Threat Level: green Handler on Duty: Remco Verhoef

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
CF-RAY
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
P3P
X-Cache-Hits
Alt-Svc
X-Xss-Protection
X-Served-By
CF-Ray
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
P3p
X-Iinfo
X-Content-Security-Policy
X-AspNetMvc-Version
Status
Content-Encoding
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Ua-Compatible
X-Cache-Group
X-Server
X-Backend
X-Amz-Request-Id
X-Hacker
X-Robots-Tag
X-Amz-Id-2
X-UA-Device
X-AH-Environment
Request-Context
X-Proxy-Cache
EagleId
X-Turbo-Charged-By
X-Server-Powered-By
X-Template
X-Dns-Prefetch-Control
Server-Timing
X-Language
X-Nginx-Cache-Status
Grace
Host-Header
Report-To
X-Rq
X-Page-Speed
Xkey
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-Buckets
X-Vhost
X-Host
X-WebKit-CSP
X-Backend-Server
X-Server-Id
X-Dispatcher
X-Device
NEL
Surrogate-Control
X-Node
Request-Id
Content-Location
X-Ruxit-JS-Agent
Accept-CH-Lifetime
X-Response-Time
EagleEye-TraceId
Accept-CH
X-Cache-Lookup
X-Akam-SW-Version
X-Origin-Cache
X-Ac
Allow
X-Readtime
Rating
X-Mod-Pagespeed
X-HW
X-Country
X-Cloud-Trace-Context
X-Application-Context
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
Pinterest-Generated-By
Edge-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-TtlSet
X-PC
X-Vname
X-MS-InvokeApp
X-Cnection
X-DataDome
X-Country-Code
X-Varnish-TTL
X-CST
X-GitHub-Request-Id
X-Content-Type
X-D2id
X-Clacks-Overhead
X-Trace
X-Server-Name
X-Middleton-Response
X-Middleton-Display
Pagespeed
Display
X-Sol
Response
X-Origin-Upstream-Status
X-Pinterest-Rid
Pinterest-Version
MS-Author-Via
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Template-Id
X-Vcap-Request-Id
X-Navigation-Version
X-Px
X-B3-TraceId
X-FastCGI-Cache
X-ESI
X-Rack-Cache
X-Abt-Application-Version
Service-Worker-Allowed
Verso
X-Url
X-DynaTrace
X-Fastly-Request-ID
X-TTL
Arr-Disable-Session-Affinity
X-Client-IP
X-Webkit-CSP
X-Element-Page-Cache
X-Cache-TTL
X-Cached
X-Dw-Request-Base-Id
X-FTR-Request-ID
X-VARITI-CCR
SPRequestGuid
X-SharePointHealthScore
X-Goog-Hash
X-Powered-By-Plesk
X-NF-Request-ID
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-GoogleNews-Bot
X-Upstream
Fastly-Restarts
X-Debug
AR-CACHE
AR-ATIME
AR-PoweredBy
AR-Request-ID
Content-MD5
Ar-Sid
X-Pinterest-Direct
X-MSEdge-Ref
X-Forwarded-Proto
SPIisLatency
SPRequestDuration
X-Powered-CMS
X-Version
Access-Control-Request-Method
X-T
X-Release
X-Jurisdiction
X-Amz-Rid
S
X-Edge
X-Content-Digest
X-XRDS-Location
RTSS
TP-L2-Cache
TP-Cache
TCN
X-Litespeed-Cache
Cache-Tag
X-Ezoic-Cdn
Public-Key-Pins
Accept-Ch
X-Ttl
X-Cache-Key
Front-End-Https
X-Mid
X-MCACHE
X-Node-Name
X-Yandex-Sdch-Disable
Server-Node
X-Request-Processing-Time
X-Request-Received
Fastcgi-Cache
X-Mg-S
X-Amz-Server-Side-Encryption
X-Recruiting
X-HP-Webp
X-Amzn-Trace-Id
X-B3-TraceId-Primal
X-Accel-Expires
Mrf-Cache-Status
MRF-Tech
X-Ser
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Kinsta-Cache
X-PressLabs-Stats
X-NWS-LOG-UUID
X-Grace
X-Microsite
X-Request-Handler-Origin-Region
X-ASPNET-VERSION
X-Origin-Server
Accept-Charset
X-Varnish-Age
X-Logged-In
ServerID
MicrosoftSharePointTeamServices
Cf-Bgj
X-DIS-Request-ID
X-Page-Id
Host
Nginx-Cache
Edge-Cache-Tag
X-Cache-Hit
X-Shield-Request-Id
X-ECACHE
X-Content-Security-Policy-Report-Only
X-Ratelimit-Remaining
X-Server-ID
X-Hits
X-B
Powered-By-ChinaCache
Cache-Tags
X-Hostname
X-Mobile-URL
X-F-Cache
X-Forwarded-For
X-Respond-Thread
X-AppVersion
Realpath
X-LB-Cache
X-Az
X-Activity-Id
Cleartype
X-Cached-By
X-N
X-Content-Options
X-Git-Hash
X-Upgrade-Enabled
Alternate-Protocol
X-Type
DynaTrace
X-Jobs
X-Load-Cache
X-Rid
X-Varnish-Backend
X-Cache-Age
Paypal-Debug-Id
X-Amz-Meta-S3cmd-Attrs
X-Kong-Upstream-Latency
X-App-Environment
X-Kong-Proxy-Latency
X-Ratelimit-Limit
Accept-Ch-Lifetime
X-Request-Guid
X-FTR-Cache-Status
X-FTR-Backend
Access-Control-Allow-Method
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Balancer
X-FTR-Realm
X-Country-Code-Real
X-FTR-Expires
X-Proxy
Fastcgi-Useragent
X-Seen-By
X-URL
X-WebKit-CSP-Report-Only
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Zen-Fury
X-Goog-Generation
X-Goog-Storage-Class
Nel
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Combine-CSS
X-Akamai-Edgescape
Charset
X-FireWall-Port
Filterid
X-B3-Sampled
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-FB-Debug
X-Daa-Tunnel
X-Varnish-Grace
X-VCache
X-Correlation-ID
X-IPLB-Instance
Filters
X-B-Cache
X-Signature
X-Host-Name
X-Mobile
X-AOL-HN
DC
X-Debug-Info
MS-CV
X-Whom
Healthy
AMP-Access-Control-Allow-Source-Origin
X-Region
Viewport
X-User-Agent
X-Frontend
X-Response-Served-From
X-Original-Request-Id
Liferay-Portal
X-Accel-Buffering
X-App-Server
X-Cache-Operation
X-Geo-Country
Payment
X-Cache-Rule
X-Distributor
X-UUID
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Rule
X-HTML-Minification-Powered-By
X-Instance
X-Acc-Debug-Context
X-Tumblr-Pixel-2
X-Tumblr-User
X-FW-Type
X-XRDS-LOCATION
X-Cache-Time
Refresh
Surrogate-Key
X-FW-Dynamic
X-FW-Hash
X-FW-Server
X-FW-Serve
X-Content-Powered-By
X-FW-Static
X-Protected-By
X-Cacheable-TTL
X-Amz-Replication-Status
X-Id
S-Cnection
X-Cache-Expired-At
X-Tec-Api-Root
X-Wix-Request-Id
Content-Disposition
X-Tec-Api-Origin
X-Tec-Api-Version
Section-Io-Cache
X-Rendered-As
X-Is-Bot
X-Via-JSL
Version
X-Hyper-Cache
X-Cache-Action
X-App-Version
X-Sucuri-ID
X-Backend-Name
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Ah-Environment
Datacenter
X-Pinterest-Sli-Latency-Threshold
X-Oneagent-Js-Injection
CACHE
X-Pinterest-Sli-Endpoint-Name
X-Pinterest-Sli-Response-Type
X-Endurance-Cache-Level
Server-Name
Arc-Version
GEO-INFO
X-Cache-Server
PB-PID
PB-RID
Retry-After
X-Air-Hostname
X-Ua
X-Source
X-EdgeConnect-Cache-Status
Eomportal-Instance
X-L-Path
X-Environment-Context
X-Real-IP
Referer-Policy
X-Framework
X-ProcessESI
X-Sucuri-Cache
X-Revision
X-Varnish-Server
X-RemovedCookies
Frame-Options
X-Yottaa-Optimizations
Ms-Operation-Id
NGB
X-Yottaa-Metrics
X-RTag
X-Unique-Id
Webserver
X-Drupal-Cache-Contexts
Akamai-Age-Ms
Countrycode
X-Cache-Var-Map
X-ES-SERVER
X-Cache-Var
X-RN-RSRV
Meta-Geo
X-Cache-Control
X-WA-Info
X-Mode
X-Proxy-Cache-Status
X-Drupal-Cache-Tags
Cache-Tv-Group
X-R9-Blue-Green-Version
X-Xfnlog-Site
X-BYPASS-REASON
X-ProxyCache-Status
X-ProxyCache-Key
X-Qloud-Router
X-Cache-TTL-Remaining
DB-Nickname
X-Correlation-Id
Cross-Origin-Window-Policy
X-AWS-Id
X-OCL
X-LJ-Flow-ID
X-Hl-Ver
Webcakes-App-Version
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
Webcakes-App-Name
X-Cache-Host
X-VWS-Id
Mn-Server-Ip
X-Origin-Hint
X-Handled-By
X-PHP-Host
X-Human
Property-Id
X-Labrador-Cache-Channel
X-Status
X-Time-Microsecs
X-Server-W
TWC-Connection-Speed
X-Redis-Cache
X-PCL
Webcakes-Region
X-DynaTrace-JS-Agent
X-Azure-Ref
X-Format
X-No-Session
X-Section
X-Via-Fastly
X-Proxied
X-From
X-FW-Version
X-ServerID
X-NYM-Debug-Backend
X-GeoIP
X-Hosted-By
X-Site-Version
X-Proxy-Build
Selected-Fe
X-Zipkin-Id
X-Access
X-Amzn-Remapped-Content-Length
X-Routing-Service
X-Cluster
X-TIME
X-Timing-Wait
X-Contextid
X-Proto
X-Be
X-NewRelic-App-Data
X-FB-TRIP-ID
X-Locale
X-TNCMS
X-Loop
Ec-Rule-Version
FSS-Cache
X-Ruxit-Js-Agent
X-CDN-Forward
X-Detected-As
X-Providence-Cookie
X-Cache-PHP
X-Debug-Cache
X-Aspnet-Duration-Ms
X-Flags
X-Is-Crawler
X-Adobe-Content
X-Route-Name
X-Adobe-Loc
X-Generated-By
Uber-Trace-Id
X-PHP-Backend
X-Device-Type
X-ATG-Version
X-AIR-PT
X-BCube-Filmed-By
X-TT
X-Ratelimit-Reset
X-Esi
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Cache-Spec
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-CSRF-Token
Upgrade-Insecure-Requests
X-NC
Azure-Version
Azure-InstanceId
Azure-SlotName
Azure-RegionName
X-Varnish-Cache-Hits
Azure-SiteName
Access-Control-Request-Headers
X-LLID
OT-Force-Account-Verify
X-Fastcgi-Cache
X-UPSTREAM-Address
X-NCache
From-Origin
X-COUNTRY
Cache
X-Akamai-Transformed
X-Origin
X-CCM
X-Cache-2
X-SaId
X-JoinUs
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
Powered
X-FTR-Cache-Host
X-GoCache-CacheStatus
CF-Cached-On
X-Adobe-Source
X-Varnishpool
X-Alternate-Cache-Key
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-ShopId
X-ShardId
X-Sorting-Hat-PodId
X-Backend-TTL
X-ApacheServer
X-Backend-Host
SD-X-WS
X-LAGOON
Country
Cache-Status
X-ID
X-PERF
X-Page-View
X-Pubstack
X-Time
X-Web-Node
X-Soup
X-Forwarded-Host
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
X-Storage
Fastly-SSL
X-ECache
X-G
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
SRV
X-Cluster-Name
X-Cache-Grace
Node
X-Viewer-Country
X-NWS-UUID-VERIFY
X-Cache-Enabled
X-Cdn
X-EC-Lua
X-IP
X-TX-ID
DCR-Processing-Time-Ms
X-Request-UUID
X-RCS-CacheZone
X-Rewrite-Enabled
X-Rojux
X-S
X-Processor
X-PBS-Appsvrname
X-D
X-Destination
X-External-Request-Id
X-PAYTM-SRV-ID
X-S-Cookie
X-ScT
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Worker
Xc-Version
X-VG-WebServer
X-VG-WebCache
X-Session-Fingerprint
X-Trv-Group
X-Vdms-Path
X-Vdms-Version
X-Connection-Hash
X-CF-Lambda-Version
MD5-Digest
Meta-Geo-Continent
Mobile-Detection-Method
Rendered-Blocks
Machine
Fastcgi-X-Cache-Version
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
DCR-Decision-By
X-A
X-A-Ccd
X-ARC
X-B-Cookie
X-Cache-NE
X-CF-Lambda-Fn
X-Application
X-Aed
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A-Wwc
Apple-News-Services-Handled
Host-ID
X-APP-VERSION
X-Tumblr-Pixel-3
X-IPS-LoggedIn
X-Varnish-Beresp-Ttl
X-Via-CDN
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Fastly-Cache
X-Envoy-Decorator-Operation
X-CUA
X-Ms-Request-Id
X-Fmm-Version
X-Micro-Cache
X-Core-Value
CDN-RequestCountryCode
X-Microcachable
X-Clara-WADP
CDN-CachedAt
CDN-Cache
CDN-EdgeStorageId
CDN-RequestId
CDN-PullZone
CDN-Uid
CloudFront-Viewer-Country
X-Cache-Debug
X-Ms-Version
X-Cache-Bucket
X-Auto-Login
Gh-Request-Id
X-Cms-Context
X-Generation-Time
X-WADP-Cache
X-VG-TLSProxy
X-UA
X-Bc-Bl
Backend
X-Cache-Config
X-B3-Traceid
X-GEO
Wxu-Next-Hostname
Platform
Wxu-Next-Commit
Wxu-Next-Region
X-Varnish-CookieINHashed-On
X-Branch-Name
X-Varnish-CookieHashed-On
X-Bip
X-Variation
X-Varnish-Cacheable
PFcat
X-Varnish-Remaining-TTL
L
X-Wikidot-Backend
X-Webstats-RespID
X-Wikidot-Static-Cache
X-Irp-Debug
X-Platform
Fastly-Drupal-HTML
Fastly-SIE
X-Cache-Id
NM-Fastcgi-Cache
Is-Eu
X-VarnishDD-TTL
Fastly-SWR
Origin
X-SN
X-Hash
X-HN
X-Gzip
X-Geo-Header
X-Generated-On
X-Platform-Server
X-HS-Content-Campaign-Id
X-Level-Front-Cache
X-OVcl-Cache
X-OVcl
X-Owner
X-Method
X-Location
X-Gamma-Serve
X-Policy
X-Servername
X-Request-Host
X-Core-Mission
X-Old-Content-Length
X-Thanos
X-DefElseHash
X-DefHash
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-Developers
X-Cache-NGX
X-Esi-Check
X-Varnish-Ttl
Akamai-GRN
CacheControlHeader
AKAMAI
Adler-Geo
X-B3-Spanid
X-Cache-Backend
X-CS
X-Csrf-Jwt
X-CGP
X-Eu-Site
X-Mvc-Supplant-Cachable
X-Reqid
Rt-Fastcgi-Cache
X-Render-Time
X-Skip-Cache
X-Cache-Date
X-Slack-Backend
X-PF-Uncompressing
Pagetype
X-JWT-State
X-Is-Gdpr
X-Li-Fabric
X-Li-Pop
X-LI-UUID
X-Has-Esi
X-Fastly-Backend
L5d-Success-Class
X-Clientip
HA-Ipaddr
Ha-Gx-Prefs
X-Twitter-Response-Tags
X-Transaction
X-Backend-State
X-Request-Start
C-Via
Fastly-Backend-Name
X-EIG-Tracking-Id
X-Content-Age
X-Cache-Tags
FSS-Proxy
X-DC
X-TA-CDN-Provider
X-Refresh
X-Minions-Version
X-RateLimit-Remaining
X-Cache-Remote
Country-Code
X-Sql-Count
X-Amz-Meta-Cb-Modifiedtime
X-Wa
X-Sql-Duration-Ms
UCS
X-Aicache-OS
X-NODE
X-Via-Popn
Surrogated-Key
X-Via-Poph
X-Date
X-Accel-Expires-Debug
X-Hp-Webp
X-NGENIX-Cache
X-Www-Served-By
X-Up
X-LB-ID
X-Vgn-Hpd-Variations-Key
X-Req
X-Vgn-Hpd-Cached
X-Edge-Location
X-Presslabs-Stats
XServer
X-Nginx-Cache
X-SRV
X-Dc
X-Ftr-Cache-Host
We-Hiring
Mail-Subject
HostName
X-Cache-URL
X-Cdn-Srv
Cache-Hits
Hostname
X-Mvc-Supplant-OutputCached
Ufe-Result
X-NU-AKA-ACS-Version
Memcached
X-Debug-Cache-Store
X-S-Maxage
NGX
X-Debug-Cache-Fetch
Group
X-Check-Cacheable
Protected
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Time
X-LI-Proto
X-Via-Edge
X-Proxy-Upstream
X-Ua-Device
X-Servedbyhost
Edge-Copy-Time
X-Via-SSL
X-CACHE-AGE
Now
X-Svr
X-FPC
X-Varnish-Hostname
On-Server
ServedBy
X-BC
X-ZONE
X-Agile
X-Request-Time
X-Agile-Age
Geoip-Latitude
X-Agile-Id
GeoIp-Country-Code
T-Server
X-Cdn-Forward
X-Pass-Why
X-FORWARDED-FOR
X-Acc-Rdl
X-LiteSpeed-Cache-Control
X-Webkit-Csp
X-VCL-Version
X-CSRF-TOKEN
M-TraceId
SID
X-UnsetCookies
Xserver
X-Cs
Pics-Label
X-Cluster-Node
X-Uri
X-MP-GENERATED-AT
N-Cache
Server-Host
X-Datadome
X-Via-Popv
WZWS-RAY
X-Varnish-Hits
X-NGINX-Cache
X-Dynatrace-Js-Agent
X-Bc
X-Zone
Section-Io-Origin-Status
X-Erf-Stays-Bingo-Pdp-Web
X-HS-Status
Arc-Country
Magicmarker
X-VC
X-SB
X-APP
X-Srv
X-CF-Powered-By
Section-Io-Id
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
NtCoent-Length
Ohc-File-Size
Cdn-Host
X-We-Are-Hiring
X-Edge-Server
Cdn-Request-Time
VivaBuild
Viewtype
X-Info
Apigw-Requestid
ProcessTime
User-Agent
Ohc-Cache-HIT
X-TT-LOGID
Processtime
Sid
X-Via-Ucdn
X-Action
X-MSEdge-Features
X-MSEdge-Flight
Memory
X-RunCloud-Cache
W
LB
User-Cache-Control
Odigeo-Trace-Id
Cache-Name
X-UA-Device-Type
Srv
X-Unique-ID
Geo-Info
X-DB
X-DSS
X-DW
X-Oss-Cdn-Auth
Cteonnt-Length
X-DI
X-RPM
X-RPS
X-RSL
Tracecode
DSUID
WWW-Authenticate
X-Newrelic-App-Data
X-Origin-Date
X-HOST
CountryCode
X-Tb
CF-IPCountry
WebServer
Ssr
X-Vcl-Version
X-Vgn-Hpd-Ssi
X-Geo
X-HITS
Server-Info
X-Cache-Hfrom
X-Cache-Hm
Amp-Access-Control-Allow-Source-Origin
CDN
S-Rt
X-Pjax-Url
X-Hit
X-Webkit-CSP-Report-Only
Server-ID
X-Origin-TTL
X-Request-URI
X-Cc-Via
CDCHOST
X-Scheme
X-Magnolia-Registration
MIME-Version
Path
Instruction
A
X-Developer
X-Cc-Req-Id
D-Cc-Upstream
Vix-Hermes-Req-Id
V-Age
X-BBXSRF
X-Gen-Mode
X-Server-IP
X-BBC-Edge-Cache-Status
X-Block-Status
X-Cache-Expires
X-Response-By
Web-Mar-Node
SR-User-Adfree
X-Cache-Info
True-Client-Country-4JS
Lfy
X-Goog-Meta-Goog-Reserved-File-Mtime
X-VServer
X-Fastly-Country-Code
X-Node-Id
X-Varnish-Url
X-SRCache-Key
X-Origin-CC
X-Hnp-Log
X-Newrelic-Synthetics
X-CACHE-KEY
GeoIP-Country-Code
GeoIP-Latitude
X-Thinkindot-L3
X-Swa-Ws
Cdn
X-NodeID
X-Nyt-Route
X-Gdpr
Thinkindot-CacheControl
IsBot
X-Loc
Server-Hostname
Locid
X-Matched-Rule
X-Nginx-Cache-Key
Cache-Host
Server-Ext
Thinkindot-CacheControl-Type
Sever-Int
X-Varnish-Authentication
X-Nc
Thinkindot-Control
X-SD-PageType
X-SVT-ORM-VERSION
X-Trace-Id
X-Generated-In
X-User
X-Akamai-Request-ID2
X-SVT-ORM-RULES
X-Origin-Expires
X-Cache-ASPX
Lb
X-API-Version
X-SIPLIST1
X-Traceid
X-Contensis-Viewer-Groups
X-Origin-Time
X-Provided-By
X-Fetched-On
X-Device-Os
X-Epic-Correlation-Id
X-FC-Vary-Parameters
X-Via-NSCOPI
X-GeoIP-City
X-Cdn-Origin
Pramga
Release
X-Azure-Ref-OriginShield
X-Fpc
X-Var-Ttl
X-Envoy-Upstream-Healthchecked-Cluster
X-Sn-Servicetimems
X-Cache-Tag
FNAC-ModuleRouting
Accept-Language
X-Lb-Id
Source
X-Men
X-ServedByHost
X-Li-Proto
X-Dynatrace
X-Rocket-Build-Number
Cf-Device-Type
X-Sigma-Backend
X-Sigma
X-Amzn-Remapped-Connection
X-Served-From
X-SERVER-NAME
Server-Ttl
Cache-Key
Esi-Enabled
X-Akamai-Pragma-Client-IP
X-StackifyID
X-TH-Server
X-Amzn-Remapped-Date
Kp-EeAlive
X-ORACLE-APMCS-REQUEST-ID
Actual-Object-TTL
X-Origin-Response-Time
X-B3-SpanId
Tcn
Expiry
X-Key
X-Via-PopN
Content-Style-Type
X-Via-PopH
X-Instart-Request-ID
X-Via-PopV
X-Parent-Response-Time
Content-Script-Type
Cache-Provider
X-RateLimit-Limit
X-No-Cache
X-Agile-Brick-Ok
Req-Svc-Chain
Location
X-VC-Cache
X-Mobile-Rewrite
X-ServiceProvider
X-Batcache
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
Inserted-Into-Cache-At
X-ElasticPress-Query
X-Tt-Logid
X-WA
X-Vgn-Hpd-Reason
X-Request-URL
X-Yottaa-OS
X-MiniProfiler-Ids
X-Vcache
Who
X-PJAX-URL
X-Apw-Hits
X-BBC-Origin-Response-Status
X-Instart-Info
X-Apw-Access-Token
X-HostName
X-Dispatch
X-Apw-Access-Object
X-B3-Parentspanid
Xkeyi7
Content-Secure-Policy
Origin-Cache-Control
Origin-Edge-Control
EpKe-Alive
Url
X-Apw-Access-Action
X-Varnish-Beresp-TTL
Proxy-Firewall
X-Proxy-Cachei7
URI
X-Geo-Region
X-Selected-Scheme
X-Selected-Host-Header
X-Selected-Name
X-Akamai-Request-ID
Resin-Trace
Mime-Version
Powered-By
BehaviorPad-Version
X-TraceId
HitType
X-RAMCache
NnCoection
Pragrma
Xet-Cookie
X-Dw-Trace-Id
Cf-Alt-Svc
X-Snapshot-Date
X-C
PICS-Label
Vha6-Origin