Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
Age
CF-RAY
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-Served-By
CF-Ray
X-Xss-Protection
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Request-ID
X-Generator
P3p
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
Upgrade
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Template
X-Language
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Backend
X-Dns-Prefetch-Control
X-Hacker
X-Cache-Group
X-AH-Environment
X-Server
X-Robots-Tag
X-Amz-Request-Id
X-UA-Device
EagleId
X-Amz-Id-2
X-Proxy-Cache
X-Buckets
X-Turbo-Charged-By
Request-Context
X-Server-Powered-By
Server-Timing
Host-Header
X-Nginx-Cache-Status
Grace
Report-To
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Cf-Railgun
Ali-Swift-Global-Savetime
Cf-Bgj
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Vhost
X-Amz-Version-Id
X-Host
X-WebKit-CSP
X-Dispatcher
X-Device
X-Backend-Server
X-Node
NEL
Surrogate-Control
X-Ruxit-JS-Agent
X-Cache-Lookup
X-Response-Time
Content-Location
X-Origin-Cache
Request-Id
X-Akam-SW-Version
X-Server-Id
X-ASPNET-VERSION
X-Ac
Accept-CH-Lifetime
X-Country
EagleEye-TraceId
Accept-CH
X-HW
X-Mod-Pagespeed
Rating
X-Readtime
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Cloud-Trace-Context
X-Application-Context
Pinterest-Generated-By
Edge-Control
X-Country-Code
X-Url
X-DataDome
X-PC
X-Vname
X-TtlSet
X-Varnish-TTL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Origin-Upstream-Status
X-Cnection
Allow
X-MS-InvokeApp
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Component-Id
X-D2id
X-GitHub-Request-Id
X-Content-Type
X-ESI
X-Clacks-Overhead
X-Server-Name
X-Abt-Application-Version
X-Navigation-Version
X-Trace
X-FTR-Request-ID
Pinterest-Version
X-Pinterest-Rid
Pagespeed
Display
X-Middleton-Display
X-Sol
X-Vcap-Request-Id
X-Middleton-Response
Response
X-Px
X-B3-TraceId
Verso
X-Rack-Cache
X-Webkit-CSP
X-Cached
X-DynaTrace
X-Fastly-Request-ID
X-Element-Page-Cache
Service-Worker-Allowed
MS-Author-Via
X-Client-IP
X-Cache-TTL
Arr-Disable-Session-Affinity
X-Dw-Request-Base-Id
X-Powered-By-Plesk
X-Upstream
Content-MD5
X-Version
AR-CACHE
AR-Request-ID
AR-ATIME
AR-PoweredBy
X-Forwarded-Proto
Ar-Sid
X-SharePointHealthScore
SPRequestGuid
X-TTL
Accept-Ch
X-NF-Request-ID
Fastly-Restarts
X-T
X-Debug
X-VARITI-CCR
X-Server-ID
X-Kinja
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Server
X-Kinja-Build
X-Exp-Variant
X-Kinja-Revision
X-Cdn-Fetch
X-Exp-Id
X-Jurisdiction
X-XRDS-Location
X-Goog-Hash
Access-Control-Request-Method
X-Powered-CMS
TP-Cache
TP-L2-Cache
X-FastCGI-Cache
X-MSEdge-Ref
X-Content-Digest
X-Release
X-Ttl
X-Edge
X-NWS-LOG-UUID
SPRequestDuration
S
SPIisLatency
TCN
X-CST
X-Amz-Rid
RTSS
Cache-Tag
X-PressLabs-Stats
X-Pinterest-Direct
Public-Key-Pins
X-Request-Processing-Time
X-Request-Received
Fastcgi-Cache
X-Ezoic-Cdn
X-Yandex-Sdch-Disable
X-Node-Name
X-MCACHE
X-Mid
Server-Node
X-Accel-Expires
Accept-Ch-Lifetime
X-Amzn-Trace-Id
Front-End-Https
X-Cache-Key
X-Logged-In
X-Ratelimit-Remaining
X-Cache-Hit
ServerID
X-Ser
X-Microsite
X-Request-Handler-Origin-Region
X-Recruiting
X-Kinsta-Cache
X-Origin-Server
X-Page-Id
Alternate-Protocol
Accept-Charset
Host
X-B
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ratelimit-Limit
X-Hostname
X-Mobile-URL
X-Varnish-Age
Nginx-Cache
X-Content-Security-Policy-Report-Only
X-ECACHE
X-FireWall-Port
Filterid
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-DC
X-DIS-Request-ID
X-FTR-Realm
X-Forwarded-For
X-FTR-Balancer
X-Shield-Request-Id
X-FTR-Expires
X-Mg-S
X-Seen-By
X-Content-Options
X-Load-Cache
X-Grace
Edge-Cache-Tag
X-Daa-Tunnel
X-Jobs
Realpath
Akamai-Age-Ms
X-LB-Cache
X-Amz-Server-Side-Encryption
X-F-Cache
X-Git-Hash
X-N
X-App-Environment
X-Type
X-Az
X-Hits
X-Activity-Id
X-AppVersion
X-Varnish-Backend
X-Varnish-Grace
X-Request-Guid
X-Rid
Paypal-Debug-Id
X-Id
X-HP-Webp
Fastcgi-Useragent
X-Proxy
X-Zen-Fury
MicrosoftSharePointTeamServices
DynaTrace
X-FB-Debug
Access-Control-Allow-Method
Cache-Tags
X-App-Server
X-Upgrade-Enabled
Cleartype
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-WebKit-CSP-Report-Only
X-Akamai-Edgescape
X-Geo-Country
Content-Disposition
X-Cached-By
X-Content-Powered-By
DC
X-Cache-Rule
X-Cache-Operation
X-Correlation-ID
X-Wix-Request-Id
X-Amz-Meta-S3cmd-Attrs
X-Host-Name
X-IPLB-Instance
X-User-Agent
X-Accel-Buffering
AMP-Access-Control-Allow-Source-Origin
X-Original-Request-Id
X-Response-Served-From
Powered-By-ChinaCache
X-HS-Content-Id
X-Endurance-Cache-Level
X-HS-Hub-Id
Healthy
X-HS-Cache-Config
X-HTML-Minification-Powered-By
X-Cache-Age
X-Goog-Metageneration
X-Goog-Generation
X-B-Cache
X-Goog-Storage-Class
X-Signature
X-Goog-Stored-Content-Length
X-HS-Combine-CSS
X-GUploader-UploadID
X-B3-Sampled
X-Goog-Stored-Content-Encoding
X-AOL-HN
X-VCache
NGB
X-Ua
X-Rendered-As
Payment
X-Is-Bot
X-UUID
X-Respond-Thread
X-Region
X-Distributor
MS-CV
X-Whom
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-Debug-Info
X-FW-Type
X-FW-Server
X-Cacheable-TTL
X-FW-Static
X-Cache-Time
X-Rule
Refresh
Datacenter
X-Instance
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Frontend
Countrycode
X-Mobile
Nel
X-XRDS-LOCATION
X-Varnish-Server
PB-PID
PB-RID
Surrogate-Key
Arc-Version
X-Fastcgi-Cache
X-Tec-Api-Origin
S-Cnection
X-Tec-Api-Root
X-Tec-Api-Version
X-Oneagent-Js-Injection
X-Backend-Name
X-Protected-By
X-Acc-Debug-Context
X-App-Version
X-PHP-Backend
X-Via-JSL
X-NewRelic-App-Data
Viewport
X-Azure-Ref
Liferay-Portal
X-Cache-Server
X-Hyper-Cache
Powered
X-Cache-Expired-At
X-Litespeed-Cache
Filters
X-Hp-Webp
Charset
X-Proxy-Cache-Status
X-WA-Info
Referer-Policy
X-Time
Retry-After
X-Cache-Control
X-Sucuri-ID
X-DynaTrace-JS-Agent
Section-Io-Cache
X-EdgeConnect-Cache-Status
X-Amz-Replication-Status
X-Source
X-Cache-Action
X-CSRF-Token
X-FB-TRIP-ID
X-RemovedCookies
Cache
X-ProcessESI
X-Cache-Var-Map
X-RN-RSRV
X-Cache-Var
X-ES-SERVER
X-GeoIP
X-Real-IP
Eomportal-Instance
Meta-Geo
X-Debug-Cache
X-Mode
X-Device-Type
X-From
X-R9-Blue-Green-Version
X-Qloud-Router
X-VWS-Id
X-LJ-Flow-ID
X-Time-Microsecs
X-Server-W
X-ProxyCache-Status
X-Human
X-Environment-Context
X-Yottaa-Optimizations
X-AWS-Id
Mn-Server-Ip
X-Yottaa-Metrics
X-BYPASS-REASON
X-Framework
X-L-Path
X-Cache-Host
X-Xfnlog-Site
X-ProxyCache-Key
Version
X-Revision
X-Ratelimit-Reset
X-FW-Version
X-RTag
X-Cluster
Cross-Origin-Window-Policy
X-OCL
FSS-Cache
X-Handled-By
Ms-Operation-Id
X-PCL
X-Origin-Hint
Uber-Trace-Id
X-Proxy-Build
X-Hl-Ver
Webcakes-App-Version
X-Loop
Ec-Rule-Version
Cache-Tv-Group
X-FTR-Cache-Host
TWC-GeoIP-Country
TWC-Device-Class
GEO-INFO
TWC-GeoIP-LatLong
X-Cache-TTL-Remaining
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
Webcakes-Region
TWC-Connection-Speed
X-Timing-Wait
Property-Id
X-Via-Fastly
X-TNCMS
Selected-Fe
X-BCube-Filmed-By
X-Amzn-Remapped-Content-Length
Frame-Options
X-Be
X-JoinUs
X-Locale
X-Detected-As
X-NYM-Debug-Backend
X-Redis-Cache
X-Status
X-Site-Version
X-ServerID
X-PHP-Host
X-Zipkin-Id
X-Labrador-Cache-Channel
X-Hosted-By
X-Generated-By
DB-Nickname
X-Routing-Service
X-SaId
X-Proxied
X-Air-Hostname
X-Proto
X-Access
X-Section
X-Format
X-No-Session
X-Unique-Id
From-Origin
X-ATG-Version
X-Cache-PHP
X-Correlation-Id
X-Drupal-Cache-Contexts
X-Varnish-Cache-Hits
X-NWS-UUID-VERIFY
Webserver
X-Sucuri-Cache
Server-Name
X-Contextid
X-TA-CDN-Provider
X-Drupal-Cache-Tags
X-NCache
X-Origin
X-CDN-Forward
X-EIG-Tracking-Id
CF-Cached-On
OT-Force-Account-Verify
X-AIR-PT
X-EC-Lua
X-IPS-LoggedIn
X-GoCache-CacheStatus
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Object-Type
X-Bc-Bl
X-Adobe-Content
X-Adobe-Loc
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-IP
X-Cache-Enabled
X-APP-VERSION
X-Akamai-Transformed
X-ECache
X-Vgn-Hpd-Variations-Key
X-NC
X-Backend-Host
X-Vgn-Hpd-Cached
X-TT
Azure-SiteName
Azure-SlotName
Azure-RegionName
Azure-Version
Azure-InstanceId
X-Ruxit-Js-Agent
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Cdn
X-Cache-Backend
X-TIME
X-URL
X-Tumblr-Pixel-3
X-CCM
Access-Control-Request-Headers
SD-X-WS
X-Cache-2
X-Adobe-Source
X-CACHE-AGE
Time
Node
Fastcgi-X-Cache-Version
DCR-Processing-Time-Ms
X-Vtex-Remote-Cache
X-VG-WebServer
X-G
X-Trv-Group
X-Processor
X-Twitter-Response-Tags
DCR-Decision-By
X-External-Request-Id
Apple-News-Services-Parsed-Url
X-S-Cookie
X-ScT
X-Shopify-Stage
X-Sorting-Hat-PodId
X-S
X-Rojux
X-ShopId
X-Request-UUID
X-Rewrite-Enabled
X-Sorting-Hat-ShopId
X-Vtex-Processado-Em
Host-ID
Apple-News-Services-Request-Url
X-Destination
X-RCS-CacheZone
Apple-News-Services-Host
Apple-News-Services-Handled
X-Soup
X-Storefront-Renderer-Rendered
X-Varnishpool
X-Transaction
X-Date
X-Accel-Expires-Debug
X-Vdms-Version
X-Up
X-Vdms-Path
X-Application
X-Cache-NE
X-Worker
X-A-Wwc
Xc-Version
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A
X-ARC
X-Connection-Hash
X-B-Cookie
X-Alternate-Cache-Key
Surrogated-Key
Machine
MD5-Digest
X-Aed
X-ShardId
X-CF-Lambda-Fn
Now
X-CF-Lambda-Version
Meta-Geo-Continent
Mobile-Detection-Method
Rendered-Blocks
X-VG-WebCache
X-PAYTM-SRV-ID
X-D
X-Backend-TTL
X-PBS-Appsvrname
X-A-Dgt
X-Forwarded-Host
X-UA
X-Cache-Grace
X-ApacheServer
X-PERF
X-Pubstack
X-NGENIX-Cache
X-Minions-Version
X-Cluster-Name
X-Microcachable
X-Cache-Config
X-Say-Cacheable
X-Say-TTL
X-Ms-Request-Id
X-SayCDN-TTL
X-Ms-Version
Fastly-SIE
X-Edge-Location
X-DPWN-IS-SECURE
X-Envoy-Decorator-Operation
Platform
Mail-Subject
NM-Fastcgi-Cache
Ufe-Result
X-Dispatcher-Server
X-CUA
X-Cache-Bucket
Wxu-Next-Region
Wxu-Next-Hostname
We-Hiring
Wxu-Next-Commit
Is-Eu
Fastly-SWR
CDN-CachedAt
CDN-EdgeStorageId
CDN-Cache
Adler-Geo
X-Viewer-Country
X-Web-Node
CDN-PullZone
CDN-RequestCountryCode
X-Generation-Time
X-Core-Value
CloudFront-Viewer-Country
X-Hash
CDN-RequestId
CDN-Uid
X-Storage
Fastly-SSL
X-Req
X-OVcl
X-Servername
X-SN
X-VG-TLSProxy
CACHE
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-OVcl-Cache
X-Variation
X-Varnish-Ttl
Cache-Status
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-Clientip
Ha-Gx-Prefs
X-TX-ID
HA-Ipaddr
X-Cms-Context
X-HN
Group
X-Fastly-Backend
X-Auto-Login
X-Thanos
X-Gamma-Serve
Fastly-Drupal-HTML
X-CGP
L
Gh-Request-Id
X-Cache-Tags
X-Backend-State
X-Fmm-Version
Rt-Fastcgi-Cache
X-Fastly-Cache
X-Clara-WADP
Upgrade-Insecure-Requests
X-VarnishDD-TTL
X-Varnish-Cacheable
X-Micro-Cache
X-Bip
X-Cache-NGX
X-WADP-Cache
X-Webstats-RespID
X-Cache-Date
Origin
X-Eu-Site
X-Ah-Environment
PFcat
L5d-Success-Class
Country-Code
X-Policy
X-LI-UUID
X-Method
X-Proxy-Upstream
X-Owner
X-Slack-Backend
X-Skip-Cache
X-Platform
X-Request-Start
X-Li-Pop
X-Core-Mission
Country
C-Via
CacheControlHeader
X-Reqid
X-Request-Host
X-Render-Time
X-Csrf-Jwt
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-Li-Fabric
Backend
Pagetype
X-Location
X-Esi
X-Developers
X-Amz-Meta-Cb-Modifiedtime
Memcached
Akamai-GRN
X-LAGOON
X-Cache-Id
X-Gzip
X-Irp-Debug
UCS
X-Esi-Check
X-Cache-URL
X-Cdn-Srv
X-HS-Content-Campaign-Id
X-Old-Content-Length
X-Platform-Server
AKAMAI
X-Level-Front-Cache
Fastly-Backend-Name
X-Has-Esi
X-Geo-Header
X-Generated-On
X-Wikidot-Static-Cache
X-Content-Age
X-JWT-State
X-Is-Gdpr
FSS-Proxy
X-Wikidot-Backend
X-CS
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Agile-Age
X-Agile-Id
X-Agile
X-Is-Crawler
X-DefHash
X-Mvc-Supplant-Cachable
X-Wa
X-Route-Name
X-UPSTREAM-Address
X-Varnish-CookieHashed-On
X-Flags
X-DefElseHash
HostName
X-NODE
X-Branch-Name
X-Aicache-OS
X-PF-Uncompressing
X-LB-ID
X-Refresh
X-BC
X-Instart-Request-ID
X-ZONE
X-RateLimit-Remaining
M-TraceId
X-Cache-Debug
X-Via-Poph
X-Session-Fingerprint
X-Via-Popn
X-Cdn-Forward
X-Dc
X-DC
X-Debug-Cache-Store
X-Mvc-Supplant-OutputCached
X-Servedbyhost
X-Ua-Device
X-LI-Proto
NGX
Arc-Country
X-Debug-Cache-Fetch
X-B3-Spanid
X-Edge-Server
Viewtype
X-Page-View
Cdn-Request-Time
Cdn-Host
X-Ftr-Cache-Host
VivaBuild
X-SERVER
X-GEO
X-RunCloud-Cache
X-Nginx-Cache
X-Request-Time
X-Via-Ucdn
Xserver
Srv
X-Zone
X-Bc
SRV
X-Varnish-Hostname
Hostname
X-APP
Actual-Object-TTL
X-ORACLE-APMCS-REQUEST-ID
Memory
X-Vgn-Hpd-Ssi
X-Action
X-Check-Cacheable
X-HS-Status
X-LiteSpeed-Cache-Control
X-DI
X-DSS
X-DW
X-RPM
X-DB
X-Cs
X-B3-Traceid
X-Via-CDN
X-Srv
X-NU-AKA-ACS-Version
X-RPS
X-VCL-Version
WWW-Authenticate
X-FPC
X-RSL
X-NGINX-Cache
X-Unique-ID
Geo-Info
WebServer
X-Datadome
X-Oss-Cdn-Auth
X-Sql-Count
X-Sql-Duration-Ms
X-UnsetCookies
X-MP-GENERATED-AT
X-Cluster-Node
X-Via-Popv
X-Geo
X-Vcache
X-CF-Powered-By
GeoIP-Country-Code
X-Dynatrace-Js-Agent
X-Pinterest-Sli-Endpoint-Name
X-Akamai-Request-ID2
X-Pinterest-Sli-Response-Type
X-Pinterest-Sli-Latency-Threshold
GeoIP-Latitude
Sid
GeoIp-Country-Code
Edge-Copy-Time
ProcessTime
X-Via-Edge
X-Via-SSL
Geoip-Latitude
X-Hit
X-CSRF-TOKEN
User-Agent
SID
X-SRV
Amp-Access-Control-Allow-Source-Origin
X-SERVER-NAME
XServer
Processtime
Apigw-Requestid
X-Epic-Correlation-Id
On-Server
X-Svr
X-We-Are-Hiring
W
NtCoent-Length
Server-Info
X-FORWARDED-FOR
X-Webkit-CSP-Report-Only
X-Www-Served-By
LB
Cache-Hits
ServedBy
X-Cache-Remote
X-CACHE-KEY
X-S-Maxage
X-FC-Vary-Parameters
X-HOST
X-Mobile-Rewrite
Ohc-File-Size
X-Envoy-Upstream-Healthchecked-Cluster
X-Presslabs-Stats
X-Fpc
X-Nc
T-Server
X-HITS
X-Cache-Hfrom
X-Vcl-Version
X-MSEdge-Features
CF-IPCountry
Esi-Enabled
X-Cache-Hm
Accept-Language
Server-Host
X-MSEdge-Flight
X-Fastly-Country-Code
Cdn
X-Pjax-Url
X-Tb
N-Cache
X-Pass-Why
S-Rt
Pics-Label
Cteonnt-Length
A
Magicmarker
Origin-Cache-Control
Origin-Edge-Control
X-Key
X-Varnish-Hits
X-COUNTRY
X-Dispatch
CDN
WZWS-RAY
X-SB
Proxy-Firewall
X-VC
Lb
X-ID
X-LLID
Ohc-Cache-HIT
Protected
X-Amzn-Remapped-Connection
X-Geo-Region
X-Info
X-Instart-Info
X-Amzn-Remapped-Date
Powered-By
X-B3-SpanId
X-Via-NSCOPI
X-StackifyID
X-ServedByHost
X-Li-Proto
HitType
X-Newrelic-App-Data
X-RAMCache
X-Dynatrace
X-Uri
X-TT-LOGID
Server-Ttl
X-Akamai-Pragma-Client-IP
Cache-Key
X-Served-From
User-Cache-Control
X-TH-Server
X-Newrelic-Synthetics
BehaviorPad-Version
Fastcgi-Cache-TTL
X-Generated
X-Cache-Tag
Tracecode
X-App
X-Erf-Bev-Bev-Is-Generated
X-Via-PopH
X-Via-PopN
X-LiteSpeed-Tag
X-Via-PopV
X-Lb-Id
X-Erf-Bev-Bev
Ssr
X-TrackingId
Cache-Provider
DSUID
Cache-Name
Section-Io-Origin-Time-Seconds
Odigeo-Trace-Id
Section-Io-Id
Section-Io-Origin-Status
X-Provided-By
X-Planisys-CDN-Cache
X-UA-Device-Type
X-Cache-Spec
X-Cc-Req-Id
X-Cc-Via
X-Men
Lfy
D-Cc-Upstream
X-Planisys-CDN-Rules
Dnion-Transfer-Encoding
X-Tt-Logid
X-WA
Section-Origin-Responded
Xet-Cookie
X-Batcache
X-Planisys-CDN-TTL
X-Erf-Stays-Bingo-Pdp-Web
X-Magnolia-Registration
X-Agile-Brick-Ok
X-Pf-Uncompressing
X-Path-Route
Tcn
X-GeoIP-City
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated-In
X-Gen-Mode
X-Fetched-On
X-Gdpr
X-Hnp-Log
X-Loc
X-VC-Cache
X-Matched-Rule
X-SD-PageType
X-VServer
X-Server-IP
X-ElasticPress-Query
X-Device-Os
X-Azure-Ref-OriginShield
X-BBC-Edge-Cache-Status
X-API-Version
Web-Mar-Node
Vix-Hermes-Req-Id
X-BBXSRF
X-Block-Status
X-Contensis-Viewer-Groups
X-Developer
X-Cache-Info
X-Cache-Expires
X-Cache-ASPX
X-ServiceProvider
X-Rocket-Build-Number
X-RateLimit-Remaining-Second
X-Swa-Ws
X-Thinkindot-L3
X-RateLimit-Limit-Second
X-Traceid
X-SVT-ORM-VERSION
X-Sigma-Backend
X-Request-URI
X-SIPLIST1
X-SRCache-Key
X-SVT-ORM-RULES
V-Age
X-Parent-Response-Time
X-Origin-TTL
X-Sigma
X-Nyt-Route
X-Node-Id
X-Nginx-Cache-Key
X-Varnish-Url
X-Origin-CC
X-Origin-Date
X-Var-Ttl
X-User
X-Varnish-Authentication
X-Origin-Time
X-Origin-Expires
X-Response-By
Cache-Host
CDCHOST
X-Yottaa-OS
FNAC-ModuleRouting
Instruction
Kp-EeAlive
IsBot
X-Scheme
X-Varnish-Beresp-TTL
X-Acc-Rdl
Who
True-Client-Country-4JS
Inserted-Into-Cache-At
X-HostName
X-RateLimit-Limit
Locid
Cf-Alt-Svc
Sever-Int
Server-ID
MIME-Version
Thinkindot-CacheControl
Thinkindot-Control
Thinkindot-CacheControl-Type
Server-Hostname
SR-User-Adfree
Path
Release
Pramga
Server-Ext
X-Selected-Host-Header
X-Selected-Scheme
CountryCode
X-Selected-Name
X-No-Cache
X-Sn-Servicetimems
X-MiniProfiler-Ids
Req-Svc-Chain
X-BBC-Origin-Response-Status
X-Trace-Id
X-Tid
Mime-Version
Vha6-Origin
X-C
X-Dw-Trace-Id
X-Proxy-Cachei7
X-Apw-Access-Object
X-Request-URL
X-NodeID
X-Apw-Hits
Source
X-Snapshot-Date
Resin-Trace
X-Cdn-Origin
X-Apw-Access-Token
X-Apw-Access-Action
X-PJAX-URL
X-Origin-Response-Time
Pragrma
PICS-Label
Content-Script-Type
X-Vgn-Hpd-Reason
Content-Style-Type
X-Pad