Threat Level: green Handler on Duty: Remco Verhoef

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
CF-RAY
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-UA-Compatible
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-Served-By
CF-Ray
X-Xss-Protection
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-Iinfo
P3p
X-Content-Security-Policy
X-AspNetMvc-Version
Status
Content-Encoding
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Cache-Group
X-Server
X-Backend
X-Hacker
X-Amz-Request-Id
X-Robots-Tag
X-Amz-Id-2
X-UA-Device
X-AH-Environment
Request-Context
X-Proxy-Cache
EagleId
X-Turbo-Charged-By
X-Server-Powered-By
X-Template
Server-Timing
X-Nginx-Cache-Status
X-Language
Grace
Host-Header
Report-To
X-Dns-Prefetch-Control
X-Rq
X-Page-Speed
Xkey
X-Ua-Compatible
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
X-Buckets
X-Vhost
X-Host
X-WebKit-CSP
X-Backend-Server
NEL
X-Dispatcher
X-Device
Surrogate-Control
X-Server-Id
X-Node
X-Ruxit-JS-Agent
Request-Id
Content-Location
Accept-CH-Lifetime
X-Response-Time
EagleEye-TraceId
Accept-CH
X-Cache-Lookup
X-Akam-SW-Version
X-Origin-Cache
X-Ac
Allow
X-Readtime
Rating
X-HW
X-Mod-Pagespeed
X-Country
X-Cloud-Trace-Context
X-Application-Context
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
Edge-Control
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-TtlSet
X-Vname
X-PC
X-MS-InvokeApp
X-Cnection
X-Country-Code
X-DataDome
X-Varnish-TTL
X-CST
X-GitHub-Request-Id
X-Content-Type
X-D2id
X-Clacks-Overhead
X-Trace
X-Server-Name
X-Middleton-Display
X-Sol
X-Middleton-Response
Response
Pagespeed
Display
X-Origin-Upstream-Status
X-Pinterest-Rid
Pinterest-Version
X-FastCGI-Cache
MS-Author-Via
X-Webkit-CSP
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
X-Vcap-Request-Id
X-Px
X-Abt-Application-Version
X-TTL
X-Rack-Cache
X-Navigation-Version
X-B3-TraceId
X-ESI
Service-Worker-Allowed
X-Url
Verso
X-Fastly-Request-ID
X-DynaTrace
Arr-Disable-Session-Affinity
X-Client-IP
X-Element-Page-Cache
X-Cached
X-Cache-TTL
X-FTR-Request-ID
X-Dw-Request-Base-Id
X-SharePointHealthScore
SPRequestGuid
X-VARITI-CCR
X-Cdn-Fetch
X-Exp-Variant
X-Kinja
X-Powered-By-Plesk
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja-Build
X-Goog-Hash
X-Exp-Id
X-Upstream
Fastly-Restarts
X-NF-Request-ID
AR-ATIME
AR-CACHE
AR-PoweredBy
AR-Request-ID
Ar-Sid
X-Debug
Content-MD5
X-MSEdge-Ref
X-Pinterest-Direct
SPIisLatency
X-Forwarded-Proto
SPRequestDuration
X-Powered-CMS
X-Version
Access-Control-Request-Method
X-Release
X-T
X-Amz-Rid
X-XRDS-Location
X-Jurisdiction
S
X-Content-Digest
X-Edge
TCN
RTSS
TP-Cache
TP-L2-Cache
Accept-Ch
Cache-Tag
X-Ezoic-Cdn
X-Litespeed-Cache
Public-Key-Pins
X-Cache-Key
Front-End-Https
X-Node-Name
X-Mid
X-MCACHE
X-Yandex-Sdch-Disable
Server-Node
X-Request-Processing-Time
X-Request-Received
X-Mg-S
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-Recruiting
X-Server-ID
X-B3-TraceId-Primal
X-Accel-Expires
X-HP-Webp
Mrf-Cache-Status
MRF-Tech
X-Amzn-Trace-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ttl
X-Ser
X-Kinsta-Cache
X-PressLabs-Stats
X-Grace
X-NWS-LOG-UUID
X-Microsite
X-Request-Handler-Origin-Region
X-ASPNET-VERSION
X-Origin-Server
Accept-Charset
X-Varnish-Age
X-Logged-In
ServerID
MicrosoftSharePointTeamServices
Cf-Bgj
X-DIS-Request-ID
X-Page-Id
Host
X-Ratelimit-Remaining
Edge-Cache-Tag
X-Shield-Request-Id
Nginx-Cache
X-Cache-Hit
X-ECACHE
X-Content-Security-Policy-Report-Only
X-Hits
X-B
Powered-By-ChinaCache
X-Hostname
Cache-Tags
X-F-Cache
X-Forwarded-For
X-Mobile-URL
X-LB-Cache
Cleartype
X-Respond-Thread
X-Az
X-Activity-Id
Accept-Ch-Lifetime
Realpath
X-AppVersion
X-Git-Hash
X-Cached-By
X-N
X-Ratelimit-Limit
X-Content-Options
X-Upgrade-Enabled
Alternate-Protocol
X-Kong-Proxy-Latency
X-Type
X-Kong-Upstream-Latency
X-Cache-Age
DynaTrace
X-Load-Cache
X-Rid
X-Jobs
X-Request-Guid
X-Varnish-Backend
Paypal-Debug-Id
X-App-Environment
X-Amz-Meta-S3cmd-Attrs
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend
X-FTR-Realm
X-FTR-Backend-Server
Fastcgi-Useragent
X-Country-Code-Real
Access-Control-Allow-Method
X-FTR-Expires
X-Seen-By
X-Proxy
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Correlation-ID
X-URL
X-Zen-Fury
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Stored-Content-Length
X-HS-Content-Id
X-HS-Cache-Config
X-FireWall-Port
X-HS-Hub-Id
X-HS-Combine-CSS
X-Akamai-Edgescape
X-B3-Sampled
Charset
Filterid
X-WebKit-CSP-Report-Only
X-FB-Debug
X-VCache
X-Daa-Tunnel
X-Varnish-Grace
X-IPLB-Instance
X-B-Cache
X-Signature
Filters
X-Mobile
X-Host-Name
X-Debug-Info
Healthy
X-AOL-HN
DC
X-Whom
MS-CV
X-Region
Viewport
AMP-Access-Control-Allow-Source-Origin
X-User-Agent
X-App-Server
X-Frontend
Liferay-Portal
Payment
X-Cache-Rule
X-Cache-Operation
X-Geo-Country
X-Original-Request-Id
X-Response-Served-From
X-Accel-Buffering
X-UUID
X-Distributor
X-Acc-Debug-Context
X-Instance
X-HTML-Minification-Powered-By
Surrogate-Key
X-FW-Serve
X-FW-Static
X-FW-Type
X-FW-Dynamic
X-Tumblr-Pixel-1
X-Rule
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Cache-Time
X-FW-Server
X-Cacheable-TTL
X-Tumblr-User
X-FW-Hash
X-Tumblr-Pixel-2
Refresh
X-Protected-By
X-Content-Powered-By
X-Amz-Replication-Status
X-Id
S-Cnection
X-Via-JSL
X-Rendered-As
X-Is-Bot
X-Cache-Expired-At
Section-Io-Cache
X-Wix-Request-Id
Content-Disposition
Version
X-Hyper-Cache
Nel
X-XRDS-LOCATION
GEO-INFO
X-App-Version
X-Sucuri-ID
X-Cache-Action
X-Backend-Name
X-Amz-Apigw-Id
X-Amzn-RequestId
Datacenter
X-Ah-Environment
X-Tec-Api-Version
X-Pinterest-Sli-Response-Type
X-Pinterest-Sli-Endpoint-Name
Server-Name
X-Pinterest-Sli-Latency-Threshold
X-Oneagent-Js-Injection
X-Tec-Api-Origin
CACHE
X-Tec-Api-Root
X-Endurance-Cache-Level
PB-PID
PB-RID
Arc-Version
Retry-After
X-Ua
X-Air-Hostname
X-Cache-Server
X-Source
X-Real-IP
X-EdgeConnect-Cache-Status
Eomportal-Instance
X-Framework
X-ProcessESI
X-L-Path
X-RemovedCookies
Referer-Policy
X-Environment-Context
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Varnish-Server
X-Sucuri-Cache
Frame-Options
X-Revision
X-Drupal-Cache-Contexts
Ms-Operation-Id
NGB
X-RTag
Webserver
X-Unique-Id
Countrycode
Akamai-Age-Ms
X-Cache-Control
X-RN-RSRV
Meta-Geo
X-Cache-Var
X-Proxy-Cache-Status
X-Cache-Var-Map
X-ES-SERVER
X-WA-Info
X-Drupal-Cache-Tags
X-Azure-Ref
X-Mode
X-ProxyCache-Key
X-ProxyCache-Status
X-DynaTrace-JS-Agent
X-Qloud-Router
X-GeoIP
Cache-Tv-Group
X-Cache-Host
X-Cache-TTL-Remaining
X-R9-Blue-Green-Version
X-Time-Microsecs
X-Xfnlog-Site
X-BYPASS-REASON
DB-Nickname
Ec-Rule-Version
Property-Id
Mn-Server-Ip
TWC-Device-Class
Cross-Origin-Window-Policy
TWC-Connection-Speed
X-Status
TWC-GeoIP-Country
X-NYM-Debug-Backend
X-OCL
X-LJ-Flow-ID
X-Labrador-Cache-Channel
X-Hosted-By
X-Human
X-Origin-Hint
X-PCL
X-VWS-Id
X-Hl-Ver
X-TNCMS
X-Server-W
X-PHP-Host
X-Redis-Cache
X-Handled-By
X-Loop
X-FW-Version
Webcakes-Region
Webcakes-App-Name
TWC-Privacy
TWC-GeoIP-LatLong
TWC-Locale-Group
X-Amzn-Remapped-Content-Length
Webcakes-App-Version
X-AWS-Id
X-Cluster
X-Zipkin-Id
X-Format
X-Via-Fastly
X-Be
X-No-Session
X-From
X-ServerID
X-Proto
X-FB-TRIP-ID
X-Site-Version
X-Proxy-Build
X-Proxied
Selected-Fe
X-Contextid
X-Detected-As
X-Locale
X-Section
X-Routing-Service
X-Timing-Wait
X-Access
X-TIME
X-Is-Crawler
X-Flags
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-NewRelic-App-Data
X-Route-Name
FSS-Cache
X-Adobe-Content
X-CDN-Forward
X-Adobe-Loc
Uber-Trace-Id
X-Correlation-Id
X-Cache-PHP
X-AIR-PT
X-Debug-Cache
X-TT
X-ATG-Version
X-Device-Type
X-Generated-By
X-PHP-Backend
X-Ratelimit-Reset
X-BCube-Filmed-By
X-Esi
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Cache-Spec
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Upgrade-Insecure-Requests
X-CSRF-Token
X-Varnish-Cache-Hits
Azure-Version
Azure-SlotName
X-NC
Azure-InstanceId
Azure-RegionName
Azure-SiteName
X-LLID
OT-Force-Account-Verify
Access-Control-Request-Headers
From-Origin
Cache
X-COUNTRY
X-UPSTREAM-Address
X-NCache
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Object-Type
X-Akamai-Transformed
X-GoCache-CacheStatus
X-Origin
X-Oss-Hash-Crc64ecma
X-Cache-2
SD-X-WS
X-CCM
X-Adobe-Source
X-JoinUs
X-Page-View
X-SaId
Powered
CF-Cached-On
X-Storefront-Renderer-Rendered
X-Varnishpool
X-Alternate-Cache-Key
Cache-Status
X-Sorting-Hat-ShopId
X-ShardId
X-Sorting-Hat-PodId
X-ShopId
X-LAGOON
X-Shopify-Stage
X-Cache-Grace
X-Forwarded-Host
X-ID
X-ApacheServer
X-PERF
X-Pubstack
X-Time
X-Backend-Host
X-FTR-Cache-Host
X-Soup
X-G
Country
X-Web-Node
X-SayCDN-TTL
X-Backend-TTL
Fastly-SSL
Decoy-Debug-Key
X-Storage
Decoy-Debug-TTL
X-Cluster-Name
Decoy-Debug-Status
X-Say-TTL
X-Say-Cacheable
SRV
Node
X-ECache
X-Ruxit-Js-Agent
X-IP
X-Cache-Enabled
X-TX-ID
X-Viewer-Country
X-NWS-UUID-VERIFY
X-Cdn
X-EC-Lua
X-A
X-External-Request-Id
Apple-News-Services-Request-Url
X-A-Dgt
X-CF-Lambda-Version
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Destination
X-A-Dcw
X-Connection-Hash
X-Cache-NE
Rendered-Blocks
Apple-News-Services-Handled
X-A-Dam
X-CF-Lambda-Fn
X-A-Ccd
X-GEO
X-A-Wwc
X-D
MD5-Digest
DCR-Decision-By
X-Session-Fingerprint
Machine
X-Aed
DCR-Processing-Time-Ms
X-S-Cookie
X-ScT
X-Trv-Group
X-Vtex-Remote-Cache
X-Vdms-Version
X-VG-WebCache
X-VG-WebServer
X-Vdms-Path
Host-ID
X-Application
X-ARC
X-S
X-Rojux
Meta-Geo-Continent
X-PAYTM-SRV-ID
X-PBS-Appsvrname
Fastcgi-X-Cache-Version
X-Tumblr-Pixel-3
X-B-Cookie
Mobile-Detection-Method
Xc-Version
X-APP-VERSION
X-Request-UUID
X-Rewrite-Enabled
X-Worker
X-RCS-CacheZone
X-Via-CDN
X-Processor
X-Vtex-Processado-Em
X-Varnish-Beresp-Status
X-Cache-Config
X-IPS-LoggedIn
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-Cache-Debug
X-Cache-Bucket
X-Core-Value
X-Clara-WADP
X-Cms-Context
CDN-CachedAt
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
CDN-RequestCountryCode
CDN-RequestId
X-Platform-Server
CDN-PullZone
X-Ms-Request-Id
X-Ms-Version
X-Auto-Login
CDN-EdgeStorageId
X-Servername
CDN-Uid
X-VG-TLSProxy
X-WADP-Cache
Gh-Request-Id
Fastly-SWR
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
CloudFront-Viewer-Country
X-Variation
Is-Eu
X-Varnish-CookieHashed-On
X-CUA
X-Microcachable
Platform
Fastly-SIE
X-Fmm-Version
X-Micro-Cache
Adler-Geo
X-Fastly-Cache
X-Envoy-Decorator-Operation
X-Fastcgi-Cache
CDN-Cache
X-DefElseHash
X-DefHash
X-Generation-Time
X-DPWN-IS-SECURE
Backend
X-Cache-Backend
X-B3-Traceid
X-UA
X-Bc-Bl
Origin
NM-Fastcgi-Cache
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
PFcat
L
Rt-Fastcgi-Cache
X-HS-Content-Campaign-Id
X-Owner
X-Policy
X-Request-Host
X-Request-Start
X-OVcl-Cache
X-OVcl
X-LI-UUID
X-Location
X-Method
X-Old-Content-Length
X-Skip-Cache
X-Slack-Backend
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Irp-Debug
X-Platform
X-Webstats-RespID
X-VarnishDD-TTL
X-SN
X-Thanos
X-Varnish-Cacheable
X-Li-Pop
X-Li-Fabric
X-Core-Mission
X-Developers
X-Dispatcher-Server
X-Esi-Check
X-Clientip
X-Cache-NGX
X-Bip
X-Branch-Name
X-Cache-Date
X-Fastly-Backend
X-Gamma-Serve
X-HN
X-Is-Gdpr
X-JWT-State
X-Level-Front-Cache
X-Hash
X-Has-Esi
X-Generated-On
X-Geo-Header
X-Gzip
X-Backend-State
X-Cache-Id
Akamai-GRN
CacheControlHeader
C-Via
Fastly-Drupal-HTML
AKAMAI
X-Varnish-Ttl
Fastly-Backend-Name
X-B3-Spanid
X-CS
Ha-Gx-Prefs
X-Twitter-Response-Tags
X-Content-Age
X-Transaction
HA-Ipaddr
X-Render-Time
Pagetype
L5d-Success-Class
X-PF-Uncompressing
X-Reqid
X-Eu-Site
X-Mvc-Supplant-Cachable
X-Cache-Tags
X-CGP
X-Csrf-Jwt
X-EIG-Tracking-Id
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
FSS-Proxy
X-Minions-Version
X-TA-CDN-Provider
X-Wa
X-Refresh
X-Cache-Remote
X-DC
X-Sql-Count
X-Sql-Duration-Ms
X-Aicache-OS
UCS
X-Amz-Meta-Cb-Modifiedtime
Country-Code
X-NODE
X-Accel-Expires-Debug
X-Date
X-Via-Poph
X-Via-Popn
Surrogated-Key
X-NGENIX-Cache
X-Hp-Webp
X-Ftr-Cache-Host
X-Presslabs-Stats
X-Req
X-Up
X-RateLimit-Remaining
X-LB-ID
X-Edge-Location
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
NGX
XServer
X-NU-AKA-ACS-Version
X-Www-Served-By
X-Dc
X-Nginx-Cache
Hostname
Ufe-Result
X-LI-Proto
X-S-Maxage
Group
X-Servedbyhost
X-Mvc-Supplant-OutputCached
HostName
Mail-Subject
Memcached
X-Debug-Cache-Fetch
X-Debug-Cache-Store
We-Hiring
X-Cache-URL
Cache-Hits
X-Cdn-Srv
X-Check-Cacheable
Protected
Time
X-Ua-Device
Edge-Copy-Time
X-Proxy-Upstream
X-SRV
X-Via-SSL
X-Via-Edge
Now
X-CACHE-AGE
ServedBy
X-FPC
X-Svr
X-Varnish-Hostname
On-Server
X-BC
X-ZONE
GeoIp-Country-Code
X-Request-Time
Geoip-Latitude
X-Agile-Age
X-Agile
X-Agile-Id
T-Server
X-Cdn-Forward
X-Acc-Rdl
X-FORWARDED-FOR
X-Pass-Why
X-LiteSpeed-Cache-Control
X-VCL-Version
X-CSRF-TOKEN
X-Cluster-Node
X-Srv
M-TraceId
X-UnsetCookies
Xserver
SID
X-MP-GENERATED-AT
X-Uri
X-Datadome
Pics-Label
Server-Host
N-Cache
X-Via-Popv
X-Cs
X-Dynatrace-Js-Agent
X-Bc
X-Varnish-Hits
X-Zone
WZWS-RAY
X-NGINX-Cache
X-Erf-Stays-Bingo-Pdp-Web
X-HS-Status
Section-Origin-Responded
Section-Io-Origin-Status
Arc-Country
X-CF-Powered-By
X-SB
X-APP
Section-Io-Id
Magicmarker
X-VC
ProcessTime
Section-Io-Origin-Time-Seconds
NtCoent-Length
Ohc-File-Size
X-Edge-Server
X-Info
Viewtype
Cdn-Request-Time
Apigw-Requestid
X-TT-LOGID
Cdn-Host
X-We-Are-Hiring
VivaBuild
User-Agent
Ohc-Cache-HIT
DSUID
Cache-Name
X-Via-Ucdn
Sid
Memory
Processtime
X-RunCloud-Cache
X-MSEdge-Features
X-UA-Device-Type
W
X-MSEdge-Flight
X-Action
User-Cache-Control
LB
X-Webkit-CSP-Report-Only
Odigeo-Trace-Id
Srv
Cteonnt-Length
X-Unique-ID
Tracecode
X-RSL
X-Oss-Cdn-Auth
X-DI
X-DSS
X-DW
X-Origin-Date
WWW-Authenticate
X-RPM
X-DB
X-RPS
X-HOST
CountryCode
Server-Info
X-Newrelic-App-Data
CF-IPCountry
S-Rt
Ssr
X-Vgn-Hpd-Ssi
X-Tb
WebServer
X-Vcl-Version
X-HITS
Lfy
Geo-Info
X-Pjax-Url
X-Magnolia-Registration
X-Cache-Hm
X-Cache-Hfrom
Amp-Access-Control-Allow-Source-Origin
CDN
X-Hit
X-Geo
A
X-Cache-ASPX
X-BBC-Edge-Cache-Status
X-API-Version
Web-Mar-Node
Vix-Hermes-Req-Id
X-BBXSRF
X-Block-Status
Sever-Int
IsBot
Locid
MIME-Version
Path
D-Cc-Upstream
Instruction
CDCHOST
X-Scheme
X-Cc-Via
X-Cc-Req-Id
Server-Ext
Server-Hostname
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
True-Client-Country-4JS
SR-User-Adfree
X-Cache-Expires
GeoIP-Latitude
GeoIP-Country-Code
Server-ID
V-Age
X-Loc
X-Cache-Info
X-Request-URI
X-Response-By
X-Newrelic-Synthetics
X-Origin-Time
X-Origin-Expires
X-Node-Id
X-Nyt-Route
X-Origin-CC
X-SD-PageType
X-Server-IP
X-User
X-Varnish-Authentication
X-Varnish-Url
X-VServer
X-Thinkindot-L3
X-SVT-ORM-VERSION
X-SIPLIST1
X-SRCache-Key
X-SVT-ORM-RULES
X-Nginx-Cache-Key
X-Origin-TTL
X-Fastly-Country-Code
X-Matched-Rule
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Gdpr
X-Hnp-Log
X-Contensis-Viewer-Groups
X-Developer
X-Gen-Mode
X-CACHE-KEY
X-Nc
X-Traceid
X-Trace-Id
X-Fetched-On
X-Device-Os
X-Swa-Ws
X-Var-Ttl
X-FC-Vary-Parameters
X-Cdn-Origin
X-NodeID
Cache-Host
X-Generated-In
Pramga
Cdn
X-GeoIP-City
X-Akamai-Request-ID2
X-Azure-Ref-OriginShield
Release
Lb
X-Fpc
X-Sn-Servicetimems
X-Provided-By
X-Epic-Correlation-Id
X-Via-NSCOPI
X-Envoy-Upstream-Healthchecked-Cluster
X-Cache-Tag
Cf-Device-Type
FNAC-ModuleRouting
X-ServedByHost
X-Lb-Id
X-Li-Proto
Source
X-Men
Accept-Language
X-Dynatrace
X-TH-Server
Esi-Enabled
X-Served-From
X-StackifyID
X-Origin-Response-Time
X-Amzn-Remapped-Date
X-Sigma
Kp-EeAlive
X-Sigma-Backend
X-Akamai-Pragma-Client-IP
Cache-Key
Server-Ttl
X-SERVER-NAME
X-Rocket-Build-Number
X-Amzn-Remapped-Connection
X-ORACLE-APMCS-REQUEST-ID
X-B3-SpanId
Actual-Object-TTL
X-Via-PopH
X-Via-PopN
X-Instart-Request-ID
X-Parent-Response-Time
X-Key
X-Via-PopV
Content-Style-Type
Cache-Provider
Expiry
Content-Script-Type
X-Request-URL
X-No-Cache
Url
X-WA
X-ElasticPress-Query
X-Vgn-Hpd-Reason
X-ServiceProvider
X-RateLimit-Limit-Second
X-Tt-Logid
Location
X-RateLimit-Remaining-Second
X-Agile-Brick-Ok
X-Yottaa-OS
Inserted-Into-Cache-At
X-MiniProfiler-Ids
X-Mobile-Rewrite
X-Batcache
Req-Svc-Chain
X-VC-Cache
X-Vcache
Tcn
X-Proxy-Cachei7
X-Akamai-Request-ID
Xkeyi7
X-Dispatch
X-Instart-Info
X-BBC-Origin-Response-Status
X-B3-Parentspanid
Content-Secure-Policy
EpKe-Alive
URI
Proxy-Firewall
X-Apw-Access-Token
X-Apw-Hits
Origin-Cache-Control
X-Apw-Access-Object
X-Apw-Access-Action
Who
X-PJAX-URL
X-RateLimit-Limit
X-Varnish-Beresp-TTL
Origin-Edge-Control
X-HostName
X-Geo-Region
X-BACKEND-TTL
X-Selected-Host-Header
X-Selected-Name
X-Selected-Scheme
X-TraceId
Vha6-Origin
PICS-Label
Resin-Trace
BehaviorPad-Version
Cf-Ipcountry
X-C
X-Dw-Trace-Id
Powered-By
X-Snapshot-Date
X-RAMCache
Cf-Alt-Svc
HitType
Xet-Cookie
Pragrma
Mime-Version
NnCoection