Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
CF-RAY
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-UA-Compatible
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-Served-By
X-Xss-Protection
CF-Ray
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
P3p
X-AspNetMvc-Version
Status
Content-Encoding
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Backend
X-Cache-Group
X-Server
X-Hacker
X-Amz-Request-Id
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
X-UA-Device
X-Dns-Prefetch-Control
EagleId
X-Proxy-Cache
Request-Context
X-Template
X-Turbo-Charged-By
X-Language
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Grace
Host-Header
Report-To
X-Rq
Xkey
X-Page-Speed
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Ua-Compatible
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-Buckets
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
X-Vhost
X-Host
X-WebKit-CSP
X-Backend-Server
NEL
X-Server-Id
X-Dispatcher
X-Device
Surrogate-Control
X-Node
X-Ruxit-JS-Agent
Request-Id
Content-Location
Accept-CH-Lifetime
X-Response-Time
Accept-CH
EagleEye-TraceId
X-Cache-Lookup
X-Akam-SW-Version
X-Origin-Cache
X-Ac
Allow
X-Readtime
Rating
X-HW
X-Mod-Pagespeed
X-Country
X-Cloud-Trace-Context
X-Application-Context
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Edge-Control
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-PC
X-Vname
X-TtlSet
X-Cnection
X-MS-InvokeApp
X-Country-Code
X-DataDome
X-Varnish-TTL
X-CST
X-Content-Type
X-GitHub-Request-Id
X-D2id
X-Clacks-Overhead
X-ASPNET-VERSION
X-Origin-Upstream-Status
X-Trace
X-Middleton-Response
X-Middleton-Display
Response
Display
Pagespeed
X-Sol
Pinterest-Version
X-Pinterest-Rid
X-Server-Name
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Content-Id
MS-Author-Via
X-Vcap-Request-Id
X-Abt-Application-Version
X-FastCGI-Cache
X-Navigation-Version
X-Webkit-CSP
X-Px
X-Rack-Cache
X-Url
Service-Worker-Allowed
Verso
X-TTL
X-B3-TraceId
X-ESI
X-DynaTrace
X-Fastly-Request-ID
X-Client-IP
Arr-Disable-Session-Affinity
X-Cached
X-Element-Page-Cache
X-Cache-TTL
X-FTR-Request-ID
Cf-Bgj
X-Dw-Request-Base-Id
X-SharePointHealthScore
SPRequestGuid
X-VARITI-CCR
X-Powered-By-Plesk
X-Exp-Id
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Exp-Variant
X-Goog-Hash
X-Upstream
Fastly-Restarts
X-NF-Request-ID
AR-Request-ID
AR-PoweredBy
AR-ATIME
AR-CACHE
Ar-Sid
X-Debug
Content-MD5
X-MSEdge-Ref
X-Forwarded-Proto
X-Version
X-Pinterest-Direct
X-Powered-CMS
SPIisLatency
SPRequestDuration
Access-Control-Request-Method
X-XRDS-Location
X-T
X-Release
X-Amz-Rid
X-Jurisdiction
S
X-Edge
X-Content-Digest
TCN
RTSS
TP-L2-Cache
TP-Cache
Public-Key-Pins
Cache-Tag
X-Ezoic-Cdn
Accept-Ch
X-Litespeed-Cache
X-Cache-Key
Front-End-Https
X-Mid
X-Node-Name
X-MCACHE
X-Yandex-Sdch-Disable
Server-Node
X-Request-Processing-Time
X-Request-Received
Fastcgi-Cache
X-Ttl
X-Amz-Server-Side-Encryption
X-Recruiting
X-Amzn-Trace-Id
X-Mg-S
X-B3-TraceId-Primal
MRF-Tech
X-Accel-Expires
Mrf-Cache-Status
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ser
X-PressLabs-Stats
X-HP-Webp
X-Kinsta-Cache
X-NWS-LOG-UUID
X-Grace
X-Request-Handler-Origin-Region
X-Microsite
X-Origin-Server
Accept-Charset
X-Logged-In
X-Varnish-Age
ServerID
X-DIS-Request-ID
MicrosoftSharePointTeamServices
X-Ratelimit-Remaining
X-Page-Id
X-Cache-Hit
Host
X-ECACHE
X-Shield-Request-Id
Nginx-Cache
Edge-Cache-Tag
X-Content-Security-Policy-Report-Only
X-Hits
X-B
X-Hostname
X-Mobile-URL
Cache-Tags
X-Server-ID
X-F-Cache
Powered-By-ChinaCache
X-LB-Cache
Realpath
X-Az
X-Activity-Id
X-AppVersion
X-Git-Hash
X-N
X-Ratelimit-Limit
X-Cached-By
Alternate-Protocol
Cleartype
X-Forwarded-For
X-Content-Options
X-Respond-Thread
X-Cache-Age
DynaTrace
X-Type
Accept-Ch-Lifetime
X-Jobs
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Upgrade-Enabled
X-Request-Guid
X-Varnish-Backend
X-Load-Cache
X-Rid
Paypal-Debug-Id
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-DC
X-Country-Code-Real
X-FTR-Balancer
X-App-Environment
X-FTR-Backend
X-Amz-Meta-S3cmd-Attrs
X-FTR-Expires
X-Seen-By
Fastcgi-Useragent
Access-Control-Allow-Method
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Proxy
X-Correlation-ID
X-FireWall-Port
X-Zen-Fury
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-GUploader-UploadID
X-URL
X-HS-Content-Id
X-HS-Cache-Config
X-WebKit-CSP-Report-Only
X-HS-Hub-Id
X-Akamai-Edgescape
X-FB-Debug
Filterid
X-B3-Sampled
X-HS-Combine-CSS
Charset
X-Varnish-Grace
X-Daa-Tunnel
X-IPLB-Instance
X-VCache
X-B-Cache
X-AOL-HN
Healthy
X-Debug-Info
X-Mobile
X-Signature
X-Host-Name
Filters
DC
MS-CV
X-Whom
X-Region
X-User-Agent
X-App-Server
X-Frontend
X-Cache-Operation
X-Geo-Country
X-Cache-Rule
X-Accel-Buffering
X-Original-Request-Id
Payment
X-Response-Served-From
Liferay-Portal
Viewport
AMP-Access-Control-Allow-Source-Origin
X-Distributor
X-UUID
X-HTML-Minification-Powered-By
X-Acc-Debug-Context
X-Cacheable-TTL
Surrogate-Key
X-Content-Powered-By
X-Instance
X-Tumblr-Pixel-1
X-FW-Server
X-Tumblr-User
X-FW-Type
X-Rule
X-Tumblr-Pixel
X-FW-Static
X-Tumblr-Pixel-0
X-FW-Dynamic
X-FW-Hash
X-Protected-By
X-Cache-Time
X-Id
X-FW-Serve
X-Tumblr-Pixel-2
Refresh
X-Amz-Replication-Status
X-Via-JSL
X-Rendered-As
X-Wix-Request-Id
X-Is-Bot
Content-Disposition
S-Cnection
Section-Io-Cache
X-Cache-Expired-At
X-Backend-Name
X-Amzn-RequestId
GEO-INFO
X-Amz-Apigw-Id
X-Hyper-Cache
Version
Datacenter
X-Endurance-Cache-Level
X-Sucuri-ID
X-Cache-Action
X-Ua
Nel
X-XRDS-LOCATION
Arc-Version
PB-PID
Server-Name
PB-RID
X-Cache-Server
Retry-After
X-App-Version
X-Ah-Environment
X-Pinterest-Sli-Response-Type
X-Tec-Api-Origin
X-Tec-Api-Version
X-Oneagent-Js-Injection
X-Air-Hostname
X-Pinterest-Sli-Latency-Threshold
X-Pinterest-Sli-Endpoint-Name
CACHE
X-Tec-Api-Root
X-Source
Akamai-Age-Ms
Eomportal-Instance
X-Real-IP
X-RemovedCookies
X-Varnish-Server
X-EdgeConnect-Cache-Status
X-ProcessESI
X-Environment-Context
Referer-Policy
X-Yottaa-Optimizations
NGB
Frame-Options
X-Yottaa-Metrics
X-Framework
X-L-Path
X-Drupal-Cache-Contexts
X-Sucuri-Cache
Ms-Operation-Id
X-Unique-Id
X-RTag
Countrycode
X-Revision
X-Cache-Control
X-WA-Info
X-ES-SERVER
X-Cache-Var
X-Cache-Var-Map
X-Esi
X-RN-RSRV
Meta-Geo
X-Proxy-Cache-Status
X-Drupal-Cache-Tags
X-Azure-Ref
Webserver
X-Mode
Cache-Tv-Group
X-GeoIP
X-R9-Blue-Green-Version
X-Cache-TTL-Remaining
X-Cache-Host
X-ProxyCache-Status
X-DynaTrace-JS-Agent
X-ProxyCache-Key
X-BYPASS-REASON
X-Qloud-Router
X-Xfnlog-Site
X-LJ-Flow-ID
X-Loop
X-Human
X-AWS-Id
X-VWS-Id
X-NYM-Debug-Backend
Mn-Server-Ip
Cross-Origin-Window-Policy
X-PCL
X-NewRelic-App-Data
DB-Nickname
X-OCL
Ec-Rule-Version
X-Handled-By
X-Hl-Ver
X-Cluster
X-Time-Microsecs
X-TNCMS
X-ServerID
X-Site-Version
X-Via-Fastly
X-Timing-Wait
X-Proto
X-Status
X-Proxied
X-Routing-Service
X-Redis-Cache
X-PHP-Host
X-Zipkin-Id
X-Section
X-Server-W
X-Proxy-Build
X-Contextid
Property-Id
X-Be
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
X-Amzn-Remapped-Content-Length
X-Access
Webcakes-App-Name
TWC-Locale-Group
TWC-GeoIP-LatLong
Webcakes-App-Version
X-Detected-As
Selected-Fe
X-Labrador-Cache-Channel
X-Locale
TWC-Privacy
X-No-Session
X-Hosted-By
X-FW-Version
X-FB-TRIP-ID
X-Format
X-From
X-Origin-Hint
Webcakes-Region
X-CDN-Forward
X-TIME
Uber-Trace-Id
X-Flags
X-PHP-Backend
X-Aspnet-Duration-Ms
X-Debug-Cache
X-Is-Crawler
X-Cache-PHP
X-Providence-Cookie
X-Adobe-Loc
X-Adobe-Content
X-Route-Name
X-Device-Type
X-AIR-PT
FSS-Cache
X-Generated-By
X-BCube-Filmed-By
X-Ratelimit-Reset
X-TT
X-Correlation-Id
X-ATG-Version
X-Tt-Trace-Host
X-Tt-Trace-Tag
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Varnish-Cache-Hits
X-NC
Upgrade-Insecure-Requests
X-CSRF-Token
From-Origin
Access-Control-Request-Headers
OT-Force-Account-Verify
Cache
Azure-RegionName
Azure-InstanceId
Azure-Version
Azure-SiteName
Azure-SlotName
X-LLID
X-Cache-Spec
X-NCache
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Server-Time
Powered
X-Akamai-Transformed
X-GoCache-CacheStatus
X-UPSTREAM-Address
X-Cache-2
CF-Cached-On
X-JoinUs
X-Time
X-Origin
X-SaId
X-COUNTRY
X-Adobe-Source
X-CCM
SD-X-WS
X-Varnishpool
X-ShopId
X-ShardId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
Cache-Status
X-LAGOON
X-Alternate-Cache-Key
X-ApacheServer
X-Forwarded-Host
X-B3-Traceid
X-Fastcgi-Cache
X-Page-View
X-G
Country
X-PERF
X-Soup
X-Cache-Grace
X-SayCDN-TTL
Fastly-SSL
X-Storage
X-Say-TTL
X-Pubstack
X-Say-Cacheable
X-Cluster-Name
Node
X-Web-Node
X-Backend-TTL
X-FTR-Cache-Host
Decoy-Debug-Key
Decoy-Debug-TTL
X-ID
X-Backend-Host
X-APP-VERSION
Decoy-Debug-Status
X-ECache
X-IP
SRV
X-NWS-UUID-VERIFY
X-TA-CDN-Provider
X-TX-ID
X-Ruxit-Js-Agent
X-IPS-LoggedIn
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-A
X-A-Ccd
X-Cache-NE
X-A-Dam
X-S
X-Connection-Hash
X-Rojux
X-Destination
X-Request-UUID
X-External-Request-Id
X-D
X-Rewrite-Enabled
X-A-Wwc
X-A-Dgt
Xc-Version
X-S-Cookie
DCR-Decision-By
X-Aed
X-Vdms-Version
X-VG-WebCache
X-VG-WebServer
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Worker
X-Vdms-Path
X-B-Cookie
X-ScT
Rendered-Blocks
X-ARC
X-Trv-Group
X-Application
Fastcgi-X-Cache-Version
X-Cache-Enabled
X-Varnish-Beresp-Grace
Machine
X-RCS-CacheZone
X-Processor
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
Meta-Geo-Continent
MD5-Digest
DCR-Processing-Time-Ms
Mobile-Detection-Method
Apple-News-Services-Handled
X-PBS-Appsvrname
X-A-Dcw
X-PAYTM-SRV-ID
Host-ID
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Cache-Config
X-Tumblr-Pixel-3
X-EC-Lua
X-Viewer-Country
X-Cdn
X-Rebelmouse-Surrogate-Control
X-Varnish-CookieHashed-On
X-DPWN-IS-SECURE
X-Varnish-CookieINHashed-On
X-Variation
X-Platform-Server
CDN-Uid
X-Core-Value
X-Microcachable
X-GEO
X-Varnish-Remaining-TTL
Is-Eu
Platform
CDN-PullZone
X-VG-TLSProxy
CDN-Cache
X-Via-CDN
CDN-CachedAt
X-Envoy-Decorator-Operation
CDN-RequestId
X-Auto-Login
X-Rebelmouse-Cache-Control
X-Ms-Request-Id
X-Cache-Backend
X-Cache-Debug
X-Bc-Bl
Gh-Request-Id
Adler-Geo
X-CUA
X-Cms-Context
CloudFront-Viewer-Country
X-Ms-Version
Fastly-SIE
CDN-RequestCountryCode
CDN-EdgeStorageId
X-Servername
X-Session-Fingerprint
X-DefElseHash
Fastly-SWR
X-DefHash
X-Generation-Time
Rt-Fastcgi-Cache
Wxu-Next-Hostname
Origin
NM-Fastcgi-Cache
Wxu-Next-Region
Wxu-Next-Commit
Fastly-Drupal-HTML
PFcat
Fastly-Backend-Name
L
X-Is-Gdpr
X-Old-Content-Length
X-Owner
X-Platform
X-Policy
X-Micro-Cache
X-Method
X-Li-Pop
X-LI-UUID
X-Location
X-Request-Host
X-Request-Start
X-VarnishDD-TTL
X-WADP-Cache
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Varnish-Cacheable
X-Thanos
X-Skip-Cache
X-Slack-Backend
X-SN
X-Li-Fabric
X-Level-Front-Cache
X-Clientip
X-Core-Mission
X-Developers
X-Dispatcher-Server
X-Clara-WADP
X-Cache-NGX
X-Branch-Name
X-Cache-Bucket
X-Cache-Date
X-Fastly-Backend
X-Fastly-Cache
X-Hash
X-HN
X-Irp-Debug
X-JWT-State
X-Has-Esi
X-Geo-Header
X-Fmm-Version
X-Gamma-Serve
X-Generated-On
X-Bip
X-Backend-State
CacheControlHeader
C-Via
AKAMAI
Backend
X-CS
X-B3-Spanid
X-UA
X-Csrf-Jwt
Pagetype
X-OVcl
X-OVcl-Cache
X-CGP
X-Cache-Tags
X-EIG-Tracking-Id
X-Cache-Id
X-Transaction
X-Twitter-Response-Tags
Akamai-GRN
X-Reqid
X-Content-Age
X-Webstats-RespID
Ha-Gx-Prefs
HA-Ipaddr
X-Eu-Site
X-Varnish-Ttl
X-HS-Content-Campaign-Id
X-Gzip
L5d-Success-Class
X-Esi-Check
X-Hp-Webp
X-DC
X-Refresh
X-Render-Time
X-Minions-Version
X-Wa
X-PF-Uncompressing
X-Mvc-Supplant-Cachable
X-Erf-Bev-Bev-Is-Generated
X-Aicache-OS
FSS-Proxy
X-Amz-Meta-Cb-Modifiedtime
UCS
X-Erf-Bev-Bev
Country-Code
X-Ftr-Cache-Host
X-Sql-Duration-Ms
X-Sql-Count
X-Cache-Remote
X-Accel-Expires-Debug
Surrogated-Key
X-Date
X-Via-Popn
X-Via-Poph
X-NODE
X-Vgn-Hpd-Variations-Key
X-NGENIX-Cache
X-Vgn-Hpd-Cached
NGX
X-LB-ID
X-Edge-Location
X-Up
X-Req
Hostname
X-Nginx-Cache
X-Presslabs-Stats
X-Mvc-Supplant-OutputCached
X-RateLimit-Remaining
X-LI-Proto
X-Cdn-Srv
X-Cache-URL
X-Servedbyhost
Memcached
X-Www-Served-By
We-Hiring
Time
Mail-Subject
X-NU-AKA-ACS-Version
XServer
Group
Ufe-Result
Now
X-Debug-Cache-Store
X-Dc
HostName
X-Debug-Cache-Fetch
X-Proxy-Upstream
X-SRV
X-S-Maxage
Cache-Hits
X-Check-Cacheable
Protected
Edge-Copy-Time
X-Via-Edge
X-BC
X-Ua-Device
X-ZONE
X-Via-SSL
X-FPC
X-FORWARDED-FOR
X-Varnish-Hostname
X-CACHE-AGE
X-Request-Time
ServedBy
X-Agile-Id
On-Server
X-Agile-Age
X-Agile
X-CSRF-TOKEN
Geoip-Latitude
X-Svr
GeoIp-Country-Code
X-Pass-Why
X-LiteSpeed-Cache-Control
X-Cluster-Node
T-Server
X-VCL-Version
X-Cdn-Forward
M-TraceId
X-Acc-Rdl
Xserver
SID
X-MP-GENERATED-AT
X-Via-Popv
X-Srv
X-UnsetCookies
X-Datadome
Server-Host
X-HS-Status
Pics-Label
X-CF-Powered-By
NtCoent-Length
ProcessTime
Arc-Country
X-APP
N-Cache
X-Cs
X-Dynatrace-Js-Agent
X-Uri
WZWS-RAY
X-NGINX-Cache
X-Zone
X-Varnish-Hits
Ohc-File-Size
X-Bc
X-Erf-Stays-Bingo-Pdp-Web
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Origin-Status
Viewtype
X-SB
X-VC
Magicmarker
Cdn-Request-Time
VivaBuild
Apigw-Requestid
Section-Io-Id
Cdn-Host
X-Edge-Server
X-Action
X-TT-LOGID
Memory
X-We-Are-Hiring
X-RunCloud-Cache
X-Via-Ucdn
User-Agent
Ohc-Cache-HIT
Srv
DSUID
X-RPS
X-UA-Device-Type
X-DSS
X-DW
Cache-Name
X-RSL
Server-Info
WebServer
X-Info
X-MSEdge-Features
W
X-DB
WWW-Authenticate
X-RPM
X-Oss-Cdn-Auth
Sid
Processtime
X-MSEdge-Flight
X-DI
User-Cache-Control
LB
Amp-Access-Control-Allow-Source-Origin
Odigeo-Trace-Id
X-Tb
X-Unique-ID
X-Origin-Date
Tracecode
X-Vgn-Hpd-Ssi
Cteonnt-Length
CF-IPCountry
X-Webkit-CSP-Report-Only
S-Rt
X-HOST
X-SERVER-NAME
CountryCode
X-Newrelic-App-Data
Ssr
CDN
X-Geo
X-HITS
X-Hit
GeoIP-Country-Code
X-Magnolia-Registration
Geo-Info
X-Vcl-Version
GeoIP-Latitude
X-Pjax-Url
Lfy
X-Cache-Hfrom
X-Cache-Hm
Thinkindot-CacheControl-Type
Server-ID
X-SVT-ORM-RULES
SR-User-Adfree
Thinkindot-CacheControl
X-Cache-Expires
X-Block-Status
Sever-Int
X-BBXSRF
X-Thinkindot-L3
Web-Mar-Node
A
X-SRCache-Key
Server-Hostname
X-API-Version
X-BBC-Edge-Cache-Status
Vix-Hermes-Req-Id
Server-Ext
True-Client-Country-4JS
X-SVT-ORM-VERSION
V-Age
Thinkindot-Control
X-Gen-Mode
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Cc-Req-Id
X-Hnp-Log
X-Akamai-Request-ID2
CDCHOST
D-Cc-Upstream
X-Origin-TTL
X-Loc
X-Matched-Rule
X-Nyt-Route
X-Origin-CC
X-Origin-Expires
X-Scheme
X-Node-Id
X-Cc-Via
X-Nginx-Cache-Key
X-Newrelic-Synthetics
X-Request-URI
MIME-Version
X-SD-PageType
X-Developer
X-User
Path
X-FC-Vary-Parameters
X-Fastly-Country-Code
Locid
IsBot
X-Response-By
X-VServer
Instruction
X-SIPLIST1
X-Gdpr
X-Varnish-Url
X-Origin-Time
X-CACHE-KEY
X-Nc
X-Server-IP
Cache-Host
Pramga
Release
X-Fpc
Cdn
X-Contensis-Viewer-Groups
X-Fetched-On
X-Varnish-Authentication
X-Sn-Servicetimems
X-Epic-Correlation-Id
X-Envoy-Upstream-Healthchecked-Cluster
X-NodeID
X-GeoIP-City
X-Generated-In
X-Var-Ttl
X-Device-Os
X-Azure-Ref-OriginShield
X-Trace-Id
X-Swa-Ws
X-Cache-ASPX
X-Traceid
Lb
X-Cdn-Origin
X-Cache-Info
X-Provided-By
X-Via-NSCOPI
Accept-Language
X-Cache-Tag
X-ORACLE-APMCS-REQUEST-ID
Actual-Object-TTL
FNAC-ModuleRouting
X-ServedByHost
X-Instart-Request-ID
Esi-Enabled
X-Amzn-Remapped-Date
X-StackifyID
X-Lb-Id
X-Men
X-Li-Proto
Cf-Device-Type
X-Amzn-Remapped-Connection
Source
X-Vcache
X-Dynatrace
X-Served-From
Server-Ttl
X-Rocket-Build-Number
X-Akamai-Pragma-Client-IP
Cache-Key
X-Sigma-Backend
X-Origin-Response-Time
X-Key
Kp-EeAlive
X-TH-Server
X-Sigma
X-Mobile-Rewrite
Content-Style-Type
X-Via-PopN
X-Parent-Response-Time
Content-Script-Type
X-Via-PopH
Cache-Provider
Expiry
X-Via-PopV
X-Request-URL
X-B3-SpanId
X-No-Cache
X-Geo-Region
X-Agile-Brick-Ok
X-Dispatch
X-ServiceProvider
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Tt-Logid
Location
X-Vgn-Hpd-Reason
X-WA
Origin-Cache-Control
Origin-Edge-Control
X-Batcache
X-Yottaa-OS
X-MiniProfiler-Ids
X-ElasticPress-Query
X-VC-Cache
Req-Svc-Chain
Proxy-Firewall
X-Instart-Info
Url
Tcn
X-BBC-Origin-Response-Status
X-B3-Parentspanid
Who
X-RateLimit-Limit
X-Akamai-Request-ID
HitType
X-HostName
Powered-By
Xkeyi7
X-RAMCache
X-Proxy-Cachei7
Inserted-Into-Cache-At
EpKe-Alive
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Hits
X-Varnish-Beresp-TTL
Content-Secure-Policy
X-Apw-Access-Action
X-PJAX-URL
Cf-Alt-Svc
X-Selected-Name
X-BACKEND-TTL
X-Selected-Scheme
X-Selected-Host-Header
URI
Cf-Ipcountry
Vha6-Origin
NnCoection
Xet-Cookie
X-Dw-Trace-Id
Dnion-Transfer-Encoding
X-Pf-Uncompressing
X-LiteSpeed-Tag
Mime-Version
X-C
X-Snapshot-Date
Fastcgi-Cache-TTL
PICS-Label
Pragrma
Resin-Trace