Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
CF-RAY
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-Served-By
CF-Ray
X-Xss-Protection
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
P3p
X-Kinja-Server-Push
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
Upgrade
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Template
X-Language
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Dns-Prefetch-Control
X-Age
X-Backend
X-Hacker
X-Cache-Group
X-Server
X-Robots-Tag
X-Amz-Request-Id
X-AH-Environment
X-UA-Device
EagleId
X-Amz-Id-2
X-Proxy-Cache
Request-Context
X-Turbo-Charged-By
X-Server-Powered-By
X-Buckets
Server-Timing
X-Nginx-Cache-Status
Host-Header
Grace
Report-To
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Cf-Railgun
Cf-Bgj
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Vhost
X-Amz-Version-Id
X-Host
X-Dispatcher
X-Device
X-Backend-Server
NEL
X-Node
X-WebKit-CSP
X-Ruxit-JS-Agent
Surrogate-Control
X-Cache-Lookup
X-Response-Time
Content-Location
X-Origin-Cache
X-Server-Id
X-Akam-SW-Version
Request-Id
X-Ac
X-ASPNET-VERSION
Accept-CH-Lifetime
X-Country
EagleEye-TraceId
X-HW
X-Mod-Pagespeed
Accept-CH
Rating
X-Readtime
X-Cloud-Trace-Context
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Application-Context
Pinterest-Generated-By
Edge-Control
X-Country-Code
X-Url
X-PC
X-TtlSet
X-Vname
X-DataDome
X-Varnish-TTL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Allow
X-Cnection
X-Origin-Upstream-Status
X-MS-InvokeApp
Fusion-Component-Id
Fusion-Source
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Template-Id
X-GitHub-Request-Id
X-Content-Type
X-D2id
X-ESI
X-Clacks-Overhead
X-Server-Name
X-Webkit-CSP
X-Abt-Application-Version
X-Trace
X-FTR-Request-ID
X-Pinterest-Rid
X-Middleton-Display
Pinterest-Version
Pagespeed
Response
Display
X-Middleton-Response
X-Sol
X-Navigation-Version
X-Vcap-Request-Id
X-B3-TraceId
X-Px
Verso
X-Rack-Cache
X-Cached
X-DynaTrace
X-Fastly-Request-ID
X-Element-Page-Cache
Service-Worker-Allowed
MS-Author-Via
Accept-Ch
X-Cache-TTL
Arr-Disable-Session-Affinity
X-Client-IP
X-Dw-Request-Base-Id
X-Powered-By-Plesk
X-Upstream
X-Version
Content-MD5
SPRequestGuid
AR-PoweredBy
AR-CACHE
AR-ATIME
X-SharePointHealthScore
AR-Request-ID
Ar-Sid
X-Forwarded-Proto
Fastly-Restarts
X-NF-Request-ID
X-Debug
X-VARITI-CCR
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Build
X-T
X-Exp-Id
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-TTL
X-XRDS-Location
X-Ttl
X-Goog-Hash
X-Jurisdiction
Access-Control-Request-Method
X-Server-ID
X-Powered-CMS
TP-L2-Cache
TP-Cache
X-CST
X-MSEdge-Ref
X-Release
X-Content-Digest
X-Edge
SPIisLatency
SPRequestDuration
S
X-FastCGI-Cache
TCN
X-Amz-Rid
X-NWS-LOG-UUID
RTSS
Cache-Tag
X-Pinterest-Direct
Public-Key-Pins
X-Ezoic-Cdn
X-Node-Name
X-PressLabs-Stats
Fastcgi-Cache
X-Yandex-Sdch-Disable
X-Request-Processing-Time
X-Request-Received
X-Mid
X-MCACHE
Server-Node
X-Cache-Key
X-Accel-Expires
Front-End-Https
X-Amzn-Trace-Id
X-Logged-In
Accept-Ch-Lifetime
X-Ratelimit-Remaining
X-Cache-Hit
X-Microsite
X-Request-Handler-Origin-Region
X-Ser
ServerID
X-Recruiting
X-Kinsta-Cache
X-Origin-Server
X-Page-Id
Alternate-Protocol
Accept-Charset
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
Host
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-B
X-Mobile-URL
X-Content-Security-Policy-Report-Only
X-Ratelimit-Limit
X-Varnish-Age
X-Hostname
X-Shield-Request-Id
Filterid
X-Forwarded-For
X-Grace
X-Country-Code-Real
X-FireWall-Port
X-Mg-S
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-DIS-Request-ID
Nginx-Cache
X-FTR-Expires
X-Content-Options
Edge-Cache-Tag
X-Seen-By
X-Load-Cache
Realpath
X-Amz-Server-Side-Encryption
X-Jobs
X-LB-Cache
X-F-Cache
X-Hits
X-Git-Hash
X-Activity-Id
X-Az
X-AppVersion
X-App-Environment
X-N
X-ECACHE
X-Daa-Tunnel
X-Type
X-Varnish-Backend
X-Request-Guid
X-HP-Webp
X-Id
MicrosoftSharePointTeamServices
X-Varnish-Grace
Akamai-Age-Ms
X-Rid
Fastcgi-Useragent
Paypal-Debug-Id
X-Zen-Fury
DynaTrace
X-Proxy
X-TEC-API-ORIGIN
Access-Control-Allow-Method
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-FB-Debug
Cache-Tags
X-Upgrade-Enabled
Cleartype
X-WebKit-CSP-Report-Only
X-App-Server
X-Cached-By
X-Akamai-Edgescape
X-Geo-Country
Content-Disposition
X-Cache-Rule
X-Cache-Operation
X-Content-Powered-By
DC
X-Amz-Meta-S3cmd-Attrs
Powered-By-ChinaCache
X-IPLB-Instance
X-User-Agent
X-Cache-Age
X-Host-Name
X-Wix-Request-Id
X-HS-Content-Id
X-HS-Hub-Id
X-Fastcgi-Cache
X-HS-Cache-Config
X-Correlation-ID
X-Response-Served-From
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-HS-Combine-CSS
X-Goog-Metageneration
X-HTML-Minification-Powered-By
X-GUploader-UploadID
X-Goog-Generation
X-Original-Request-Id
X-Accel-Buffering
X-Ua
X-AOL-HN
Healthy
X-B-Cache
X-B3-Sampled
X-Signature
X-Respond-Thread
X-Endurance-Cache-Level
X-VCache
X-Whom
NGB
MS-CV
X-Rendered-As
Payment
X-Is-Bot
X-Debug-Info
X-FW-Type
X-UUID
X-FW-Static
X-Cache-Time
X-Distributor
AMP-Access-Control-Allow-Source-Origin
X-FW-Hash
X-Cacheable-TTL
X-Region
X-FW-Dynamic
X-FW-Serve
X-FW-Server
Datacenter
X-Rule
X-Frontend
X-Instance
Refresh
X-Mobile
Countrycode
X-Tumblr-Pixel-0
X-Amzn-RequestId
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Amz-Apigw-Id
X-Tumblr-User
X-App-Version
X-Tumblr-Pixel
Surrogate-Key
X-Varnish-Server
X-XRDS-LOCATION
S-Cnection
Nel
Arc-Version
PB-RID
PB-PID
X-Backend-Name
X-Acc-Debug-Context
X-Protected-By
X-Via-JSL
X-Ah-Environment
X-Tec-Api-Root
Viewport
X-Tec-Api-Origin
X-Oneagent-Js-Injection
X-Tec-Api-Version
Liferay-Portal
X-PHP-Backend
X-NewRelic-App-Data
Filters
X-Azure-Ref
X-Hyper-Cache
Charset
X-Cache-Expired-At
X-Cache-Server
X-Proxy-Cache-Status
Powered
X-Litespeed-Cache
X-WA-Info
Section-Io-Cache
X-Hp-Webp
Retry-After
X-Time
Referer-Policy
X-Cache-Control
X-DynaTrace-JS-Agent
X-Sucuri-ID
X-Amz-Replication-Status
X-Cache-Action
X-Source
X-CSRF-Token
X-EdgeConnect-Cache-Status
Eomportal-Instance
X-FB-TRIP-ID
Meta-Geo
X-RemovedCookies
X-RN-RSRV
X-Cache-Var
X-ES-SERVER
X-Real-IP
X-ProcessESI
X-Cache-Var-Map
X-GeoIP
Version
X-Qloud-Router
X-From
X-Debug-Cache
X-R9-Blue-Green-Version
X-Correlation-Id
X-L-Path
GEO-INFO
X-Device-Type
X-Mode
X-Framework
X-Environment-Context
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-ProxyCache-Status
X-Time-Microsecs
X-VWS-Id
X-Xfnlog-Site
X-Server-W
X-RTag
X-Revision
Uber-Trace-Id
Ms-Operation-Id
Mn-Server-Ip
X-BYPASS-REASON
X-LJ-Flow-ID
X-Human
X-Cache-Host
X-ProxyCache-Key
X-AWS-Id
Cache
Webcakes-App-Version
Webcakes-Region
X-Proxy-Build
X-PCL
Webcakes-App-Name
TWC-Privacy
X-Origin-Hint
X-Cluster
Cache-Tv-Group
X-Loop
X-OCL
X-FW-Version
TWC-Locale-Group
X-Cache-TTL-Remaining
TWC-GeoIP-LatLong
Property-Id
Ec-Rule-Version
Cross-Origin-Window-Policy
TWC-Connection-Speed
Selected-Fe
TWC-GeoIP-Country
Frame-Options
TWC-Device-Class
X-Timing-Wait
X-TNCMS
X-Detected-As
X-BCube-Filmed-By
X-Air-Hostname
X-Locale
X-Status
X-Site-Version
X-Handled-By
X-Zipkin-Id
X-Hosted-By
X-PHP-Host
X-Labrador-Cache-Channel
X-Routing-Service
X-SaId
X-Hl-Ver
X-Ratelimit-Reset
X-JoinUs
X-Proto
X-Proxied
X-Be
X-Redis-Cache
X-Via-Fastly
X-ServerID
X-NYM-Debug-Backend
X-Amzn-Remapped-Content-Length
DB-Nickname
X-Generated-By
X-Unique-Id
X-Access
X-Format
X-FTR-Cache-Host
FSS-Cache
X-Section
From-Origin
X-No-Session
Server-Name
X-Cache-PHP
X-ATG-Version
X-Drupal-Cache-Contexts
X-Sucuri-Cache
X-Varnish-Cache-Hits
X-TA-CDN-Provider
X-ECache
X-Contextid
Webserver
X-Drupal-Cache-Tags
X-NWS-UUID-VERIFY
X-CDN-Forward
X-NCache
X-Origin
OT-Force-Account-Verify
X-EIG-Tracking-Id
CF-Cached-On
X-Adobe-Loc
X-Adobe-Content
X-AIR-PT
X-Tt-Trace-Tag
X-GoCache-CacheStatus
X-IPS-LoggedIn
X-Tt-Trace-Host
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Server-Time
X-EC-Lua
X-Cache-Enabled
X-TT
X-IP
X-Bc-Bl
X-Akamai-Transformed
Azure-RegionName
Azure-SiteName
Azure-SlotName
VIX-Pulpo-Upstream-Status
Azure-Version
X-Backend-Host
Azure-InstanceId
VIX-Pulpo-Node
CACHE
X-NC
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-Ruxit-Js-Agent
X-CCM
X-Adobe-Source
Access-Control-Request-Headers
SD-X-WS
X-Cache-Backend
X-Cache-2
X-Storefront-Renderer-Rendered
X-Soup
X-Shopify-Stage
X-ShopId
X-ShardId
X-Tumblr-Pixel-3
X-Backend-TTL
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
Node
X-TIME
X-URL
X-Cdn
X-Date
X-Destination
X-Pubstack
X-Vdms-Path
X-Rojux
X-Rewrite-Enabled
X-Transaction
MD5-Digest
Mobile-Detection-Method
X-Aed
X-Trv-Group
X-Accel-Expires-Debug
X-D
X-A-Wwc
X-External-Request-Id
X-Forwarded-Host
Apple-News-Services-Host
X-Cache-Grace
X-A-Ccd
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-A-Dam
Apple-News-Services-Handled
X-G
X-RCS-CacheZone
X-Connection-Hash
X-ScT
X-S-Cookie
X-A-Dgt
X-S
Rendered-Blocks
X-Application
X-Vtex-Processado-Em
Meta-Geo-Continent
DCR-Processing-Time-Ms
X-Up
X-CF-Lambda-Fn
X-Twitter-Response-Tags
X-VG-WebServer
X-VG-WebCache
X-B-Cookie
X-Request-UUID
X-PBS-Appsvrname
X-PERF
X-Cache-NE
X-Vtex-Remote-Cache
DCR-Decision-By
X-Worker
Machine
X-CF-Lambda-Version
X-A-Dcw
X-Varnishpool
Xc-Version
X-PAYTM-SRV-ID
Fastcgi-X-Cache-Version
Surrogated-Key
X-ApacheServer
X-Processor
Host-ID
X-ARC
X-A
X-Vdms-Version
X-Web-Node
Cache-Status
Fastly-SSL
X-Viewer-Country
X-SayCDN-TTL
Time
X-APP-VERSION
X-CACHE-AGE
X-Cluster-Name
X-Cache-Config
X-Storage
X-Say-TTL
X-Say-Cacheable
CDN-RequestCountryCode
X-OVcl
Wxu-Next-Region
CDN-PullZone
CDN-RequestId
X-OVcl-Cache
X-Req
NM-Fastcgi-Cache
X-VG-TLSProxy
Wxu-Next-Commit
We-Hiring
X-Cache-Bucket
Is-Eu
Ufe-Result
Wxu-Next-Hostname
Mail-Subject
X-Variation
CloudFront-Viewer-Country
CDN-Uid
X-CUA
X-Envoy-Decorator-Operation
X-Rebelmouse-Cache-Control
Now
X-Rebelmouse-Surrogate-Control
Fastly-SWR
Platform
X-Servername
X-Hash
CDN-Cache
CDN-CachedAt
X-Minions-Version
X-Ms-Request-Id
CDN-EdgeStorageId
X-SN
Upgrade-Insecure-Requests
Adler-Geo
X-Ms-Version
Fastly-SIE
X-Edge-Location
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-NGENIX-Cache
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-UA
X-Varnish-Beresp-Status
X-Micro-Cache
Decoy-Debug-Status
Decoy-Debug-Key
Decoy-Debug-TTL
Origin
Ha-Gx-Prefs
Gh-Request-Id
Fastly-Drupal-HTML
Rt-Fastcgi-Cache
Country-Code
C-Via
Group
L
X-Auto-Login
HA-Ipaddr
L5d-Success-Class
X-Li-Pop
X-TX-ID
X-Skip-Cache
X-Platform
X-Policy
X-Backend-State
X-Owner
X-LI-UUID
X-Method
X-Microcachable
X-Thanos
X-Varnish-Cacheable
X-Webstats-RespID
X-Request-Host
X-Clara-WADP
X-Fastly-Cache
X-Request-Start
X-Reqid
X-Render-Time
X-WADP-Cache
X-Proxy-Upstream
X-Varnish-Ttl
X-Fmm-Version
X-Slack-Backend
X-Csrf-Jwt
X-Core-Value
X-Fastly-Backend
X-CGP
X-Eu-Site
X-Core-Mission
X-Cache-NGX
X-Bip
X-Clientip
X-Generation-Time
X-Li-Fabric
X-Cache-Tags
Backend
X-Aspnet-Duration-Ms
X-Route-Name
Country
X-LAGOON
X-Providence-Cookie
X-Flags
X-Is-Crawler
X-Gzip
PFcat
X-Cache-Id
X-Cdn-Srv
X-VarnishDD-TTL
X-Esi-Check
X-Cache-Date
Pagetype
X-Cache-URL
X-Cms-Context
X-Platform-Server
X-Wikidot-Static-Cache
X-Gamma-Serve
X-Generated-On
X-Level-Front-Cache
X-HN
X-Wikidot-Backend
UCS
X-Irp-Debug
Memcached
Akamai-GRN
X-Old-Content-Length
X-Content-Age
X-HS-Content-Campaign-Id
X-CS
CacheControlHeader
Fastly-Backend-Name
X-UPSTREAM-Address
X-Varnish-CookieINHashed-On
X-Amz-Meta-Cb-Modifiedtime
X-DefHash
AKAMAI
X-Varnish-CookieHashed-On
X-JWT-State
X-Is-Gdpr
X-Developers
X-Varnish-Remaining-TTL
X-Geo-Header
X-Has-Esi
FSS-Proxy
X-DefElseHash
X-Esi
X-Wa
X-Mvc-Supplant-Cachable
HostName
X-Agile
X-LB-ID
X-Agile-Age
X-Aicache-OS
X-Branch-Name
X-Location
X-Agile-Id
X-Refresh
X-PF-Uncompressing
X-NODE
X-Via-Popn
X-Via-Poph
X-Cache-Debug
X-Session-Fingerprint
X-DC
X-Instart-Request-ID
M-TraceId
X-RateLimit-Remaining
X-Ftr-Cache-Host
NGX
X-Servedbyhost
X-BC
X-Debug-Cache-Fetch
X-Page-View
X-ZONE
X-Mvc-Supplant-OutputCached
X-LI-Proto
X-Debug-Cache-Store
X-Cdn-Forward
X-Dc
X-Datadome
X-Ua-Device
X-GEO
Arc-Country
Xserver
X-Zone
X-Bc
X-Nginx-Cache
X-Request-Time
Cdn-Request-Time
X-B3-Spanid
X-Edge-Server
Cdn-Host
Viewtype
VivaBuild
SRV
X-Pinterest-Sli-Latency-Threshold
X-Pinterest-Sli-Response-Type
X-Pinterest-Sli-Endpoint-Name
X-SERVER
X-RunCloud-Cache
X-Webkit-Csp
X-Via-Ucdn
X-Varnish-Hostname
Srv
X-Check-Cacheable
X-HS-Status
X-Via-CDN
X-LiteSpeed-Cache-Control
WebServer
Hostname
Actual-Object-TTL
X-ORACLE-APMCS-REQUEST-ID
X-VCL-Version
X-NU-AKA-ACS-Version
X-APP
Memory
X-Action
X-Vgn-Hpd-Ssi
X-Sql-Count
X-UnsetCookies
X-Sql-Duration-Ms
X-DW
X-DI
X-B3-Traceid
X-DB
X-DSS
X-Via-Popv
X-Srv
X-Cluster-Node
X-FPC
X-RPM
WWW-Authenticate
X-Cs
X-MP-GENERATED-AT
X-RPS
X-RSL
X-NGINX-Cache
Geo-Info
Amp-Access-Control-Allow-Source-Origin
X-Unique-ID
X-SRV
Edge-Copy-Time
X-Presslabs-Stats
GeoIP-Latitude
X-Oss-Cdn-Auth
X-Via-Edge
ProcessTime
GeoIP-Country-Code
X-Via-SSL
X-Geo
X-Hit
SID
X-Vcache
On-Server
Sid
X-Www-Served-By
Geoip-Latitude
X-Dynatrace-Js-Agent
X-Svr
X-Akamai-Request-ID2
X-Cache-Remote
X-We-Are-Hiring
GeoIp-Country-Code
Apigw-Requestid
X-CF-Powered-By
LB
User-Agent
X-CSRF-TOKEN
ServedBy
XServer
Processtime
W
Cache-Hits
X-Epic-Correlation-Id
X-S-Maxage
X-SERVER-NAME
X-FORWARDED-FOR
X-Nc
NtCoent-Length
X-Webkit-CSP-Report-Only
Server-Info
X-LLID
Request-ID
X-Fpc
T-Server
X-Mobile-Rewrite
X-HOST
Ohc-File-Size
X-Pass-Why
X-FC-Vary-Parameters
Cdn
X-Envoy-Upstream-Healthchecked-Cluster
CF-IPCountry
X-Tb
X-MSEdge-Features
X-MSEdge-Flight
N-Cache
X-Pjax-Url
S-Rt
X-HITS
X-Cache-Hfrom
X-Cache-Hm
X-Vcl-Version
Server-Host
Pics-Label
Accept-Language
X-Fastly-Country-Code
Esi-Enabled
X-Varnish-Hits
X-VC
Origin-Edge-Control
Cteonnt-Length
A
WZWS-RAY
Origin-Cache-Control
X-SB
Magicmarker
X-Key
Protected
X-CACHE-KEY
X-COUNTRY
Lb
X-Dispatch
CDN
X-ID
Proxy-Firewall
X-Info
Ohc-Cache-HIT
X-B3-SpanId
X-Amzn-Remapped-Date
X-Via-NSCOPI
X-Instart-Info
Powered-By
X-Amzn-Remapped-Connection
X-Geo-Region
X-Uri
User-Cache-Control
HitType
X-Li-Proto
X-StackifyID
X-Newrelic-App-Data
X-Erf-Stays-Bingo-Pdp-Web
X-RAMCache
X-TT-LOGID
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-ServedByHost
X-Dynatrace
Tracecode
BehaviorPad-Version
Fastcgi-Cache-TTL
X-Served-From
X-Generated
X-Client-Ip
X-TH-Server
Server-Ttl
Cache-Key
X-Newrelic-Synthetics
X-Akamai-Pragma-Client-IP
X-App
Odigeo-Trace-Id
Section-Io-Id
X-Provided-By
Section-Io-Origin-Status
DSUID
Section-Io-Origin-Time-Seconds
X-UA-Device-Type
X-Cache-Tag
Section-Origin-Responded
X-Magnolia-Registration
X-Cache-Spec
Lfy
Ssr
X-LiteSpeed-Tag
D-Cc-Upstream
X-Cc-Req-Id
Cache-Name
X-Cc-Via
X-Lb-Id
Cache-Provider
X-Via-PopH
X-Via-PopV
X-Via-PopN
X-TrackingId
X-Acc-Rdl
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Locid
X-SD-PageType
Server-Ext
Release
Pramga
Path
Server-Hostname
Server-ID
MIME-Version
Kp-EeAlive
Thinkindot-Control
SR-User-Adfree
Sever-Int
IsBot
X-Cache-ASPX
X-Nginx-Cache-Key
X-Node-Id
X-Origin-CC
X-Matched-Rule
X-Loc
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hnp-Log
X-Origin-Date
X-Origin-Expires
X-Request-URI
X-Response-By
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Origin-TTL
X-Parent-Response-Time
X-GeoIP-City
X-Generated-In
X-BBXSRF
X-Block-Status
Instruction
X-BBC-Edge-Cache-Status
Web-Mar-Node
V-Age
Vix-Hermes-Req-Id
X-Cache-Expires
X-Cache-Info
X-Fetched-On
X-Gen-Mode
X-ElasticPress-Query
X-Device-Os
X-Contensis-Viewer-Groups
X-Developer
True-Client-Country-4JS
X-WA
FNAC-ModuleRouting
X-Varnish-Authentication
X-Batcache
X-User
X-Traceid
X-Thinkindot-L3
X-No-Cache
X-Yottaa-OS
X-Agile-Brick-Ok
X-Varnish-Url
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
Xet-Cookie
X-Planisys-CDN-Cache
X-Path-Route
X-VC-Cache
X-VServer
X-Swa-Ws
X-Var-Ttl
X-Tt-Logid
X-Sigma-Backend
X-SIPLIST1
CDCHOST
X-Men
X-Sigma
X-ServiceProvider
X-Server-IP
X-Scheme
X-SRCache-Key
Cache-Host
X-Rocket-Build-Number
Dnion-Transfer-Encoding
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
Tcn
X-RateLimit-Limit
X-NodeID
X-Nyt-Route
X-HostName
Req-Svc-Chain
X-Origin-Time
X-Gdpr
X-Sn-Servicetimems
X-Trace-Id
X-Azure-Ref-OriginShield
X-API-Version
X-Cdn-Origin
Cf-Alt-Svc
Inserted-Into-Cache-At
X-BBC-Origin-Response-Status
Who
X-Pf-Uncompressing
X-Varnish-Beresp-TTL
X-Selected-Name
X-Selected-Scheme
X-Selected-Host-Header
CountryCode
X-Apw-Access-Action
X-MiniProfiler-Ids
Mime-Version
X-C
Pragrma
X-Dw-Trace-Id
Vha6-Origin
X-Tid
X-Proxy-Cachei7
X-Pad
X-Origin-Response-Time
X-PJAX-URL
Content-Script-Type
X-Apw-Hits
X-Request-URL
Source
X-Snapshot-Date
X-Apw-Access-Token
X-Apw-Access-Object
Content-Style-Type
PICS-Label
X-Vgn-Hpd-Reason
Resin-Trace