
Liferay-Portal
Refresh
Surrogate-Key
X-Protected-By
X-Acc-Debug-Context
Viewport
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Via-JSL
Datacenter
S-Cnection
X-Endurance-Cache-Level
X-Ua
Akamai-Age-Ms
Nel
X-Backend-Name
NGB
Arc-Version
X-Hyper-Cache
PB-RID
X-Cache-Expired-At
PB-PID
X-Amz-Replication-Status
Countrycode
X-Ah-Environment
GEO-INFO
X-Oneagent-Js-Injection
X-Cache-Server
X-App-Version
X-Varnish-Server
Section-Io-Cache
X-Cache-Action
X-Sucuri-ID
Retry-After
Version
X-Unique-Id
X-Source
Referer-Policy
X-EdgeConnect-Cache-Status
X-Air-Hostname
X-Azure-Ref
Eomportal-Instance
X-ProcessESI
X-NewRelic-App-Data
Server-Name
X-L-Path
X-Cache-Control
X-Esi
X-WA-Info
X-Real-IP
X-Environment-Context
X-Proxy-Cache-Status
X-Framework
X-PHP-Backend
X-RemovedCookies
X-Yottaa-Metrics
X-Revision
X-Yottaa-Optimizations
Frame-Options
X-RTag
X-URL
Ms-Operation-Id
X-Cache-Var
X-Cache-Var-Map
X-RN-RSRV
X-GeoIP
Meta-Geo
X-ES-SERVER
X-Mode
X-Drupal-Cache-Contexts
X-From
X-Qloud-Router
X-Sucuri-Cache
X-R9-Blue-Green-Version
Cache-Tv-Group
X-Xfnlog-Site
X-BYPASS-REASON
X-Cache-Host
X-Cache-TTL-Remaining
X-ProxyCache-Status
DB-Nickname
X-Time-Microsecs
X-ProxyCache-Key
Mn-Server-Ip
Property-Id
X-PHP-Host
X-PCL
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Cross-Origin-Window-Policy
TWC-Locale-Group
Ec-Rule-Version
TWC-Privacy
TWC-Device-Class
X-CDN-Forward
X-DynaTrace-JS-Agent
X-Labrador-Cache-Channel
X-Human
X-NYM-Debug-Backend
X-AWS-Id
X-OCL
X-VWS-Id
X-Cluster
X-Loop
X-LJ-Flow-ID
X-TNCMS
X-Amzn-Remapped-Content-Length
X-Hosted-By
X-Handled-By
X-Status
X-FW-Version
Webcakes-App-Version
Webcakes-App-Name
X-Server-W
Webcakes-Region
X-Origin-Hint
X-Detected-As
X-ServerID
Uber-Trace-Id
X-Locale
X-Site-Version
X-Proto
X-Format
X-FB-TRIP-ID
Selected-Fe
X-Proxy-Build
X-Proxied
X-Access
X-Hl-Ver
X-Redis-Cache
X-Zipkin-Id
X-Routing-Service
X-Be
X-Timing-Wait
X-Section
X-No-Session
X-Debug-Cache
X-Via-Fastly
X-Drupal-Cache-Tags
Cache
FSS-Cache
X-Cache-PHP
X-Device-Type
X-Generated-By
X-Contextid
X-ATG-Version
X-Ratelimit-Reset
X-BCube-Filmed-By
Powered
Webserver
X-CSRF-Token
X-Varnish-Cache-Hits
X-NC
CACHE
X-Time
X-FTR-Cache-Host
X-Fastcgi-Cache
From-Origin
X-SaId
X-JoinUs
X-Adobe-Loc
X-Adobe-Content
X-AIR-PT
X-TIME
CF-Cached-On
X-Pinterest-Sli-Response-Type
X-Pinterest-Sli-Latency-Threshold
X-Pinterest-Sli-Endpoint-Name
X-NCache
X-Correlation-Id
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-Version
Azure-InstanceId
OT-Force-Account-Verify
X-Origin
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-TT
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Hp-Webp
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Route-Name
X-Providence-Cookie
X-Flags
X-Aspnet-Duration-Ms
X-Is-Crawler
X-GoCache-CacheStatus
X-Akamai-Transformed
Upgrade-Insecure-Requests
X-NWS-UUID-VERIFY
X-APP-VERSION
Access-Control-Request-Headers
X-Cache-2
X-Backend-Host
SD-X-WS
X-CCM
X-IP
X-Adobe-Source
X-IPS-LoggedIn
X-Backend-TTL
X-TA-CDN-Provider
X-ECache
X-LAGOON
X-Alternate-Cache-Key
X-ShardId
X-ShopId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Cache-Enabled
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-Ruxit-Js-Agent
X-Cache-Grace
X-Bc-Bl
X-PERF
X-Forwarded-Host
X-Soup
X-Pubstack
X-ApacheServer
Decoy-Debug-Status
X-Say-Cacheable
Decoy-Debug-Key
Cache-Status
X-Varnishpool
X-UPSTREAM-Address
X-Cluster-Name
X-EC-Lua
X-Web-Node
X-Storage
Decoy-Debug-TTL
X-Say-TTL
X-Tumblr-Pixel-3
Fastly-SSL
X-SayCDN-TTL
X-EIG-Tracking-Id
X-Cdn
X-G
Node
Country
X-Viewer-Country
X-A-Dam
X-Twitter-Response-Tags
X-A-Dcw
X-Cache-Backend
X-Vdms-Path
X-Application
X-Trv-Group
X-D
X-A-Dgt
X-A
X-A-Ccd
Meta-Geo-Continent
X-Transaction
X-Vdms-Version
X-ARC
Apple-News-Services-Host
X-VG-WebServer
Apple-News-Services-Handled
X-Destination
X-Vtex-Processado-Em
Rendered-Blocks
X-Cache-NE
Apple-News-Services-Request-Url
X-VG-WebCache
Apple-News-Services-Parsed-Url
Mobile-Detection-Method
X-CF-Lambda-Fn
X-B-Cookie
X-Connection-Hash
X-Request-UUID
MD5-Digest
X-Rewrite-Enabled
X-RCS-CacheZone
X-Processor
X-CF-Lambda-Version
Fastcgi-X-Cache-Version
X-A-Wwc
DCR-Processing-Time-Ms
Machine
DCR-Decision-By
X-Rojux
X-S
Host-ID
X-External-Request-Id
X-Aed
X-TX-ID
X-Worker
Xc-Version
X-Vtex-Remote-Cache
X-PAYTM-SRV-ID
X-S-Cookie
X-PBS-Appsvrname
X-ScT
X-Cache-Config
Adler-Geo
X-DefHash
X-CUA
X-Clara-WADP
X-Cms-Context
X-DPWN-IS-SECURE
X-Cache-Bucket
X-DefElseHash
X-Rebelmouse-Surrogate-Control
CDN-Uid
X-Rebelmouse-Cache-Control
CloudFront-Viewer-Country
X-Servername
X-Platform-Server
X-Envoy-Decorator-Operation
X-Varnish-Beresp-Grace
CDN-PullZone
CDN-RequestCountryCode
Fastly-SIE
Fastly-SWR
X-WADP-Cache
Gh-Request-Id
Is-Eu
X-VG-TLSProxy
X-Varnish-Remaining-TTL
X-Variation
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Varnish-Beresp-Status
CDN-RequestId
CDN-Cache
X-Fmm-Version
X-Generation-Time
Platform
X-Auto-Login
CDN-CachedAt
X-Micro-Cache
X-Fastly-Cache
X-Varnish-Beresp-Ttl
CDN-EdgeStorageId
X-Ms-Version
X-Ms-Request-Id
X-UA
Backend
Wxu-Next-Region
Wxu-Next-Commit
NM-Fastcgi-Cache
Origin
Rt-Fastcgi-Cache
Akamai-GRN
L
Wxu-Next-Hostname
AKAMAI
C-Via
X-Cache-NGX
X-Bip
X-Amz-Meta-Cb-Modifiedtime
Country-Code
Fastly-Backend-Name
X-Cache-Id
CacheControlHeader
Fastly-Drupal-HTML
X-Backend-State
X-LI-UUID
X-Policy
X-Varnish-Ttl
X-Request-Host
X-Request-Start
X-Platform
X-Owner
X-Old-Content-Length
X-OVcl
X-OVcl-Cache
X-Skip-Cache
X-Slack-Backend
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Core-Value
X-Microcachable
X-Page-View
X-Webstats-RespID
X-SN
X-Thanos
X-Varnish-Cacheable
X-Minions-Version
X-Render-Time
X-Gzip
X-Has-Esi
X-Hash
X-Fastly-Backend
X-Esi-Check
X-Clientip
X-Core-Mission
X-Developers
X-HS-Content-Campaign-Id
X-Dispatcher-Server
X-Is-Gdpr
X-Method
X-Li-Fabric
X-Li-Pop
X-Irp-Debug
X-JWT-State
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
Surrogated-Key
X-Geo-Header
X-Generated-On
X-Session-Fingerprint
X-Level-Front-Cache
X-Cache-Debug
X-Gamma-Serve
X-Location
X-VarnishDD-TTL
X-HN
PFcat
X-Eu-Site
X-Accel-Expires-Debug
X-Cache-Tags
X-Reqid
X-Mvc-Supplant-Cachable
X-Date
X-Cache-Date
X-Branch-Name
X-Csrf-Jwt
X-Content-Age
X-CGP
Ha-Gx-Prefs
HA-Ipaddr
L5d-Success-Class
X-COUNTRY
X-NGENIX-Cache
X-Up
Pagetype
FSS-Proxy
X-CS
X-Req
X-Edge-Location
X-B3-Spanid
X-Wa
UCS
X-RateLimit-Remaining
SRV
X-GEO
Time
Now
X-Cache-URL
Ufe-Result
Mail-Subject
Memcached
Group
We-Hiring
X-Cdn-Srv
X-Refresh
X-LB-ID
X-NODE
X-DC
X-Proxy-Upstream
X-Via-Poph
X-Aicache-OS
X-Via-CDN
X-PF-Uncompressing
X-Via-Popn
X-LLID
X-B3-Traceid
X-Mvc-Supplant-OutputCached
X-Dc
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-BC
HostName
NGX
Hostname
X-ZONE
X-Agile-Age
X-Agile
X-Agile-Id
X-Ftr-Cache-Host
X-Datadome
X-Sql-Count
X-LI-Proto
X-Ua-Device
X-Sql-Duration-Ms
X-Servedbyhost
X-CACHE-AGE
X-FORWARDED-FOR
X-Cache-Remote
X-Varnish-Hostname
X-FPC
M-TraceId
X-NU-AKA-ACS-Version
X-ID
X-Nginx-Cache
Xserver
X-Check-Cacheable
X-SERVER
X-Presslabs-Stats
X-Request-Time
X-Www-Served-By
Arc-Country
X-Via-Edge
X-SERVER-NAME
X-Via-SSL
X-LiteSpeed-Cache-Control
Edge-Copy-Time
X-SRV
X-Cs
Cache-Hits
X-S-Maxage
XServer
X-Cluster-Node
X-Svr
X-Bc
X-APP
X-Zone
X-CF-Powered-By
GeoIp-Country-Code
VivaBuild
Geoip-Latitude
X-NGINX-Cache
X-Edge-Server
X-VCL-Version
Viewtype
WebServer
X-Srv
Cdn-Host
On-Server
ServedBy
Cdn-Request-Time
X-UnsetCookies
X-CSRF-TOKEN
SID
NtCoent-Length
X-Via-Popv
X-Action
X-RunCloud-Cache
X-Via-Ucdn
X-Cdn-Forward
X-HS-Status
X-Dynatrace-Js-Agent
X-MP-GENERATED-AT
Srv
X-DSS
X-Oss-Cdn-Auth
X-Erf-Stays-Bingo-Pdp-Web
WWW-Authenticate
T-Server
X-DW
X-DI
X-RSL
X-RPS
X-RPM
Memory
X-DB
Ohc-File-Size
X-Pass-Why
ProcessTime
X-We-Are-Hiring
Processtime
X-Vgn-Hpd-Ssi
Apigw-Requestid
User-Agent
Protected
X-Instart-Request-ID
Pics-Label
X-MSEdge-Flight
N-Cache
X-MSEdge-Features
W
Server-Host
Sid
X-Geo
LB
X-Varnish-Hits
Server-Info
X-SB
CF-IPCountry
X-VC
X-Cache-Spec
X-Erf-Bev-Bev
WZWS-RAY
X-Erf-Bev-Bev-Is-Generated
Magicmarker
X-Acc-Rdl
X-Hit
X-Uri
X-HOST
X-Vcache
GeoIP-Country-Code
CDN
X-Info
X-Vcl-Version
GeoIP-Latitude
S-Rt
X-Akamai-Request-ID2
X-Tb
Actual-Object-TTL
X-Dynatrace
X-HITS
Ohc-Cache-HIT
X-ORACLE-APMCS-REQUEST-ID
X-Cache-Hm
X-Unique-ID
Cteonnt-Length
X-Pjax-Url
X-Envoy-Upstream-Healthchecked-Cluster
Amp-Access-Control-Allow-Source-Origin
X-Cache-Hfrom
Geo-Info
X-Newrelic-App-Data
X-Epic-Correlation-Id
X-Webkit-CSP-Report-Only
X-TT-LOGID
X-Fastly-Country-Code
User-Cache-Control
Section-Io-Origin-Status
DSUID
Section-Io-Origin-Time-Seconds
Section-Io-Id
Tracecode
Section-Origin-Responded
A
Odigeo-Trace-Id
Accept-Language
Cache-Name
X-Newrelic-Synthetics
X-CACHE-KEY
X-UA-Device-Type
Esi-Enabled
X-FC-Vary-Parameters
Lb
X-Fpc
Cdn
X-Oracle-Dms-Rid
Ssr
X-Mobile-Rewrite
X-Origin-Date
X-Provided-By
Lfy
X-ServedByHost
X-Li-Proto
X-Via-NSCOPI
X-Magnolia-Registration
X-Amzn-Remapped-Connection
X-Nc
X-Amzn-Remapped-Date
X-Key
V-Age
Vix-Hermes-Req-Id
True-Client-Country-4JS
Thinkindot-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Web-Mar-Node
X-API-Version
X-Cache-ASPX
X-Cache-Expires
X-Block-Status
X-BBXSRF
X-BBC-Edge-Cache-Status
SR-User-Adfree
X-VServer
CDCHOST
FNAC-ModuleRouting
X-Scheme
X-Men
X-Cc-Req-Id
X-Cc-Via
Instruction
IsBot
Server-Hostname
Sever-Int
Server-Ext
Release
Locid
X-Cache-Info
X-Contensis-Viewer-Groups
X-Response-By
X-SD-PageType
X-Varnish-Url
X-Request-URI
X-Origin-Time
X-Origin-TTL
X-Server-IP
X-SIPLIST1
X-Thinkindot-L3
X-User
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-SRCache-Key
X-Origin-Expires
X-Origin-CC
X-Gen-Mode
X-GeoIP-City
X-Gdpr
X-Developer
D-Cc-Upstream
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hnp-Log
X-Node-Id
X-Nyt-Route
X-Nginx-Cache-Key
X-Matched-Rule
X-Loc
X-Varnish-Authentication
Path
X-StackifyID
CountryCode
X-Cache-Tag
Cache-Key
X-Generated-In
X-Dispatch
X-NodeID
Server-ID
X-TH-Server
X-Akamai-Pragma-Client-IP
X-Geo-Region
X-Cdn-Origin
Server-Ttl
X-Served-From
X-Azure-Ref-OriginShield
X-Device-Os
Origin-Edge-Control
X-Fetched-On
Proxy-Firewall
Pramga
X-Sn-Servicetimems
Cache-Host
X-Swa-Ws
X-Trace-Id
X-Var-Ttl
X-Traceid
X-Sigma-Backend
X-Sigma
X-Rocket-Build-Number
Kp-EeAlive
X-Instart-Info
Origin-Cache-Control
MIME-Version
X-Lb-Id
X-Via-PopN
X-Via-PopH
X-Parent-Response-Time
X-Via-PopV
X-RAMCache
X-B3-SpanId
Powered-By
Cache-Provider
X-No-Cache
HitType
X-RateLimit-Limit-Second
Fastcgi-Cache-TTL
X-ServiceProvider
X-RateLimit-Remaining-Second
Source
X-Tt-Logid
X-WA
X-VC-Cache
X-ElasticPress-Query
X-LiteSpeed-Tag
X-Batcache
X-Agile-Brick-Ok
Cf-Device-Type
Tcn
X-Apw-Access-Action
Req-Svc-Chain
X-Apw-Access-Object
X-MiniProfiler-Ids
Cf-Alt-Svc
X-Varnish-Beresp-TTL
X-Apw-Hits
X-Pf-Uncompressing
X-Request-URL
X-Apw-Access-Token
BehaviorPad-Version
X-PJAX-URL
X-Yottaa-OS
X-Generated
X-HostName
Who
X-TrackingId
Xet-Cookie
X-RateLimit-Limit
Mime-Version
X-Selected-Scheme
X-Selected-Name
X-Selected-Host-Header
X-TraceId
X-BBC-Origin-Response-Status
Pragrma
Server-Id
X-B3-Parentspanid
X-Fastly-Backend-Reqs
X-Origin-Response-Time
Expiry
Dnion-Transfer-Encoding
Resin-Trace
X-Vgn-Hpd-Reason
X-C
Vha6-Origin
X-Snapshot-Date
PICS-Label
Inserted-Into-Cache-At
X-Dw-Trace-Id