Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
CF-RAY
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-Served-By
CF-Ray
X-Xss-Protection
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
P3p
X-Kinja-Server-Push
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
Upgrade
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Template
X-Language
Keep-Alive
X-Via
X-Dns-Prefetch-Control
X-Ws-Request-Id
Feature-Policy
X-Age
X-Backend
X-Cache-Group
X-Hacker
X-Server
X-Robots-Tag
X-Amz-Request-Id
X-UA-Device
X-Amz-Id-2
EagleId
X-Proxy-Cache
X-AH-Environment
X-Turbo-Charged-By
Request-Context
X-Server-Powered-By
X-Buckets
Server-Timing
X-Nginx-Cache-Status
Host-Header
Grace
Report-To
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Ali-Swift-Global-Savetime
Cf-Bgj
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Vhost
X-Amz-Version-Id
X-Host
X-Dispatcher
X-Backend-Server
X-Device
X-Node
NEL
X-WebKit-CSP
X-Ruxit-JS-Agent
Surrogate-Control
X-Cache-Lookup
X-Response-Time
Content-Location
Request-Id
X-Origin-Cache
X-Server-Id
X-Akam-SW-Version
X-Ac
X-ASPNET-VERSION
Accept-CH-Lifetime
X-Country
EagleEye-TraceId
X-HW
X-Mod-Pagespeed
Rating
X-Readtime
Accept-CH
X-Cloud-Trace-Context
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Application-Context
Pinterest-Generated-By
Edge-Control
X-Country-Code
X-Url
X-TtlSet
X-PC
X-Vname
X-Varnish-TTL
X-EdgeConnect-Origin-MEX-Latency
Allow
X-EdgeConnect-MidMile-RTT
X-Cnection
X-Webkit-CSP
X-Origin-Upstream-Status
X-DataDome
X-MS-InvokeApp
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Content-Id
X-GitHub-Request-Id
X-Content-Type
X-D2id
X-ESI
X-Clacks-Overhead
X-Server-Name
X-Trace
X-Abt-Application-Version
X-Vcap-Request-Id
X-FTR-Request-ID
Response
X-Middleton-Response
Pinterest-Version
X-Middleton-Display
Pagespeed
Display
X-Pinterest-Rid
X-Sol
X-Navigation-Version
X-B3-TraceId
X-Px
Accept-Ch
Verso
X-Rack-Cache
X-Cached
X-DynaTrace
X-Element-Page-Cache
X-Fastly-Request-ID
Service-Worker-Allowed
MS-Author-Via
X-Client-IP
X-Cache-TTL
Arr-Disable-Session-Affinity
X-Dw-Request-Base-Id
X-Powered-By-Plesk
X-TTL
X-Upstream
Content-MD5
X-Version
X-SharePointHealthScore
SPRequestGuid
AR-PoweredBy
AR-CACHE
AR-ATIME
AR-Request-ID
Ar-Sid
X-Forwarded-Proto
Fastly-Restarts
X-NF-Request-ID
X-Debug
X-T
X-VARITI-CCR
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Exp-Variant
X-Kinja
X-Exp-Id
X-Cdn-Fetch
X-Goog-Hash
X-XRDS-Location
X-Jurisdiction
X-FastCGI-Cache
Access-Control-Request-Method
X-Server-ID
X-Powered-CMS
TP-Cache
TP-L2-Cache
X-CST
X-MSEdge-Ref
X-Content-Digest
X-Release
X-Edge
SPRequestDuration
SPIisLatency
S
X-Ttl
TCN
X-Amz-Rid
X-NWS-LOG-UUID
RTSS
Cache-Tag
X-Pinterest-Direct
X-PressLabs-Stats
Public-Key-Pins
X-Ezoic-Cdn
Fastcgi-Cache
X-Node-Name
X-Request-Received
X-Request-Processing-Time
X-Yandex-Sdch-Disable
Server-Node
X-Cache-Key
X-MCACHE
X-Mid
X-Accel-Expires
Front-End-Https
X-Amzn-Trace-Id
Accept-Ch-Lifetime
X-Logged-In
X-Ratelimit-Remaining
X-Cache-Hit
ServerID
X-Ser
X-Request-Handler-Origin-Region
X-Microsite
X-Recruiting
X-Kinsta-Cache
X-Origin-Server
X-Page-Id
Alternate-Protocol
Accept-Charset
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
Host
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-B
X-Content-Security-Policy-Report-Only
X-Varnish-Age
X-Ratelimit-Limit
X-Mobile-URL
X-Hostname
Filterid
X-Shield-Request-Id
X-Forwarded-For
X-Ah-Environment
X-Country-Code-Real
X-FTR-Realm
X-Grace
X-FireWall-Port
X-DIS-Request-ID
Nginx-Cache
X-FTR-DC
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-Mg-S
X-FTR-Expires
X-Content-Options
Edge-Cache-Tag
X-Seen-By
X-Amz-Server-Side-Encryption
X-Load-Cache
Realpath
X-Jobs
X-LB-Cache
X-F-Cache
X-Hits
X-N
X-Git-Hash
X-Activity-Id
X-AppVersion
X-Az
X-Type
X-Daa-Tunnel
X-App-Environment
X-ECACHE
X-Request-Guid
X-Varnish-Backend
X-HP-Webp
X-Varnish-Grace
MicrosoftSharePointTeamServices
Akamai-Age-Ms
Paypal-Debug-Id
X-Rid
Fastcgi-Useragent
DynaTrace
X-Zen-Fury
X-Proxy
Access-Control-Allow-Method
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Cache-Tags
X-Id
Nel
X-FB-Debug
Cleartype
X-Upgrade-Enabled
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-App-Server
X-WebKit-CSP-Report-Only
X-Cached-By
X-Akamai-Edgescape
X-Geo-Country
Content-Disposition
DC
X-Cache-Operation
X-Cache-Rule
X-Content-Powered-By
X-Amz-Meta-S3cmd-Attrs
Powered-By-ChinaCache
X-IPLB-Instance
X-Cache-Age
X-User-Agent
X-Wix-Request-Id
X-Host-Name
X-HS-Hub-Id
X-Correlation-ID
X-HS-Content-Id
X-HS-Cache-Config
X-Accel-Buffering
X-HS-Combine-CSS
X-Goog-Generation
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Response-Served-From
X-Original-Request-Id
X-Ua
X-HTML-Minification-Powered-By
X-B3-Sampled
X-B-Cache
X-AOL-HN
Healthy
X-Signature
X-Whom
NGB
MS-CV
X-VCache
X-Respond-Thread
X-Endurance-Cache-Level
Payment
X-Region
X-Debug-Info
X-Is-Bot
X-Rendered-As
X-Distributor
X-UUID
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Serve
AMP-Access-Control-Allow-Source-Origin
X-Cache-Time
X-FW-Dynamic
X-FW-Hash
X-Cacheable-TTL
X-Instance
X-Frontend
X-Rule
Datacenter
Refresh
X-Mobile
Countrycode
X-Tumblr-Pixel-2
X-Tumblr-Pixel
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel-1
X-App-Version
Surrogate-Key
PB-PID
Arc-Version
X-Varnish-Server
PB-RID
S-Cnection
X-XRDS-LOCATION
X-Acc-Debug-Context
X-Backend-Name
X-Protected-By
X-Fastcgi-Cache
X-Via-JSL
Liferay-Portal
X-Tec-Api-Version
X-PHP-Backend
X-Oneagent-Js-Injection
Viewport
X-Tec-Api-Origin
X-Tec-Api-Root
Filters
X-NewRelic-App-Data
X-Hyper-Cache
Charset
X-Azure-Ref
X-Cache-Expired-At
X-Cache-Server
X-Proxy-Cache-Status
X-Litespeed-Cache
Powered
X-WA-Info
Retry-After
Section-Io-Cache
X-Hp-Webp
Referer-Policy
X-Time
X-Cache-Control
X-Cache-Action
X-Source
X-Amz-Replication-Status
X-DynaTrace-JS-Agent
X-Sucuri-ID
X-EdgeConnect-Cache-Status
X-CSRF-Token
X-GeoIP
Eomportal-Instance
X-FB-TRIP-ID
X-ProcessESI
X-Cache-Var-Map
X-Cache-Var
X-Real-IP
X-ES-SERVER
Version
X-RemovedCookies
X-RN-RSRV
Meta-Geo
X-Mode
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Framework
X-R9-Blue-Green-Version
X-Qloud-Router
X-From
X-Environment-Context
X-Device-Type
X-L-Path
X-Debug-Cache
GEO-INFO
X-Correlation-Id
X-Human
X-Time-Microsecs
X-LJ-Flow-ID
X-Xfnlog-Site
X-Cache-Host
X-VWS-Id
Cache
X-ProxyCache-Key
X-Revision
X-BYPASS-REASON
X-AWS-Id
X-RTag
Mn-Server-Ip
Ms-Operation-Id
X-ProxyCache-Status
Uber-Trace-Id
X-Server-W
X-Loop
X-Timing-Wait
X-Air-Hostname
Frame-Options
X-Proxy-Build
X-TNCMS
X-Origin-Hint
X-PCL
X-OCL
X-Cache-TTL-Remaining
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
Property-Id
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
X-Cluster
Selected-Fe
X-FW-Version
X-Handled-By
Cache-Tv-Group
Cross-Origin-Window-Policy
Ec-Rule-Version
X-JoinUs
X-Ratelimit-Reset
X-Amzn-Remapped-Content-Length
X-Be
X-Hl-Ver
X-Detected-As
X-Proto
X-Proxied
X-NYM-Debug-Backend
X-Locale
X-Routing-Service
X-Zipkin-Id
X-Status
DB-Nickname
X-Labrador-Cache-Channel
X-PHP-Host
X-Site-Version
X-Hosted-By
X-BCube-Filmed-By
X-ServerID
X-SaId
X-Section
X-Generated-By
X-Format
X-Access
X-Unique-Id
X-Redis-Cache
X-Via-Fastly
FSS-Cache
X-FTR-Cache-Host
Server-Name
From-Origin
X-No-Session
X-Cache-PHP
X-ATG-Version
X-Sucuri-Cache
X-Drupal-Cache-Contexts
X-Varnish-Cache-Hits
X-TA-CDN-Provider
X-ECache
X-Contextid
Webserver
X-Drupal-Cache-Tags
X-NWS-UUID-VERIFY
X-Origin
X-NCache
X-CDN-Forward
OT-Force-Account-Verify
X-EIG-Tracking-Id
CF-Cached-On
X-Adobe-Content
X-Adobe-Loc
X-AIR-PT
X-IPS-LoggedIn
X-GoCache-CacheStatus
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Storage-Class
X-Bc-Bl
X-Oss-Hash-Crc64ecma
X-Cache-Enabled
X-IP
X-TT
X-NC
X-EC-Lua
X-Akamai-Transformed
Azure-SlotName
Azure-Version
Azure-SiteName
VIX-Pulpo-Upstream-Status
X-Backend-Host
VIX-Pulpo-Node
Azure-InstanceId
Azure-RegionName
CACHE
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Variations-Key
X-Tumblr-Pixel-3
X-Ruxit-Js-Agent
SD-X-WS
X-Cache-2
X-CCM
X-Cache-Backend
X-Adobe-Source
Access-Control-Request-Headers
X-URL
X-Shopify-Stage
X-ShardId
X-ShopId
X-Backend-TTL
X-Sorting-Hat-PodId
X-Cdn
X-TIME
X-Storefront-Renderer-Rendered
X-Soup
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
Node
X-VG-WebCache
MD5-Digest
X-Vdms-Version
Meta-Geo-Continent
Mobile-Detection-Method
X-ARC
X-ScT
X-VG-WebServer
X-Trv-Group
X-Up
X-Twitter-Response-Tags
X-Vdms-Path
DCR-Processing-Time-Ms
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-S-Cookie
Apple-News-Services-Handled
Xc-Version
X-PERF
X-Forwarded-Host
X-Varnishpool
X-Cache-Grace
Apple-News-Services-Request-Url
Fastcgi-X-Cache-Version
Host-ID
Machine
X-Vtex-Remote-Cache
X-Worker
DCR-Decision-By
X-Pubstack
X-ApacheServer
X-Vtex-Processado-Em
X-Transaction
X-PAYTM-SRV-ID
X-Connection-Hash
X-A-Dgt
X-PBS-Appsvrname
X-CF-Lambda-Version
X-RCS-CacheZone
X-Processor
X-D
X-Date
X-A
X-G
X-External-Request-Id
X-A-Ccd
X-A-Dam
X-Destination
X-A-Dcw
X-CF-Lambda-Fn
X-A-Wwc
X-B-Cookie
Surrogated-Key
X-Aed
X-Rojux
X-Application
X-S
Rendered-Blocks
X-Request-UUID
X-Accel-Expires-Debug
X-Cache-NE
X-Rewrite-Enabled
X-APP-VERSION
Time
X-Storage
X-Web-Node
X-Viewer-Country
X-Cache-Config
Cache-Status
X-Say-Cacheable
X-CACHE-AGE
Fastly-SSL
X-Cluster-Name
X-Say-TTL
X-SayCDN-TTL
X-Envoy-Decorator-Operation
X-CUA
X-Dispatcher-Server
X-Edge-Location
Adler-Geo
X-Cache-Bucket
X-DPWN-IS-SECURE
CDN-CachedAt
Mail-Subject
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
Is-Eu
Fastly-SWR
X-OVcl-Cache
Fastly-SIE
X-VG-TLSProxy
X-Req
X-SN
X-Servername
NM-Fastcgi-Cache
Ufe-Result
X-Variation
We-Hiring
X-OVcl
X-NGENIX-Cache
Platform
CDN-EdgeStorageId
CDN-Cache
X-Ms-Request-Id
X-Hash
X-Minions-Version
CDN-PullZone
CDN-RequestCountryCode
Wxu-Next-Commit
X-Ms-Version
Wxu-Next-Region
CloudFront-Viewer-Country
CDN-RequestId
CDN-Uid
X-Generation-Time
Wxu-Next-Hostname
Upgrade-Insecure-Requests
X-Datadome
Now
Decoy-Debug-Key
X-Varnish-Beresp-Grace
Decoy-Debug-Status
Decoy-Debug-TTL
X-Varnish-Beresp-Ttl
X-UA
X-Varnish-Beresp-Status
X-Micro-Cache
X-Cache-Tags
X-Clientip
X-CGP
CacheControlHeader
X-Cms-Context
X-Csrf-Jwt
X-Varnish-Ttl
X-Core-Value
X-Core-Mission
X-Cache-NGX
C-Via
X-Auto-Login
HA-Ipaddr
L
Ha-Gx-Prefs
Group
Gh-Request-Id
Country-Code
L5d-Success-Class
X-Backend-State
X-Eu-Site
Rt-Fastcgi-Cache
Origin
X-Bip
X-LI-UUID
X-TX-ID
X-Varnish-Cacheable
X-Thanos
X-Slack-Backend
X-Fastly-Backend
Country
X-Clara-WADP
X-Webstats-RespID
X-WADP-Cache
X-Fmm-Version
X-Fastly-Cache
X-Request-Start
X-Skip-Cache
X-Method
X-Microcachable
Fastly-Drupal-HTML
X-Li-Pop
X-Li-Fabric
X-Request-Host
X-Owner
X-Proxy-Upstream
X-Render-Time
X-Reqid
X-Policy
X-Platform
X-Is-Crawler
X-Providence-Cookie
X-Route-Name
X-Flags
X-Aspnet-Duration-Ms
Backend
X-LAGOON
PFcat
X-Developers
X-Gamma-Serve
Pagetype
X-Content-Age
X-VarnishDD-TTL
X-Wikidot-Static-Cache
X-Generated-On
X-Has-Esi
AKAMAI
X-Level-Front-Cache
UCS
X-JWT-State
X-HN
X-Is-Gdpr
X-Old-Content-Length
X-Platform-Server
X-Gzip
X-Esi-Check
X-Cdn-Srv
X-HS-Content-Campaign-Id
X-Irp-Debug
X-Amz-Meta-Cb-Modifiedtime
Fastly-Backend-Name
X-Wikidot-Backend
X-Cache-URL
X-Cache-Date
Memcached
X-CS
X-Cache-Id
Akamai-GRN
X-UPSTREAM-Address
X-Esi
X-Geo-Header
X-DefElseHash
X-DefHash
FSS-Proxy
X-Wa
X-Mvc-Supplant-Cachable
X-Location
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Branch-Name
X-Aicache-OS
X-PF-Uncompressing
X-Refresh
X-Agile-Id
X-LB-ID
X-Agile-Age
X-Agile
X-NODE
HostName
X-Via-Popn
X-Via-Poph
X-Cache-Debug
X-Session-Fingerprint
X-Instart-Request-ID
X-DC
X-RateLimit-Remaining
M-TraceId
X-BC
X-Mvc-Supplant-OutputCached
X-Page-View
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-ZONE
NGX
X-Servedbyhost
X-LI-Proto
X-Ftr-Cache-Host
X-Dc
X-Cdn-Forward
X-Ua-Device
Xserver
X-Zone
X-Bc
X-GEO
Arc-Country
X-Nginx-Cache
SRV
X-Request-Time
Viewtype
VivaBuild
X-B3-Spanid
Cdn-Request-Time
Cdn-Host
X-Edge-Server
X-SERVER
X-Pinterest-Sli-Latency-Threshold
X-Pinterest-Sli-Response-Type
X-Pinterest-Sli-Endpoint-Name
X-Via-Ucdn
X-Varnish-Hostname
X-RunCloud-Cache
Hostname
Srv
X-Via-CDN
X-LiteSpeed-Cache-Control
X-HS-Status
X-Check-Cacheable
WebServer
Memory
X-ORACLE-APMCS-REQUEST-ID
X-APP
Actual-Object-TTL
X-NU-AKA-ACS-Version
X-VCL-Version
X-Vgn-Hpd-Ssi
X-Action
X-UnsetCookies
X-Sql-Duration-Ms
X-Sql-Count
X-Srv
X-DB
X-Cluster-Node
X-Via-Popv
X-RPM
X-B3-Traceid
X-Cs
WWW-Authenticate
X-RPS
X-DSS
X-DI
X-RSL
X-DW
X-MP-GENERATED-AT
X-FPC
Amp-Access-Control-Allow-Source-Origin
Geo-Info
X-Unique-ID
X-NGINX-Cache
GeoIP-Country-Code
X-Via-Edge
GeoIP-Latitude
X-Via-SSL
ProcessTime
X-SRV
Edge-Copy-Time
X-Oss-Cdn-Auth
X-Hit
X-Geo
SID
X-Vcache
X-Dynatrace-Js-Agent
Sid
On-Server
X-Www-Served-By
X-We-Are-Hiring
X-Akamai-Request-ID2
Apigw-Requestid
X-Cache-Remote
Geoip-Latitude
X-Svr
X-CF-Powered-By
GeoIp-Country-Code
ServedBy
Server-Info
X-CSRF-TOKEN
LB
User-Agent
XServer
X-S-Maxage
X-SERVER-NAME
Cache-Hits
Processtime
W
X-Epic-Correlation-Id
X-LLID
X-FORWARDED-FOR
X-Webkit-CSP-Report-Only
NtCoent-Length
X-ID
T-Server
X-Fpc
X-FC-Vary-Parameters
X-Mobile-Rewrite
X-Pass-Why
Ohc-File-Size
X-HOST
X-MSEdge-Features
X-Envoy-Upstream-Healthchecked-Cluster
X-Tb
N-Cache
X-Presslabs-Stats
X-Nc
CF-IPCountry
S-Rt
X-Pjax-Url
Cdn
X-MSEdge-Flight
X-HITS
Esi-Enabled
X-Vcl-Version
X-Fastly-Country-Code
Accept-Language
X-Cache-Hfrom
Server-Host
X-Cache-Hm
Pics-Label
X-Varnish-Hits
X-VC
Cteonnt-Length
A
Magicmarker
WZWS-RAY
X-SB
X-Key
Origin-Edge-Control
Origin-Cache-Control
Protected
X-COUNTRY
X-CACHE-KEY
CDN
X-Info
X-Dispatch
Lb
Proxy-Firewall
Ohc-Cache-HIT
Powered-By
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Instart-Info
X-B3-SpanId
X-Geo-Region
X-Via-NSCOPI
X-Uri
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-ServedByHost
X-Li-Proto
X-RAMCache
X-Newrelic-App-Data
HitType
User-Cache-Control
X-Erf-Stays-Bingo-Pdp-Web
X-TT-LOGID
X-StackifyID
Tracecode
X-Dynatrace
X-Generated
X-Served-From
Fastcgi-Cache-TTL
Ssr
X-TH-Server
Server-Ttl
BehaviorPad-Version
Cache-Key
X-Akamai-Pragma-Client-IP
X-Newrelic-Synthetics
DSUID
X-App
Section-Io-Origin-Status
X-Cache-Tag
X-Provided-By
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-UA-Device-Type
Section-Io-Id
Odigeo-Trace-Id
X-Cache-Spec
Cache-Provider
Cache-Name
X-Cc-Req-Id
Lfy
X-TrackingId
X-Magnolia-Registration
X-Acc-Rdl
D-Cc-Upstream
X-Via-PopN
X-LiteSpeed-Tag
X-Lb-Id
X-Via-PopH
X-Via-PopV
X-Cc-Via
Pramga
X-Response-By
Path
MIME-Version
Locid
X-API-Version
Web-Mar-Node
V-Age
Vix-Hermes-Req-Id
Thinkindot-Control
Server-ID
X-Request-URI
Server-Ext
Server-Hostname
Sever-Int
SR-User-Adfree
Release
Thinkindot-CacheControl-Type
X-SD-PageType
Thinkindot-CacheControl
True-Client-Country-4JS
X-Cache-Info
X-Origin-CC
X-Gen-Mode
X-Gdpr
X-Fetched-On
X-Origin-Date
Kp-EeAlive
X-Generated-In
X-GeoIP-City
X-Matched-Rule
X-Hnp-Log
X-Nginx-Cache-Key
X-Node-Id
X-Nyt-Route
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Origin-Expires
X-Origin-Time
X-Cache-Expires
X-Loc
X-Cache-ASPX
X-RateLimit-Remaining-Second
X-BBXSRF
X-Block-Status
X-RateLimit-Limit-Second
X-Contensis-Viewer-Groups
X-Device-Os
X-ElasticPress-Query
X-Origin-TTL
X-Developer
X-Parent-Response-Time
X-BBC-Edge-Cache-Status
X-SVT-ORM-RULES
IsBot
Xet-Cookie
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Thinkindot-L3
X-Path-Route
X-Rocket-Build-Number
X-WA
X-VServer
X-VC-Cache
X-Yottaa-OS
X-Varnish-Authentication
X-Batcache
X-Varnish-Url
X-No-Cache
X-Var-Ttl
X-Agile-Brick-Ok
X-Traceid
X-User
X-Planisys-CDN-TTL
X-Swa-Ws
X-Sigma
CDCHOST
FNAC-ModuleRouting
X-ServiceProvider
X-Men
X-Server-IP
X-Scheme
X-Tt-Logid
X-Sigma-Backend
Dnion-Transfer-Encoding
X-SVT-ORM-VERSION
Cache-Host
X-SRCache-Key
X-SIPLIST1
Instruction
Tcn
X-RateLimit-Limit
X-BBC-Origin-Response-Status
Inserted-Into-Cache-At
Req-Svc-Chain
X-Pf-Uncompressing
X-HostName
X-Cdn-Origin
Who
X-Azure-Ref-OriginShield
X-Sn-Servicetimems
X-Varnish-Beresp-TTL
X-NodeID
X-Trace-Id
Cf-Alt-Svc
X-Selected-Scheme
CountryCode
X-Selected-Name
X-Selected-Host-Header
X-Apw-Access-Action
X-MiniProfiler-Ids
Mime-Version
X-C
Pragrma
X-Dw-Trace-Id
X-Origin-Response-Time
X-Proxy-Cachei7
X-Tid
Vha6-Origin
X-Pad
X-PJAX-URL
PICS-Label
X-Apw-Hits
X-Request-URL
Source
X-Snapshot-Date
X-Apw-Access-Token
X-Apw-Access-Object
Content-Script-Type
Content-Style-Type
X-Vgn-Hpd-Reason
Resin-Trace