Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Pragma
Link
X-Powered-By
ETag
X-XSS-Protection
Expect-CT
CF-RAY
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-UA-Compatible
P3P
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-Served-By
CF-Ray
X-Timer
X-Download-Options
X-Xss-Protection
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Request-ID
X-Generator
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
Content-Encoding
Status
X-CDN
X-AspNetMvc-Version
P3p
X-Envoy-Upstream-Service-Time
Upgrade
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Cache-Group
X-Server
X-Backend
X-Amz-Request-Id
X-Hacker
X-Robots-Tag
X-Amz-Id-2
Request-Context
X-AH-Environment
X-Proxy-Cache
X-UA-Device
EagleId
X-Turbo-Charged-By
X-Dns-Prefetch-Control
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Grace
Host-Header
Report-To
X-Template
X-Rq
X-Language
Xkey
X-Page-Speed
X-Varnish-Cache
X-Ua-Compatible
X-OneAgent-JS-Injection
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-Vhost
X-Host
X-WebKit-CSP
X-Backend-Server
X-Buckets
X-Server-Id
NEL
X-Device
X-Dispatcher
Accept-CH-Lifetime
Surrogate-Control
Request-Id
X-Node
X-Ruxit-JS-Agent
Accept-CH
Content-Location
EagleEye-TraceId
X-Response-Time
X-Akam-SW-Version
Allow
X-Cache-Lookup
X-Ac
X-Origin-Cache
X-Readtime
X-Country
X-Mod-Pagespeed
Rating
X-HW
X-Application-Context
X-Cloud-Trace-Context
X-ORACLE-DMS-ECID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-CST
Edge-Control
X-MS-InvokeApp
Pinterest-Generated-By
X-Vname
X-TtlSet
X-PC
X-Cnection
X-Country-Code
X-ORACLE-DMS-RID
X-ASPNET-VERSION
X-DataDome
X-FastCGI-Cache
X-GitHub-Request-Id
X-Content-Type
X-Varnish-TTL
X-D2id
Display
X-Middleton-Response
X-Sol
X-Middleton-Display
Response
Pagespeed
X-Clacks-Overhead
MS-Author-Via
X-Trace
X-ESI
X-Server-Name
Pinterest-Version
X-Url
X-Pinterest-Rid
X-TTL
X-B3-TraceId
X-Origin-Upstream-Status
X-Vcap-Request-Id
X-Px
X-Rack-Cache
X-Navigation-Version
X-Abt-Application-Version
Service-Worker-Allowed
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
Verso
Arr-Disable-Session-Affinity
X-Client-IP
X-Cache-TTL
X-Webkit-CSP
X-Element-Page-Cache
X-Cached
X-Dw-Request-Base-Id
X-Fastly-Request-ID
X-FTR-Request-ID
SPRequestGuid
X-SharePointHealthScore
X-VARITI-CCR
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Revision
X-Exp-Variant
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Use-Magma
X-GoogleNews-Bot
X-Goog-Hash
X-DynaTrace
X-Pinterest-Direct
X-NF-Request-ID
X-Upstream
AR-CACHE
X-Powered-By-Plesk
AR-Request-ID
AR-PoweredBy
AR-ATIME
Fastly-Restarts
Ar-Sid
SPRequestDuration
SPIisLatency
X-Debug
X-MSEdge-Ref
Content-MD5
X-Powered-CMS
X-Release
X-Amz-Rid
Access-Control-Request-Method
X-Forwarded-Proto
X-Version
X-Jurisdiction
S
X-Edge
X-T
X-Content-Digest
TCN
X-XRDS-Location
RTSS
Public-Key-Pins
X-Ezoic-Cdn
TP-Cache
TP-L2-Cache
Cache-Tag
Front-End-Https
X-Mg-S
X-MCACHE
X-Mid
X-HP-Webp
X-Cache-Key
X-Node-Name
X-Amz-Server-Side-Encryption
Server-Node
X-Yandex-Sdch-Disable
X-Request-Received
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Fastcgi-Cache
X-Request-Processing-Time
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Recruiting
X-PressLabs-Stats
X-Grace
X-Accel-Expires
X-Amzn-Trace-Id
X-Kinsta-Cache
X-Ser
MicrosoftSharePointTeamServices
Accept-Ch
X-Litespeed-Cache
X-Microsite
X-Request-Handler-Origin-Region
X-Varnish-Age
X-Origin-Server
X-DIS-Request-ID
X-Ttl
Accept-Charset
X-NWS-LOG-UUID
X-Content-Security-Policy-Report-Only
ServerID
X-Shield-Request-Id
Edge-Cache-Tag
X-Forwarded-For
X-Logged-In
X-Page-Id
Powered-By-ChinaCache
Nginx-Cache
X-ECACHE
Host
X-Ratelimit-Remaining
X-Cache-Hit
X-Server-ID
Cache-Tags
Cleartype
X-LB-Cache
X-F-Cache
X-Az
X-Activity-Id
X-Respond-Thread
X-AppVersion
X-B
X-Hits
X-Hostname
X-N
X-Aspnetmvc-Version
X-Git-Hash
X-Mobile-URL
X-Upgrade-Enabled
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Cached-By
Realpath
X-Load-Cache
X-Cache-Age
X-Amz-Meta-S3cmd-Attrs
X-Content-Options
DynaTrace
X-Rid
X-App-Environment
X-Request-Guid
Paypal-Debug-Id
X-Ratelimit-Limit
X-Varnish-Backend
X-Type
Alternate-Protocol
Access-Control-Allow-Method
X-Oneagent-Js-Injection
X-Jobs
Fastcgi-Useragent
X-FTR-Realm
X-FTR-Balancer
X-FTR-DC
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Expires
X-WebKit-CSP-Report-Only
X-Seen-By
Charset
X-HS-Cache-Config
X-Proxy
X-HS-Content-Id
X-HS-Hub-Id
X-Goog-Storage-Class
X-Goog-Metageneration
X-HS-Combine-CSS
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Stored-Content-Encoding
Filters
X-B3-Sampled
X-Akamai-Edgescape
Viewport
X-VCache
Nel
X-IPLB-Instance
X-Zen-Fury
MS-CV
X-Whom
X-B-Cache
X-Mobile
X-Signature
Healthy
X-FB-Debug
X-Debug-Info
X-AOL-HN
X-Host-Name
X-Geo-Country
X-User-Agent
X-FireWall-Port
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Varnish-Grace
DC
Payment
X-Region
X-Daa-Tunnel
Liferay-Portal
Filterid
X-Original-Request-Id
AMP-Access-Control-Allow-Source-Origin
X-Correlation-ID
X-Accel-Buffering
X-Response-Served-From
X-Amz-Replication-Status
X-Id
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Cache-Rule
X-XRDS-LOCATION
X-Cache-Operation
X-Frontend
Accept-Ch-Lifetime
X-HTML-Minification-Powered-By
X-Tumblr-Pixel-1
X-UUID
X-Distributor
Surrogate-Key
X-Tumblr-Pixel-2
X-Tumblr-User
X-Rule
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Cache-Time
X-App-Server
X-Instance
X-Cacheable-TTL
Section-Io-Cache
Refresh
X-Protected-By
X-FW-Server
X-FW-Type
X-FW-Dynamic
X-FW-Static
S-Cnection
X-FW-Hash
X-FW-Serve
Version
X-Via-JSL
X-Cache-Spec
X-Content-Powered-By
X-Cache-Expired-At
CACHE
X-Cache-Action
X-Acc-Debug-Context
X-Hyper-Cache
X-Is-Bot
X-Backend-Name
X-Rendered-As
X-Wix-Request-Id
X-Ua
X-Sucuri-ID
Server-Name
GEO-INFO
X-Air-Hostname
Retry-After
X-Ah-Environment
Content-Disposition
X-Cache-Server
X-Amzn-RequestId
X-URL
X-Amz-Apigw-Id
X-Real-IP
Arc-Version
PB-PID
PB-RID
X-Endurance-Cache-Level
X-Pinterest-Sli-Response-Type
X-Correlation-Id
X-Framework
X-Pinterest-Sli-Latency-Threshold
X-Pinterest-Sli-Endpoint-Name
X-Source
Countrycode
Eomportal-Instance
X-RemovedCookies
X-ProcessESI
X-Environment-Context
X-Revision
X-L-Path
X-Yottaa-Optimizations
Webserver
Ms-Operation-Id
X-Yottaa-Metrics
X-RTag
Datacenter
X-Sucuri-Cache
X-EdgeConnect-Cache-Status
Frame-Options
X-Route-Name
X-Is-Crawler
X-Flags
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Drupal-Cache-Contexts
Referer-Policy
X-Unique-Id
X-LLID
X-DynaTrace-JS-Agent
X-Drupal-Cache-Tags
X-RN-RSRV
X-Cache-Var-Map
X-Varnish-Server
Meta-Geo
X-Cache-Var
X-NewRelic-App-Data
X-App-Version
X-ES-SERVER
X-Proxy-Cache-Status
Selected-Fe
X-Proxy-Build
X-ProxyCache-Key
X-ProxyCache-Status
X-BYPASS-REASON
X-Timing-Wait
X-Cache-Control
X-Hl-Ver
X-WA-Info
X-R9-Blue-Green-Version
X-Cache-Host
Cache-Tv-Group
X-Time-Microsecs
X-Handled-By
X-Adobe-Loc
X-Adobe-Content
X-Amzn-Remapped-Content-Length
X-Human
X-PHP-Host
X-Xfnlog-Site
Ec-Rule-Version
X-TT
X-ServerID
X-Labrador-Cache-Channel
X-Proto
X-Contextid
X-No-Session
X-Be
Cross-Origin-Window-Policy
X-Redis-Cache
X-Qloud-Router
TWC-GeoIP-Country
TWC-Device-Class
X-OCL
TWC-Connection-Speed
X-Loop
X-GeoIP
X-Locale
X-NYM-Debug-Backend
X-Cache-TTL-Remaining
X-LJ-Flow-ID
TWC-GeoIP-LatLong
Property-Id
DB-Nickname
X-Hosted-By
Webcakes-Region
NGB
X-FW-Version
TWC-Locale-Group
X-AWS-Id
X-Via-Fastly
X-Cluster
X-Server-W
X-Origin-Hint
X-FB-TRIP-ID
X-PCL
X-Azure-Ref
X-VWS-Id
Webcakes-App-Name
X-Mode
X-TNCMS
TWC-Privacy
Webcakes-App-Version
X-Site-Version
Akamai-Age-Ms
X-Detected-As
X-Status
X-AIR-PT
X-TIME
FSS-Cache
X-From
Mn-Server-Ip
X-Format
X-Proxied
X-Zipkin-Id
X-Routing-Service
X-Section
X-Access
X-Tt-Trace-Tag
X-Tt-Trace-Host
Upgrade-Insecure-Requests
X-CDN-Forward
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Device-Type
X-Debug-Cache
Uber-Trace-Id
X-Ratelimit-Reset
X-Cache-PHP
X-ATG-Version
X-Generated-By
X-BCube-Filmed-By
Azure-SiteName
Azure-SlotName
Azure-Version
Azure-InstanceId
X-NC
Azure-RegionName
X-UPSTREAM-Address
Access-Control-Request-Headers
X-CSRF-Token
X-Page-View
X-Varnish-Cache-Hits
X-PHP-Backend
Cache
OT-Force-Account-Verify
X-Akamai-Transformed
X-APP-VERSION
Cache-Status
SD-X-WS
From-Origin
X-Adobe-Source
X-CCM
X-GoCache-CacheStatus
X-NCache
X-G
X-Backend-TTL
X-Cluster-Name
X-Varnishpool
X-Cache-2
X-Oss-Request-Id
X-LAGOON
X-Oss-Server-Time
X-Oss-Object-Type
X-Origin
X-ShopId
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
SRV
X-Varnish-Ttl
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Soup
Country
X-Shopify-Stage
Cf-Bgj
X-Storefront-Renderer-Rendered
X-ShardId
X-Alternate-Cache-Key
X-Cache-Grace
X-Say-TTL
X-SayCDN-TTL
X-Forwarded-Host
X-Web-Node
X-Pubstack
X-Say-Cacheable
X-Backend-Host
Decoy-Debug-Status
X-ID
Fastly-SSL
X-Storage
X-Time
Decoy-Debug-Key
Decoy-Debug-TTL
X-Via-CDN
X-GEO
CF-Cached-On
X-ApacheServer
X-PERF
X-FTR-Cache-Host
X-ECache
X-Ruxit-Js-Agent
X-JoinUs
X-SaId
Node
X-TX-ID
X-Erf-Bev-Bev
X-Cache-Remote
X-Cache-Config
X-Erf-Bev-Bev-Is-Generated
X-EC-Lua
X-IP
Apple-News-Services-Handled
X-A-Dam
X-Request-UUID
X-RCS-CacheZone
X-Rewrite-Enabled
X-Rojux
X-S
X-Processor
X-PBS-Appsvrname
X-D
X-Destination
X-External-Request-Id
X-PAYTM-SRV-ID
X-S-Cookie
X-ScT
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Worker
Xc-Version
X-VG-WebServer
X-VG-WebCache
X-Session-Fingerprint
X-Trv-Group
X-Vdms-Path
X-Vdms-Version
X-CF-Lambda-Version
X-CF-Lambda-Fn
Machine
Host-ID
MD5-Digest
Meta-Geo-Continent
Mobile-Detection-Method
Gh-Request-Id
Fastcgi-X-Cache-Version
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
DCR-Decision-By
DCR-Processing-Time-Ms
Rendered-Blocks
X-A
X-ARC
X-Auto-Login
X-B-Cookie
X-Cache-NE
X-Application
X-Aed
X-A-Ccd
X-A-Dcw
X-A-Dgt
X-A-Wwc
Apple-News-Services-Host
X-Connection-Hash
X-B3-Spanid
X-Cache-Enabled
X-Viewer-Country
X-Bip
Powered
Platform
Is-Eu
X-Cache-Bucket
X-Clientip
X-CUA
X-Core-Value
X-Cms-Context
Fastly-SWR
X-Clara-WADP
X-Tumblr-Pixel-3
CDN-CachedAt
CDN-Cache
C-Via
Adler-Geo
CDN-EdgeStorageId
CDN-PullZone
CloudFront-Viewer-Country
CDN-Uid
CDN-RequestId
CDN-RequestCountryCode
Fastly-SIE
X-DefHash
X-SN
X-Servername
X-Request-Start
X-Request-Host
X-Thanos
X-Variation
X-WADP-Cache
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Irp-Debug
X-Generation-Time
X-Fastly-Cache
X-DPWN-IS-SECURE
X-Micro-Cache
X-Microcachable
X-Platform-Server
X-Platform
X-Ms-Version
X-Ms-Request-Id
X-DefElseHash
X-Fmm-Version
X-Sql-Duration-Ms
Backend
X-B3-Traceid
X-Sql-Count
X-Dispatcher-Server
X-Varnish-Beresp-Ttl
X-Envoy-Decorator-Operation
X-Gzip
X-Has-Esi
X-Geo-Header
X-Generated-On
X-Esi-Check
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Cache-Backend
X-Branch-Name
Pagetype
NM-Fastcgi-Cache
X-Cache-Date
X-Cache-Debug
X-Cache-Tags
X-Cache-NGX
X-Cache-Id
X-HS-Content-Campaign-Id
X-JWT-State
X-Fastly-Backend
Rt-Fastcgi-Cache
X-Webstats-RespID
X-VG-TLSProxy
X-Li-Fabric
X-Li-Pop
X-Owner
X-Old-Content-Length
X-LI-UUID
X-Skip-Cache
X-Reqid
X-Location
X-Level-Front-Cache
Fastly-Backend-Name
X-OVcl
X-OVcl-Cache
X-Render-Time
X-Policy
X-PF-Uncompressing
X-Is-Gdpr
X-Mvc-Supplant-Cachable
CacheControlHeader
AKAMAI
X-Esi
X-IPS-LoggedIn
X-Content-Age
X-Backend-State
X-Wikidot-Static-Cache
X-Gamma-Serve
Wxu-Next-Region
X-Slack-Backend
Wxu-Next-Commit
Wxu-Next-Hostname
X-Wikidot-Backend
X-Hash
X-Varnish-Cacheable
X-Eu-Site
X-Method
Akamai-GRN
X-HN
X-Developers
X-Csrf-Jwt
UCS
X-CGP
X-COUNTRY
X-VarnishDD-TTL
Fastly-Drupal-HTML
HA-Ipaddr
L5d-Success-Class
Origin
PFcat
Ha-Gx-Prefs
L
X-Www-Served-By
X-Dc
X-Core-Mission
FSS-Proxy
X-NWS-UUID-VERIFY
X-Bc-Bl
X-Refresh
Protected
Cache-Hits
XServer
X-Aicache-OS
X-S-Maxage
X-Transaction
X-NU-AKA-ACS-Version
X-SRV
X-Twitter-Response-Tags
X-Wa
X-NODE
X-Minions-Version
X-Ftr-Cache-Host
X-EIG-Tracking-Id
X-Check-Cacheable
X-RateLimit-Remaining
X-CS
NGX
X-Mvc-Supplant-OutputCached
Country-Code
X-DC
X-Amz-Meta-Cb-Modifiedtime
X-Oracle-Dms-Rid
X-UA
X-NGENIX-Cache
X-TA-CDN-Provider
On-Server
X-Date
X-Via-Popn
X-Via-Poph
HostName
X-LB-ID
X-Accel-Expires-Debug
Surrogated-Key
X-Svr
Hostname
X-Via-SSL
X-Request-Time
X-Servedbyhost
X-Debug-Cache-Store
X-Edge-Location
X-LI-Proto
X-FPC
We-Hiring
X-Debug-Cache-Fetch
X-Ua-Device
X-Req
ServedBy
Mail-Subject
X-Via-Edge
X-Erf-Stays-Bingo-Pdp-Web
X-Up
Edge-Copy-Time
X-Varnish-Hostname
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Variations-Key
X-CACHE-AGE
X-Cdn-Srv
X-Dynatrace
X-Cache-URL
GeoIp-Country-Code
Geoip-Latitude
Memcached
X-NGINX-Cache
X-Cs
X-Nginx-Cache
Ufe-Result
X-Pass-Why
X-Proxy-Upstream
T-Server
Group
X-Presslabs-Stats
X-Uri
X-Webkit-Csp
X-Fastcgi-Cache
Section-Io-Origin-Status
Section-Io-Id
Section-Io-Origin-Time-Seconds
Time
Section-Origin-Responded
Now
X-BC
WZWS-RAY
X-Cdn-Forward
Server-Host
X-ZONE
N-Cache
X-Varnish-Hits
X-Agile-Id
X-Acc-Rdl
X-VC
X-SB
Ohc-File-Size
X-VCL-Version
Pics-Label
X-Agile
X-Agile-Age
X-Cluster-Node
X-TT-LOGID
X-UnsetCookies
DSUID
X-Datadome
Ohc-Cache-HIT
X-Info
X-MP-GENERATED-AT
X-UA-Device-Type
Cache-Name
Magicmarker
X-Hp-Webp
X-CSRF-TOKEN
Xserver
X-LiteSpeed-Cache-Control
M-TraceId
X-Srv
X-CF-Powered-By
X-Origin-Date
X-HS-Status
SID
NtCoent-Length
User-Cache-Control
Odigeo-Trace-Id
X-Via-Popv
X-Dynatrace-Js-Agent
Tracecode
X-We-Are-Hiring
X-Bc
Processtime
Sid
X-Zone
User-Agent
S-Rt
X-MSEdge-Flight
X-HITS
X-MSEdge-Features
Ssr
X-APP
Apigw-Requestid
Arc-Country
W
ProcessTime
X-Magnolia-Registration
LB
X-CACHE-KEY
Cteonnt-Length
X-FORWARDED-FOR
Cdn-Request-Time
Cdn-Host
Server-Info
Lfy
VivaBuild
Viewtype
X-Edge-Server
CDN
X-Via-Ucdn
CF-IPCountry
X-HOST
Web-Mar-Node
X-API-Version
X-Cc-Req-Id
X-Gen-Mode
X-Loc
X-BBXSRF
X-Cc-Via
X-Cache-ASPX
X-Cache-Expires
X-Hnp-Log
X-Thinkindot-L3
X-Vcl-Version
D-Cc-Upstream
X-BBC-Edge-Cache-Status
Memory
X-Developer
X-Cache-Info
X-Gdpr
X-SVT-ORM-RULES
X-Request-URI
X-Origin-TTL
X-SRCache-Key
X-Contensis-Viewer-Groups
X-Node-Id
Thinkindot-Control
SR-User-Adfree
X-Origin-Expires
X-Origin-Time
X-Scheme
WWW-Authenticate
X-Server-IP
X-Nyt-Route
Path
X-SD-PageType
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Origin-CC
X-Action
X-Varnish-Authentication
X-Matched-Rule
X-RunCloud-Cache
X-Tb
X-VServer
X-Block-Status
X-SVT-ORM-VERSION
X-Response-By
Instruction
X-Fastly-Request-Id
Srv
IsBot
Sever-Int
Server-Ext
X-Azure-Ref-OriginShield
Release
Vix-Hermes-Req-Id
Pramga
X-Pjax-Url
Server-Hostname
V-Age
CDCHOST
MIME-Version
True-Client-Country-4JS
Cache-Host
X-Unique-ID
X-Cdn-Origin
CountryCode
X-DB
X-DI
X-Sn-Servicetimems
Locid
X-SIPLIST1
X-Swa-Ws
X-User
X-Trace-Id
X-Var-Ttl
X-Varnish-Url
Geo-Info
X-Oss-Cdn-Auth
Amp-Access-Control-Allow-Source-Origin
X-DSS
X-DW
X-GeoIP-City
X-Fetched-On
X-Cache-Hfrom
X-Cache-Hm
X-Device-Os
X-Goog-Meta-Goog-Reserved-File-Mtime
X-RPM
X-Nginx-Cache-Key
X-RPS
X-RSL
WebServer
X-Webkit-CSP-Report-Only
A
X-FC-Vary-Parameters
Server-ID
X-NodeID
X-Vgn-Hpd-Ssi
X-Newrelic-Synthetics
X-Generated-In
X-Browser-Type
Lb
GeoIP-Country-Code
X-Fastly-Country-Code
GeoIP-Latitude
Cf-Device-Type
X-Lb-Id
Source
X-Traceid
X-Newrelic-App-Data
X-Geo
X-Hit
X-Origin-Response-Time
X-Provided-By
Cdn
X-Fpc
X-Nc
X-Li-Proto
X-Via-NSCOPI
X-ServedByHost
X-Cache-Tag
X-Via-PopH
Expiry
X-Via-PopN
Server-Ttl
X-Men
X-Akamai-Request-ID2
FNAC-ModuleRouting
X-Via-PopV
X-Sigma-Backend
X-Akamai-Pragma-Client-IP
X-Epic-Correlation-Id
X-Sigma
X-Rocket-Build-Number
X-Envoy-Upstream-Healthchecked-Cluster
X-SERVER-NAME
Kp-EeAlive
Cache-Key
X-Vgn-Hpd-Reason
X-TH-Server
Url
X-Served-From
Accept-Language
X-Proxy-Cachei7
X-BBC-Origin-Response-Status
EpKe-Alive
Xkeyi7
X-Parent-Response-Time
X-MiniProfiler-Ids
Location
Content-Style-Type
X-WA
Cache-Provider
X-StackifyID
Content-Script-Type
X-No-Cache
BehaviorPad-Version
X-TraceId
Esi-Enabled
X-ND-Cache
X-Amzn-Remapped-Connection
X-Agile-Brick-Ok
X-VC-Cache
Req-Svc-Chain
X-B3-Parentspanid
Content-Secure-Policy
URI
X-Akamai-Request-ID
X-RateLimit-Limit-Second
X-Tt-Logid
X-ElasticPress-Query
X-ServiceProvider
X-Request-URL
X-RateLimit-Remaining-Second
X-B3-SpanId
X-Amzn-Remapped-Date
X-Yottaa-OS
Tcn
X-PJAX-URL
X-Apw-Access-Action
X-Apw-Access-Token
X-Apw-Hits
X-Apw-Access-Object
X-Varnish-Beresp-TTL
Inserted-Into-Cache-At
Who
Mime-Version
X-Key
X-TrackingId
X-HostName
X-RateLimit-Limit
X-Selected-Host-Header
X-Selected-Scheme
X-Selected-Name
Server-Id
Resin-Trace
DataCenter
X-Snapshot-Date
X-Litespeed-Cache-Control
Pragrma
X-ORACLE-APMCS-REQUEST-ID
Actual-Object-TTL
X-Instart-Request-ID
X-Batcache
X-C
NnCoection
PICS-Label
Xet-Cookie
Vha6-Origin