Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
CF-RAY
Via
Age
X-XSS-Protection
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-Served-By
CF-Ray
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
P3p
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Template
X-Dns-Prefetch-Control
X-Language
X-Backend
X-Cache-Group
X-Hacker
X-Amz-Request-Id
X-Server
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
EagleId
X-UA-Device
X-Proxy-Cache
Request-Context
X-Turbo-Charged-By
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Grace
Host-Header
Report-To
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Buckets
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-Vhost
X-Host
X-WebKit-CSP
X-Backend-Server
NEL
X-Dispatcher
X-Device
X-Server-Id
X-Node
Surrogate-Control
X-Ruxit-JS-Agent
Accept-CH-Lifetime
Content-Location
X-Response-Time
Request-Id
Accept-CH
X-Cache-Lookup
X-Akam-SW-Version
X-Origin-Cache
EagleEye-TraceId
X-Ac
Cf-Bgj
X-ASPNET-VERSION
X-Readtime
Rating
X-HW
X-Mod-Pagespeed
Allow
X-Country
X-Cloud-Trace-Context
X-Application-Context
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Edge-Control
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-TtlSet
X-DataDome
X-Country-Code
X-PC
X-Vname
X-Cnection
X-Varnish-TTL
X-MS-InvokeApp
X-Content-Type
X-Origin-Upstream-Status
X-GitHub-Request-Id
X-Url
X-Clacks-Overhead
X-D2id
X-Trace
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Template-Id
X-Middleton-Display
X-Sol
Display
Pagespeed
Response
X-Middleton-Response
X-Pinterest-Rid
Pinterest-Version
X-Server-Name
X-Abt-Application-Version
X-B3-TraceId
X-Vcap-Request-Id
X-Px
X-CST
X-Rack-Cache
X-Navigation-Version
MS-Author-Via
Verso
Service-Worker-Allowed
X-DynaTrace
X-FTR-Request-ID
X-Fastly-Request-ID
X-Cached
X-Element-Page-Cache
X-Client-IP
X-ESI
Arr-Disable-Session-Affinity
X-Cache-TTL
X-Webkit-CSP
X-FastCGI-Cache
X-Dw-Request-Base-Id
X-Powered-By-Plesk
SPRequestGuid
X-TTL
X-SharePointHealthScore
X-Upstream
X-VARITI-CCR
Fastly-Restarts
X-Kinja-Server
AR-ATIME
AR-CACHE
X-Kinja-Revision
X-Goog-Hash
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Build
X-Use-Magma
AR-PoweredBy
X-NF-Request-ID
AR-Request-ID
X-Kinja
Ar-Sid
Content-MD5
X-Debug
X-Version
X-Forwarded-Proto
X-MSEdge-Ref
X-Powered-CMS
X-XRDS-Location
X-T
Access-Control-Request-Method
X-Jurisdiction
X-Pinterest-Direct
SPIisLatency
SPRequestDuration
X-Release
X-Amz-Rid
X-Content-Digest
S
X-Ttl
X-Edge
TP-Cache
TP-L2-Cache
TCN
RTSS
Cache-Tag
X-Ezoic-Cdn
Public-Key-Pins
X-Node-Name
X-Yandex-Sdch-Disable
X-Cache-Key
X-MCACHE
X-Mid
Fastcgi-Cache
Server-Node
Front-End-Https
X-Request-Received
X-Request-Processing-Time
Accept-Ch
X-NWS-LOG-UUID
X-Accel-Expires
X-Amzn-Trace-Id
X-Recruiting
X-Ser
X-Kinsta-Cache
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Mg-S
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Microsite
X-PressLabs-Stats
X-Request-Handler-Origin-Region
X-Amz-Server-Side-Encryption
X-Logged-In
X-Origin-Server
X-Grace
ServerID
X-Ratelimit-Remaining
Accept-Charset
X-Cache-Hit
X-Page-Id
X-Litespeed-Cache
X-HP-Webp
X-Varnish-Age
Host
X-DIS-Request-ID
X-Content-Security-Policy-Report-Only
X-ECACHE
Nginx-Cache
X-Shield-Request-Id
Edge-Cache-Tag
X-B
X-Hostname
MicrosoftSharePointTeamServices
X-Mobile-URL
X-Hits
Alternate-Protocol
X-Server-ID
X-F-Cache
X-Ratelimit-Limit
Realpath
X-LB-Cache
X-Git-Hash
X-Content-Options
X-Activity-Id
X-Az
X-AppVersion
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-FTR-DC
X-FTR-Realm
X-Country-Code-Real
X-FTR-Cache-Status
X-N
Cache-Tags
X-FTR-Expires
X-Load-Cache
X-Seen-By
X-Type
X-Request-Guid
X-App-Environment
X-Jobs
X-Cache-Age
Paypal-Debug-Id
X-Varnish-Backend
Cleartype
X-Rid
Powered-By-ChinaCache
X-Cached-By
DynaTrace
Fastcgi-Useragent
X-FireWall-Port
X-Kong-Proxy-Latency
X-Forwarded-For
X-Kong-Upstream-Latency
X-Upgrade-Enabled
X-TEC-API-VERSION
Filterid
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-WebKit-CSP-Report-Only
Access-Control-Allow-Method
X-Correlation-ID
X-Amz-Meta-S3cmd-Attrs
X-Zen-Fury
X-Respond-Thread
X-Proxy
X-Varnish-Grace
X-Akamai-Edgescape
X-FB-Debug
X-Daa-Tunnel
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Generation
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Combine-CSS
X-B3-Sampled
X-App-Server
X-IPLB-Instance
DC
X-Signature
X-B-Cache
X-Host-Name
X-Cache-Operation
X-Debug-Info
X-Cache-Rule
X-AOL-HN
X-Geo-Country
X-Id
X-Whom
MS-CV
X-User-Agent
Healthy
X-Region
X-Response-Served-From
X-Accel-Buffering
Charset
X-Original-Request-Id
X-Mobile
X-Frontend
AMP-Access-Control-Allow-Source-Origin
X-Content-Powered-By
Payment
X-VCache
X-Instance
Filters
X-HTML-Minification-Powered-By
X-FW-Static
X-FW-Type
X-Cache-Time
X-FW-Server
X-Cacheable-TTL
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-UUID
X-Rule
X-Distributor
X-Wix-Request-Id
Content-Disposition
X-Tumblr-User
Surrogate-Key
Liferay-Portal
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
Refresh
Accept-Ch-Lifetime
X-Tumblr-Pixel
X-Acc-Debug-Context
Viewport
X-Rendered-As
X-Is-Bot
X-Protected-By
Akamai-Age-Ms
X-Via-JSL
S-Cnection
X-Ua
X-Endurance-Cache-Level
X-Amzn-RequestId
X-Amz-Apigw-Id
Datacenter
X-App-Version
X-Amz-Replication-Status
X-Backend-Name
X-Cache-Expired-At
X-Hyper-Cache
GEO-INFO
PB-PID
Arc-Version
PB-RID
Nel
X-XRDS-LOCATION
X-Esi
NGB
Section-Io-Cache
X-URL
X-Cache-Action
Countrycode
Version
X-Ah-Environment
X-Cache-Server
X-Oneagent-Js-Injection
X-Varnish-Server
Retry-After
X-Tec-Api-Origin
X-Sucuri-ID
X-Tec-Api-Root
X-Tec-Api-Version
X-Unique-Id
X-Source
Referer-Policy
Server-Name
X-EdgeConnect-Cache-Status
Eomportal-Instance
X-Air-Hostname
X-RemovedCookies
X-Environment-Context
X-ProcessESI
X-Framework
X-Real-IP
X-L-Path
Frame-Options
X-Yottaa-Metrics
X-Revision
X-Azure-Ref
X-WA-Info
X-Yottaa-Optimizations
X-Cache-Control
X-Proxy-Cache-Status
CACHE
X-RTag
X-Fastcgi-Cache
Ms-Operation-Id
X-ES-SERVER
Meta-Geo
X-Drupal-Cache-Contexts
X-PHP-Backend
X-RN-RSRV
X-Cache-Var-Map
X-NewRelic-App-Data
X-Cache-Var
X-GeoIP
X-From
X-Mode
X-Sucuri-Cache
X-R9-Blue-Green-Version
X-Qloud-Router
X-DynaTrace-JS-Agent
X-Cache-Host
X-BYPASS-REASON
Cache-Tv-Group
X-ProxyCache-Key
X-ProxyCache-Status
X-Time-Microsecs
X-Xfnlog-Site
X-Cache-TTL-Remaining
X-CDN-Forward
X-Hosted-By
X-OCL
X-Server-W
X-Human
Ec-Rule-Version
Mn-Server-Ip
X-FW-Version
X-Origin-Hint
Cross-Origin-Window-Policy
X-Labrador-Cache-Channel
Webcakes-App-Name
X-VWS-Id
TWC-Connection-Speed
X-TNCMS
X-PHP-Host
TWC-Locale-Group
X-Loop
DB-Nickname
TWC-GeoIP-LatLong
TWC-Device-Class
X-Status
X-Cluster
TWC-GeoIP-Country
Webcakes-App-Version
Webcakes-Region
X-LJ-Flow-ID
Property-Id
TWC-Privacy
X-AWS-Id
X-PCL
X-Drupal-Cache-Tags
X-Timing-Wait
X-Proto
X-Hl-Ver
X-Handled-By
X-Redis-Cache
X-NYM-Debug-Backend
X-Proxy-Build
X-Amzn-Remapped-Content-Length
X-Proxied
X-Zipkin-Id
X-Detected-As
X-FB-TRIP-ID
X-Site-Version
Selected-Fe
X-Locale
X-Routing-Service
X-Via-Fastly
X-ServerID
X-Access
X-No-Session
X-Format
X-Section
X-Be
Uber-Trace-Id
X-Pinterest-Sli-Endpoint-Name
X-Pinterest-Sli-Response-Type
X-Contextid
X-Debug-Cache
X-Pinterest-Sli-Latency-Threshold
X-Device-Type
X-Cache-PHP
X-ATG-Version
X-BCube-Filmed-By
X-Ratelimit-Reset
X-Generated-By
FSS-Cache
Powered
X-Time
X-Correlation-Id
X-Adobe-Loc
From-Origin
X-Varnish-Cache-Hits
X-CSRF-Token
X-Adobe-Content
Webserver
X-AIR-PT
X-NC
X-FTR-Cache-Host
X-SaId
X-JoinUs
Azure-RegionName
Azure-InstanceId
Azure-Version
Azure-SlotName
Cache
X-NCache
X-TIME
Azure-SiteName
CF-Cached-On
X-TT
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Oss-Request-Id
X-Oss-Server-Time
X-Tt-Trace-Host
X-Oss-Object-Type
OT-Force-Account-Verify
X-Tt-Trace-Tag
X-Origin
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Providence-Cookie
X-Flags
X-Route-Name
X-GoCache-CacheStatus
X-Akamai-Transformed
Upgrade-Insecure-Requests
Access-Control-Request-Headers
X-COUNTRY
X-Hp-Webp
SD-X-WS
X-Adobe-Source
X-CCM
X-Cache-2
X-NWS-UUID-VERIFY
X-Backend-Host
X-IP
X-Backend-TTL
X-ShardId
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-IPS-LoggedIn
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Alternate-Cache-Key
X-ShopId
X-LAGOON
X-Forwarded-Host
X-Soup
X-ApacheServer
X-Cache-Enabled
X-PERF
X-Pubstack
X-Cache-Grace
X-Web-Node
Decoy-Debug-Key
X-Storage
X-UPSTREAM-Address
X-TA-CDN-Provider
Cache-Status
X-Varnishpool
X-SayCDN-TTL
Fastly-SSL
X-Cluster-Name
X-Say-Cacheable
X-EC-Lua
Decoy-Debug-TTL
X-Say-TTL
Decoy-Debug-Status
Node
X-APP-VERSION
X-ECache
X-G
X-Viewer-Country
X-Bc-Bl
X-TX-ID
Country
X-Ruxit-Js-Agent
X-RCS-CacheZone
X-Processor
X-Request-UUID
X-Tumblr-Pixel-3
Fastcgi-X-Cache-Version
X-Destination
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
X-Rojux
X-External-Request-Id
Apple-News-Services-Request-Url
X-D
DCR-Processing-Time-Ms
X-PBS-Appsvrname
X-PAYTM-SRV-ID
DCR-Decision-By
X-Connection-Hash
X-Rewrite-Enabled
X-Vdms-Path
Meta-Geo-Continent
Mobile-Detection-Method
X-S
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Worker
Machine
X-Trv-Group
X-Cache-Backend
X-A-Dgt
X-A-Dcw
X-Cache-NE
Rendered-Blocks
X-A-Dam
X-A-Ccd
X-Application
X-A-Wwc
Xc-Version
MD5-Digest
X-ARC
X-VG-WebServer
X-A
X-Vtex-Remote-Cache
X-EIG-Tracking-Id
X-ScT
X-Vtex-Processado-Em
X-VG-WebCache
X-S-Cookie
X-Vdms-Version
X-Aed
Host-ID
X-B-Cookie
X-Cache-Config
X-Cdn
X-Varnish-CookieHashed-On
X-Page-View
X-Variation
X-WADP-Cache
X-Varnish-Remaining-TTL
X-Auto-Login
X-Fmm-Version
X-VG-TLSProxy
X-DefHash
Adler-Geo
X-Varnish-CookieINHashed-On
X-Fastly-Cache
X-DefElseHash
X-Cache-Bucket
X-Ms-Version
Is-Eu
X-DPWN-IS-SECURE
X-Rebelmouse-Surrogate-Control
X-Servername
X-Platform-Server
X-Rebelmouse-Cache-Control
Fastly-SIE
Fastly-SWR
X-Clara-WADP
Gh-Request-Id
X-Envoy-Decorator-Operation
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Transaction
X-Twitter-Response-Tags
X-Micro-Cache
CDN-CachedAt
CDN-Cache
X-CUA
Platform
X-Ms-Request-Id
CDN-EdgeStorageId
CDN-Uid
CloudFront-Viewer-Country
CDN-RequestId
CDN-RequestCountryCode
CDN-PullZone
Backend
X-Dispatcher-Server
Wxu-Next-Region
X-Cache-NGX
X-Cms-Context
Country-Code
X-Core-Mission
L
Fastly-Backend-Name
X-Clientip
Fastly-Drupal-HTML
NM-Fastcgi-Cache
C-Via
X-Bip
X-Backend-State
Wxu-Next-Commit
Akamai-GRN
Rt-Fastcgi-Cache
Origin
X-Cache-Id
Wxu-Next-Hostname
X-Li-Fabric
X-Method
X-Minions-Version
X-LI-UUID
X-Request-Host
X-Platform
X-Li-Pop
X-Slack-Backend
X-Varnish-Cacheable
X-Thanos
X-SN
X-Owner
X-OVcl-Cache
X-Old-Content-Length
X-OVcl
X-Core-Value
X-CS
X-Wikidot-Backend
X-Generation-Time
X-Fastly-Backend
X-Wikidot-Static-Cache
X-Microcachable
X-Esi-Check
X-Gzip
X-Skip-Cache
X-Policy
X-Request-Start
X-Irp-Debug
X-HS-Content-Campaign-Id
X-Webstats-RespID
X-Hash
X-Render-Time
X-UA
X-DC
X-LLID
L5d-Success-Class
X-Varnish-Ttl
X-Generated-On
X-Cache-Date
X-Branch-Name
SRV
PFcat
X-Gamma-Serve
HA-Ipaddr
X-Level-Front-Cache
X-HN
X-Geo-Header
X-Cache-Tags
X-VarnishDD-TTL
Ha-Gx-Prefs
X-Mvc-Supplant-Cachable
X-Content-Age
X-Session-Fingerprint
X-Amz-Meta-Cb-Modifiedtime
CacheControlHeader
X-JWT-State
X-Developers
X-Eu-Site
X-Has-Esi
AKAMAI
X-Is-Gdpr
X-Cache-Debug
X-Csrf-Jwt
X-Reqid
X-CGP
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-Date
X-GEO
X-Wa
X-Accel-Expires-Debug
UCS
Pagetype
X-Location
Surrogated-Key
X-Presslabs-Stats
X-NGENIX-Cache
X-Up
X-Req
FSS-Proxy
X-Edge-Location
X-LB-ID
X-B3-Spanid
X-Refresh
X-Via-CDN
Time
X-PF-Uncompressing
X-Via-Poph
X-Via-Popn
X-Cdn-Srv
X-Cache-URL
Ufe-Result
Memcached
Group
Now
We-Hiring
Mail-Subject
X-FORWARDED-FOR
X-NODE
X-Aicache-OS
X-Proxy-Upstream
X-Mvc-Supplant-OutputCached
X-ID
Hostname
X-Nginx-Cache
X-Ftr-Cache-Host
NGX
X-Servedbyhost
X-B3-Traceid
X-RateLimit-Remaining
X-LI-Proto
X-Sql-Count
X-Sql-Duration-Ms
X-BC
X-Agile
X-Agile-Id
X-ZONE
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-SRV
X-Cache-Remote
X-Agile-Age
HostName
X-Datadome
X-Cache-Spec
X-Varnish-Hostname
X-NU-AKA-ACS-Version
X-Ua-Device
X-CACHE-AGE
X-Dc
X-Check-Cacheable
M-TraceId
X-FPC
X-Request-Time
X-Www-Served-By
Xserver
X-SERVER
X-S-Maxage
Cache-Hits
WebServer
X-VCL-Version
X-Via-Edge
X-LiteSpeed-Cache-Control
X-Via-SSL
XServer
Edge-Copy-Time
SID
On-Server
X-Cluster-Node
X-Svr
Arc-Country
X-CSRF-TOKEN
ServedBy
X-SERVER-NAME
X-Erf-Stays-Bingo-Pdp-Web
X-Webkit-Csp
X-Via-Popv
Viewtype
VivaBuild
X-Edge-Server
X-APP
GeoIp-Country-Code
NtCoent-Length
X-Zone
Cdn-Host
Cdn-Request-Time
X-CF-Powered-By
X-Bc
Geoip-Latitude
Protected
X-UnsetCookies
X-HS-Status
ProcessTime
T-Server
X-Cs
X-Cdn-Forward
X-Action
X-RunCloud-Cache
X-Via-Ucdn
X-Pass-Why
X-Dynatrace-Js-Agent
X-MP-GENERATED-AT
X-NGINX-Cache
Srv
Ohc-File-Size
X-DW
X-Srv
X-RPS
Apigw-Requestid
X-DSS
Memory
X-DI
X-DB
X-RSL
X-RPM
X-Oss-Cdn-Auth
WWW-Authenticate
X-Erf-Bev-Bev
Server-Host
N-Cache
X-Erf-Bev-Bev-Is-Generated
X-We-Are-Hiring
X-Vgn-Hpd-Ssi
Pics-Label
X-Acc-Rdl
X-Varnish-Hits
User-Agent
WZWS-RAY
Magicmarker
X-SB
X-VC
X-Uri
X-Instart-Request-ID
X-MSEdge-Features
Processtime
X-MSEdge-Flight
W
CF-IPCountry
Amp-Access-Control-Allow-Source-Origin
X-Geo
LB
Server-Info
Request-ID
S-Rt
X-Info
Sid
GeoIP-Country-Code
GeoIP-Latitude
X-Tb
Ohc-Cache-HIT
X-Hit
X-Newrelic-App-Data
X-HOST
X-Vcache
X-Akamai-Request-ID2
X-TT-LOGID
CDN
Cteonnt-Length
Section-Origin-Responded
Section-Io-Origin-Status
X-HITS
X-Newrelic-Synthetics
Odigeo-Trace-Id
Section-Io-Origin-Time-Seconds
X-ORACLE-APMCS-REQUEST-ID
DSUID
Section-Io-Id
Actual-Object-TTL
X-Envoy-Upstream-Healthchecked-Cluster
X-UA-Device-Type
Geo-Info
X-Cache-Hm
X-Cache-Hfrom
Tracecode
X-Pjax-Url
X-Vcl-Version
Cache-Name
X-Unique-ID
X-Epic-Correlation-Id
User-Cache-Control
X-Webkit-CSP-Report-Only
X-Origin-Date
A
X-Fastly-Country-Code
Accept-Language
X-Fpc
X-FC-Vary-Parameters
X-CACHE-KEY
X-Nc
X-Magnolia-Registration
Ssr
Lb
Cdn
Lfy
Esi-Enabled
CountryCode
X-Provided-By
X-Mobile-Rewrite
X-SIPLIST1
X-Matched-Rule
X-Gen-Mode
X-Origin-CC
X-Server-IP
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Loc
X-GeoIP-City
X-Origin-TTL
X-Origin-Expires
X-Hnp-Log
X-SD-PageType
Sever-Int
SR-User-Adfree
Server-ID
Server-Hostname
Server-Ext
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Vix-Hermes-Req-Id
Web-Mar-Node
V-Age
True-Client-Country-4JS
Thinkindot-Control
Release
Path
X-Scheme
CDCHOST
X-Cc-Via
X-Cc-Req-Id
X-BBC-Edge-Cache-Status
FNAC-ModuleRouting
X-BBXSRF
MIME-Version
Locid
IsBot
Instruction
D-Cc-Upstream
X-SVT-ORM-RULES
X-Traceid
X-Nginx-Cache-Key
X-User
X-Cache-Info
X-Via-NSCOPI
X-Block-Status
X-Cache-ASPX
X-Cache-Expires
X-Request-URI
X-Varnish-Authentication
X-Node-Id
X-VServer
X-Contensis-Viewer-Groups
X-Response-By
X-Amzn-Remapped-Connection
X-Varnish-Url
X-Amzn-Remapped-Date
X-Thinkindot-L3
X-Developer
X-Key
X-SVT-ORM-VERSION
X-SRCache-Key
X-Device-Os
X-ServedByHost
Kp-EeAlive
X-StackifyID
X-Gdpr
X-Swa-Ws
Pramga
X-Nyt-Route
X-Sn-Servicetimems
X-API-Version
X-NodeID
X-Fetched-On
X-Azure-Ref-OriginShield
X-Cdn-Origin
X-Var-Ttl
X-Trace-Id
Cache-Host
X-Origin-Time
X-Men
X-Generated-In
X-Li-Proto
X-Cache-Tag
X-Dynatrace
X-B3-SpanId
X-Dispatch
X-Sigma-Backend
Proxy-Firewall
X-Instart-Info
X-Sigma
Origin-Cache-Control
Server-Ttl
Cache-Key
X-Served-From
X-Akamai-Pragma-Client-IP
X-TH-Server
X-Geo-Region
Origin-Edge-Control
X-Rocket-Build-Number
Powered-By
Source
X-RAMCache
X-Parent-Response-Time
X-Via-PopH
X-Lb-Id
X-Via-PopN
Cache-Provider
X-Via-PopV
X-No-Cache
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-VC-Cache
X-ElasticPress-Query
X-Batcache
Cf-Device-Type
X-Agile-Brick-Ok
Fastcgi-Cache-TTL
X-LiteSpeed-Tag
X-WA
HitType
X-Apw-Hits
X-Tt-Logid
X-Apw-Access-Action
X-Apw-Access-Token
X-Apw-Access-Object
X-ServiceProvider
Tcn
X-Origin-Response-Time
Expiry
Content-Script-Type
Req-Svc-Chain
Content-Style-Type
X-RateLimit-Limit
Vha6-Origin
X-Pf-Uncompressing
X-Yottaa-OS
Xet-Cookie
X-MiniProfiler-Ids
X-HostName
X-PJAX-URL
Who
X-Request-URL
BehaviorPad-Version
X-Varnish-Beresp-TTL
X-Generated
Cf-Alt-Svc
X-TrackingId
X-Selected-Name
X-Selected-Scheme
X-Selected-Host-Header
X-B3-Parentspanid
X-BBC-Origin-Response-Status
X-Dw-Trace-Id
PICS-Label
X-Vgn-Hpd-Reason
X-Snapshot-Date
Pragrma
Inserted-Into-Cache-At
Resin-Trace
Mime-Version
X-C
Dnion-Transfer-Encoding