Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
CF-RAY
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-Xss-Protection
X-Served-By
CF-Ray
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-DNS-Prefetch-Control
P3p
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
X-CDN
Upgrade
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Dns-Prefetch-Control
X-Age
X-Template
X-Language
X-Backend
X-Cache-Group
X-Hacker
X-Amz-Request-Id
X-Server
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
X-UA-Device
EagleId
X-Proxy-Cache
Request-Context
X-Turbo-Charged-By
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Grace
Host-Header
Report-To
Xkey
X-Page-Speed
X-Rq
X-Buckets
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
Cf-Railgun
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
X-Vhost
X-WebKit-CSP
X-Host
X-Backend-Server
X-Dispatcher
NEL
X-Device
X-Node
Surrogate-Control
X-Server-Id
X-Ruxit-JS-Agent
Content-Location
Accept-CH-Lifetime
Request-Id
X-Response-Time
X-Cache-Lookup
Accept-CH
X-Origin-Cache
X-Akam-SW-Version
EagleEye-TraceId
X-Ac
Cf-Bgj
X-ASPNET-VERSION
X-Readtime
Rating
X-Country
X-HW
X-Mod-Pagespeed
Allow
X-Cloud-Trace-Context
X-Application-Context
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Edge-Control
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country-Code
X-DataDome
X-PC
X-TtlSet
X-Vname
X-Cnection
X-Varnish-TTL
X-MS-InvokeApp
X-Url
X-Origin-Upstream-Status
X-Content-Type
X-GitHub-Request-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Template-Id
X-D2id
X-Clacks-Overhead
Fusion-Source
Fusion-Content-Source
Fusion-Deployment-Id
X-Trace
Display
X-Middleton-Display
X-Sol
Response
X-Middleton-Response
Pagespeed
Pinterest-Version
X-Pinterest-Rid
X-Abt-Application-Version
X-Server-Name
X-Vcap-Request-Id
X-Px
X-B3-TraceId
X-Rack-Cache
X-Navigation-Version
Verso
MS-Author-Via
Service-Worker-Allowed
X-CST
X-FTR-Request-ID
X-ESI
X-Fastly-Request-ID
X-Element-Page-Cache
X-Webkit-CSP
X-Client-IP
X-Cached
X-DynaTrace
X-FastCGI-Cache
Arr-Disable-Session-Affinity
X-Cache-TTL
X-Dw-Request-Base-Id
X-Powered-By-Plesk
X-Upstream
SPRequestGuid
X-SharePointHealthScore
Fastly-Restarts
Content-MD5
AR-CACHE
AR-ATIME
X-VARITI-CCR
AR-Request-ID
AR-PoweredBy
Ar-Sid
X-NF-Request-ID
X-Debug
X-Goog-Hash
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Server
X-Exp-Id
X-Kinja
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-Cdn-Fetch
X-TTL
X-Version
X-Forwarded-Proto
X-T
X-MSEdge-Ref
X-Powered-CMS
Access-Control-Request-Method
X-Jurisdiction
X-Ttl
X-XRDS-Location
X-Release
SPRequestDuration
SPIisLatency
X-Pinterest-Direct
S
X-Content-Digest
X-Amz-Rid
X-Edge
TP-L2-Cache
TP-Cache
TCN
RTSS
Cache-Tag
X-Ezoic-Cdn
Public-Key-Pins
X-Node-Name
X-Cache-Key
X-Yandex-Sdch-Disable
Fastcgi-Cache
X-Request-Processing-Time
Accept-Ch
X-Request-Received
X-MCACHE
X-Mid
X-NWS-LOG-UUID
Server-Node
Front-End-Https
X-PressLabs-Stats
X-Server-ID
X-Accel-Expires
X-Amzn-Trace-Id
X-Ser
X-Recruiting
X-Kinsta-Cache
X-Mg-S
MRF-Tech
X-Request-Handler-Origin-Region
Mrf-Cache-Status
X-Microsite
X-B3-TraceId-Primal
X-SRCache-Store-Status
X-SRCache-Fetch-Status
ServerID
X-Logged-In
X-Origin-Server
X-Cache-Hit
Accept-Charset
X-Amz-Server-Side-Encryption
X-Grace
X-Page-Id
X-Ratelimit-Remaining
X-HP-Webp
X-Varnish-Age
Host
Nginx-Cache
X-DIS-Request-ID
X-Content-Security-Policy-Report-Only
X-B
X-ECACHE
X-Shield-Request-Id
Edge-Cache-Tag
X-Mobile-URL
Alternate-Protocol
X-Hostname
MicrosoftSharePointTeamServices
X-Ratelimit-Limit
X-Hits
Realpath
X-F-Cache
X-Content-Options
X-LB-Cache
X-Git-Hash
X-Country-Code-Real
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-N
X-Activity-Id
X-FTR-Expires
X-Az
X-AppVersion
X-Load-Cache
Cache-Tags
X-Seen-By
X-Forwarded-For
X-Type
X-Request-Guid
X-App-Environment
Paypal-Debug-Id
Filterid
X-FireWall-Port
X-Jobs
DynaTrace
X-Varnish-Backend
X-Rid
X-Cache-Age
Cleartype
Fastcgi-Useragent
X-Cached-By
X-Correlation-ID
X-Upgrade-Enabled
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Powered-By-ChinaCache
Access-Control-Allow-Method
X-WebKit-CSP-Report-Only
X-Proxy
X-Zen-Fury
X-Varnish-Grace
X-Litespeed-Cache
X-Respond-Thread
X-Amz-Meta-S3cmd-Attrs
X-Daa-Tunnel
X-FB-Debug
X-Akamai-Edgescape
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Id
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-App-Server
DC
X-HS-Combine-CSS
X-B3-Sampled
X-Host-Name
X-Geo-Country
X-IPLB-Instance
AMP-Access-Control-Allow-Source-Origin
X-B-Cache
X-Cache-Rule
X-Signature
X-Cache-Operation
X-AOL-HN
X-User-Agent
X-Debug-Info
X-Whom
X-Region
MS-CV
Healthy
X-Response-Served-From
X-Accel-Buffering
X-Original-Request-Id
X-Content-Powered-By
X-Mobile
Content-Disposition
X-VCache
Accept-Ch-Lifetime
X-Frontend
Payment
X-Instance
X-HTML-Minification-Powered-By
X-Cache-Time
X-UUID
X-Distributor
X-Cacheable-TTL
Charset
X-FW-Serve
X-Wix-Request-Id
X-Rule
X-FW-Type
X-FW-Static
X-FW-Hash
X-FW-Server
X-FW-Dynamic
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Rendered-As
X-Is-Bot
Refresh
Filters
Liferay-Portal
Surrogate-Key
X-Protected-By
Viewport
X-Acc-Debug-Context
X-Tec-Api-Version
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Tec-Api-Origin
X-Tec-Api-Root
X-Via-JSL
X-Ua
Akamai-Age-Ms
S-Cnection
X-Endurance-Cache-Level
Datacenter
Nel
X-App-Version
X-XRDS-LOCATION
NGB
X-Backend-Name
Arc-Version
X-Cache-Expired-At
PB-RID
PB-PID
X-Hyper-Cache
Countrycode
X-Amz-Replication-Status
X-Ah-Environment
GEO-INFO
X-Oneagent-Js-Injection
X-Cache-Server
Section-Io-Cache
X-Varnish-Server
X-Cache-Action
Retry-After
Version
X-Sucuri-ID
X-Unique-Id
X-Source
X-EdgeConnect-Cache-Status
Referer-Policy
X-Air-Hostname
Eomportal-Instance
X-Azure-Ref
X-WA-Info
X-Cache-Control
X-NewRelic-App-Data
X-RemovedCookies
X-Environment-Context
X-PHP-Backend
X-Framework
X-Esi
X-Proxy-Cache-Status
X-L-Path
X-ProcessESI
Server-Name
X-Real-IP
X-Revision
X-Yottaa-Optimizations
Frame-Options
X-Yottaa-Metrics
X-RTag
X-URL
Ms-Operation-Id
X-Cache-Var-Map
Meta-Geo
X-Cache-Var
X-GeoIP
X-ES-SERVER
X-RN-RSRV
X-Mode
X-Drupal-Cache-Contexts
X-From
X-BYPASS-REASON
X-Cache-TTL-Remaining
X-Sucuri-Cache
X-R9-Blue-Green-Version
X-Xfnlog-Site
X-ProxyCache-Key
X-Time-Microsecs
Cache-Tv-Group
X-ProxyCache-Status
X-Cache-Host
X-Qloud-Router
DB-Nickname
TWC-GeoIP-LatLong
TWC-Connection-Speed
TWC-Device-Class
TWC-Locale-Group
Cross-Origin-Window-Policy
Mn-Server-Ip
TWC-GeoIP-Country
TWC-Privacy
Ec-Rule-Version
Property-Id
X-PHP-Host
X-TNCMS
X-VWS-Id
X-OCL
X-NYM-Debug-Backend
X-Hosted-By
X-Server-W
X-PCL
X-Human
X-FW-Version
X-Origin-Hint
X-Handled-By
CACHE
X-Loop
X-Cluster
X-AWS-Id
X-Labrador-Cache-Channel
X-Amzn-Remapped-Content-Length
X-LJ-Flow-ID
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
X-CDN-Forward
X-DynaTrace-JS-Agent
X-Status
X-ServerID
Uber-Trace-Id
X-Zipkin-Id
X-Locale
X-Timing-Wait
X-Section
X-Site-Version
X-Format
X-Be
X-Routing-Service
X-Proxy-Build
X-Access
X-Proto
X-Proxied
X-FB-TRIP-ID
X-Detected-As
X-Redis-Cache
X-Hl-Ver
Selected-Fe
X-No-Session
X-Via-Fastly
X-Debug-Cache
X-Drupal-Cache-Tags
X-Cache-PHP
X-Device-Type
FSS-Cache
X-Generated-By
X-Ratelimit-Reset
X-ATG-Version
X-Contextid
X-BCube-Filmed-By
Powered
Webserver
X-NC
X-Varnish-Cache-Hits
From-Origin
X-CSRF-Token
X-Time
X-FTR-Cache-Host
X-Fastcgi-Cache
X-AIR-PT
X-Adobe-Content
X-JoinUs
X-SaId
X-Adobe-Loc
Cache
X-TIME
X-Pinterest-Sli-Response-Type
X-Pinterest-Sli-Endpoint-Name
X-Pinterest-Sli-Latency-Threshold
X-Correlation-Id
X-NCache
CF-Cached-On
Azure-SiteName
X-Oss-Server-Time
Azure-RegionName
Azure-InstanceId
OT-Force-Account-Verify
X-Oss-Storage-Class
Azure-SlotName
X-Origin
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
Azure-Version
X-Oss-Object-Type
VIX-Pulpo-Upstream-Status
X-TT
VIX-Pulpo-Node
X-Tt-Trace-Host
X-Hp-Webp
X-Tt-Trace-Tag
X-Providence-Cookie
X-Is-Crawler
X-Route-Name
X-Flags
X-GoCache-CacheStatus
X-Aspnet-Duration-Ms
X-Akamai-Transformed
X-NWS-UUID-VERIFY
Upgrade-Insecure-Requests
Access-Control-Request-Headers
X-Cache-2
X-Adobe-Source
X-CCM
X-IP
X-Backend-Host
SD-X-WS
X-Backend-TTL
X-TA-CDN-Provider
X-IPS-LoggedIn
X-Shopify-Stage
X-ECache
X-LAGOON
X-APP-VERSION
X-ShopId
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Cache-Enabled
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-ShardId
X-Ruxit-Js-Agent
X-ApacheServer
X-Cache-Grace
X-Pubstack
X-Forwarded-Host
X-Bc-Bl
X-PERF
X-Soup
X-Tumblr-Pixel-3
X-UPSTREAM-Address
X-Varnishpool
X-EIG-Tracking-Id
X-SayCDN-TTL
X-EC-Lua
Decoy-Debug-Key
Decoy-Debug-Status
Fastly-SSL
Decoy-Debug-TTL
X-Storage
Cache-Status
X-Say-Cacheable
X-Say-TTL
X-Web-Node
X-Cluster-Name
Node
X-G
X-Viewer-Country
Country
X-Cdn
MD5-Digest
Meta-Geo-Continent
Rendered-Blocks
Mobile-Detection-Method
X-A
DCR-Processing-Time-Ms
X-TX-ID
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-A-Ccd
DCR-Decision-By
Host-ID
Fastcgi-X-Cache-Version
Apple-News-Services-Handled
Machine
Xc-Version
X-RCS-CacheZone
X-Connection-Hash
X-Cache-Backend
X-D
X-Vtex-Processado-Em
X-Request-UUID
X-S-Cookie
X-Rojux
X-Rewrite-Enabled
X-Processor
X-Destination
X-VG-WebCache
X-Vdms-Path
X-Vdms-Version
X-External-Request-Id
X-PAYTM-SRV-ID
X-A-Dam
X-VG-WebServer
X-PBS-Appsvrname
X-ScT
X-S
X-ARC
X-Vtex-Remote-Cache
X-Twitter-Response-Tags
X-Application
X-Aed
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-Worker
X-B-Cookie
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Trv-Group
X-Cache-NE
X-Transaction
X-Cache-Config
X-Ms-Version
X-Varnish-Remaining-TTL
X-Micro-Cache
X-Servername
X-Ms-Request-Id
X-Varnish-CookieINHashed-On
X-Variation
X-Varnish-CookieHashed-On
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Platform-Server
X-DPWN-IS-SECURE
CloudFront-Viewer-Country
X-WADP-Cache
CDN-Uid
CDN-RequestId
CDN-RequestCountryCode
Fastly-SIE
X-Cache-Bucket
X-Auto-Login
Platform
Is-Eu
Gh-Request-Id
Fastly-SWR
CDN-PullZone
CDN-EdgeStorageId
X-Envoy-Decorator-Operation
Adler-Geo
X-VG-TLSProxy
X-Fastly-Cache
X-Fmm-Version
X-DefHash
X-DefElseHash
CDN-CachedAt
CDN-Cache
X-Cms-Context
X-CUA
X-Generation-Time
X-Clara-WADP
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
Backend
X-UA
X-Developers
X-Core-Mission
X-Clientip
X-Cache-NGX
X-Dispatcher-Server
X-Hash
X-Gzip
X-Varnish-Ttl
X-Fastly-Backend
X-Esi-Check
X-Has-Esi
X-Backend-State
Origin
Rt-Fastcgi-Cache
NM-Fastcgi-Cache
L
Fastly-Drupal-HTML
Wxu-Next-Commit
Wxu-Next-Hostname
X-Bip
X-HS-Content-Campaign-Id
X-Amz-Meta-Cb-Modifiedtime
Wxu-Next-Region
X-Cache-Id
X-Irp-Debug
X-Skip-Cache
X-SN
X-Page-View
X-Request-Start
X-Request-Host
X-Thanos
X-Varnish-Cacheable
X-Core-Value
X-Microcachable
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Webstats-RespID
X-Render-Time
X-Policy
X-Li-Pop
X-LI-UUID
X-Li-Fabric
X-JWT-State
X-Is-Gdpr
X-Method
X-Minions-Version
X-Owner
X-Platform
X-OVcl-Cache
X-OVcl
X-Old-Content-Length
Fastly-Backend-Name
X-Slack-Backend
Country-Code
AKAMAI
CacheControlHeader
Akamai-GRN
C-Via
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-Location
X-Cache-Tags
X-VarnishDD-TTL
X-HN
X-Csrf-Jwt
X-Level-Front-Cache
X-Date
X-Mvc-Supplant-Cachable
X-Accel-Expires-Debug
X-CGP
X-Reqid
X-Content-Age
X-Eu-Site
X-Session-Fingerprint
X-Geo-Header
X-Cache-Debug
Surrogated-Key
X-Generated-On
Ha-Gx-Prefs
PFcat
L5d-Success-Class
HA-Ipaddr
X-Gamma-Serve
X-Branch-Name
X-Cache-Date
X-NGENIX-Cache
X-COUNTRY
X-Edge-Location
X-Up
X-CS
Pagetype
X-RateLimit-Remaining
SRV
X-Req
UCS
FSS-Proxy
X-B3-Spanid
X-Wa
Time
X-GEO
Ufe-Result
X-Refresh
Memcached
Mail-Subject
Group
X-Cdn-Srv
Now
We-Hiring
X-Cache-URL
X-NODE
X-DC
X-LLID
X-Via-CDN
X-Proxy-Upstream
X-LB-ID
X-PF-Uncompressing
X-Aicache-OS
Hostname
X-Via-Popn
X-Mvc-Supplant-OutputCached
X-Via-Poph
X-B3-Traceid
X-Dc
X-LI-Proto
X-Servedbyhost
NGX
X-Agile-Age
X-Debug-Cache-Store
X-Agile-Id
X-BC
X-Debug-Cache-Fetch
X-ZONE
X-Agile
X-Datadome
X-Ftr-Cache-Host
X-Ua-Device
X-Sql-Duration-Ms
X-Sql-Count
X-CACHE-AGE
HostName
X-FORWARDED-FOR
X-NU-AKA-ACS-Version
X-Varnish-Hostname
M-TraceId
X-Nginx-Cache
X-FPC
X-Cache-Remote
X-SRV
X-ID
X-SERVER
X-Check-Cacheable
XServer
X-Request-Time
X-Presslabs-Stats
X-Www-Served-By
X-CSRF-TOKEN
X-VCL-Version
X-LiteSpeed-Cache-Control
Edge-Copy-Time
X-Via-Edge
Arc-Country
X-SERVER-NAME
X-Via-SSL
X-S-Maxage
Xserver
Cache-Hits
X-Cs
X-Bc
X-Cluster-Node
On-Server
ServedBy
X-Svr
GeoIp-Country-Code
X-Zone
X-CF-Powered-By
X-APP
Cdn-Request-Time
Viewtype
Cdn-Host
X-NGINX-Cache
VivaBuild
Geoip-Latitude
WebServer
X-Edge-Server
X-UnsetCookies
SID
NtCoent-Length
X-HS-Status
X-Cdn-Forward
X-RunCloud-Cache
X-Action
X-Via-Ucdn
X-MP-GENERATED-AT
X-Dynatrace-Js-Agent
Srv
T-Server
X-Srv
X-RPS
Memory
X-Via-Popv
WWW-Authenticate
X-DW
X-DSS
X-RSL
X-RPM
X-Oss-Cdn-Auth
X-DI
X-Erf-Stays-Bingo-Pdp-Web
X-DB
X-Pass-Why
Ohc-File-Size
Apigw-Requestid
X-Vgn-Hpd-Ssi
ProcessTime
Processtime
X-We-Are-Hiring
User-Agent
Protected
X-Cache-Spec
X-Instart-Request-ID
Sid
X-MSEdge-Features
Server-Host
Pics-Label
W
N-Cache
X-MSEdge-Flight
X-Varnish-Hits
X-Geo
LB
Server-Info
X-Erf-Bev-Bev-Is-Generated
Magicmarker
X-VC
X-Erf-Bev-Bev
X-SB
WZWS-RAY
CF-IPCountry
X-Vcache
X-Acc-Rdl
X-HOST
X-Uri
X-Hit
X-Tb
GeoIP-Latitude
GeoIP-Country-Code
X-Akamai-Request-ID2
S-Rt
X-Info
CDN
X-ORACLE-APMCS-REQUEST-ID
X-Dynatrace
X-HITS
Actual-Object-TTL
Ohc-Cache-HIT
X-Epic-Correlation-Id
X-Envoy-Upstream-Healthchecked-Cluster
Cteonnt-Length
X-Cache-Hm
Amp-Access-Control-Allow-Source-Origin
X-Newrelic-App-Data
X-Vcl-Version
Geo-Info
X-Cache-Hfrom
X-Pjax-Url
X-Unique-ID
X-TT-LOGID
X-Webkit-CSP-Report-Only
A
Section-Origin-Responded
User-Cache-Control
X-Fastly-Country-Code
Section-Io-Id
Section-Io-Origin-Status
Odigeo-Trace-Id
DSUID
Tracecode
Section-Io-Origin-Time-Seconds
Accept-Language
X-CACHE-KEY
Cache-Name
X-UA-Device-Type
X-Newrelic-Synthetics
X-Oracle-Dms-Rid
X-FC-Vary-Parameters
Lb
Cdn
Esi-Enabled
X-Fpc
Ssr
X-Provided-By
X-Mobile-Rewrite
X-Origin-Date
X-Via-NSCOPI
X-Key
X-Magnolia-Registration
X-Nc
Lfy
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
Vix-Hermes-Req-Id
X-Men
X-Scheme
V-Age
CDCHOST
Web-Mar-Node
X-API-Version
X-BBXSRF
D-Cc-Upstream
X-BBC-Edge-Cache-Status
FNAC-ModuleRouting
X-Cc-Via
True-Client-Country-4JS
Sever-Int
SR-User-Adfree
Path
Server-Hostname
Release
X-Block-Status
Thinkindot-CacheControl
MIME-Version
Instruction
Thinkindot-Control
Thinkindot-CacheControl-Type
IsBot
Locid
Server-Ext
X-Gen-Mode
X-Server-IP
X-SIPLIST1
X-SD-PageType
X-Response-By
X-Origin-TTL
X-Request-URI
X-SRCache-Key
X-SVT-ORM-RULES
X-Varnish-Url
X-VServer
X-Varnish-Authentication
X-User
X-SVT-ORM-VERSION
X-Thinkindot-L3
X-Origin-Time
X-Origin-Expires
X-Gdpr
X-GeoIP-City
X-Developer
X-Contensis-Viewer-Groups
X-Cache-Expires
X-Cache-Info
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hnp-Log
X-Nyt-Route
X-Origin-CC
X-Node-Id
X-Nginx-Cache-Key
X-Loc
X-Matched-Rule
X-Cache-ASPX
X-Cc-Req-Id
X-Li-Proto
X-ServedByHost
X-StackifyID
CountryCode
X-Cache-Tag
Cache-Key
X-Akamai-Pragma-Client-IP
X-Cdn-Origin
X-Served-From
Server-Ttl
X-Sigma
X-Dispatch
X-Sigma-Backend
X-Azure-Ref-OriginShield
X-Fetched-On
X-Via-PopN
X-Via-PopH
X-NodeID
X-Lb-Id
X-Via-PopV
X-Rocket-Build-Number
X-TH-Server
X-Instart-Info
X-Generated-In
X-Device-Os
X-Sn-Servicetimems
Proxy-Firewall
X-Traceid
Pramga
Kp-EeAlive
Origin-Edge-Control
X-Var-Ttl
Cache-Host
X-Geo-Region
X-Trace-Id
Origin-Cache-Control
Server-ID
X-Swa-Ws
X-RAMCache
Cache-Provider
Powered-By
X-Parent-Response-Time
X-B3-SpanId
X-No-Cache
HitType
Cf-Device-Type
X-VC-Cache
X-Batcache
X-Tt-Logid
X-RateLimit-Limit-Second
Source
X-Agile-Brick-Ok
X-WA
X-ServiceProvider
X-ElasticPress-Query
X-LiteSpeed-Tag
X-RateLimit-Remaining-Second
Fastcgi-Cache-TTL
Tcn
X-HostName
Cf-Alt-Svc
X-RateLimit-Limit
X-TrackingId
X-Pf-Uncompressing
Xet-Cookie
Req-Svc-Chain
X-Generated
X-Apw-Access-Action
X-Apw-Access-Object
BehaviorPad-Version
X-PJAX-URL
Who
X-Apw-Access-Token
X-Yottaa-OS
X-MiniProfiler-Ids
X-Varnish-Beresp-TTL
X-Apw-Hits
X-Request-URL
X-Selected-Host-Header
X-Selected-Name
X-Selected-Scheme
X-B3-Parentspanid
Mime-Version
X-BBC-Origin-Response-Status
Expiry
Server-Id
X-TraceId
X-Origin-Response-Time
X-C
Inserted-Into-Cache-At
X-Snapshot-Date
X-Dw-Trace-Id
Resin-Trace
X-Vgn-Hpd-Reason
Dnion-Transfer-Encoding
PICS-Label
Pragrma
Vha6-Origin