Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
Age
CF-RAY
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-Served-By
CF-Ray
X-Xss-Protection
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-FRAME-OPTIONS
P3p
X-Cacheable
X-Request-ID
X-Kinja-Server-Push
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
Upgrade
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Template
X-Language
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Backend
X-Dns-Prefetch-Control
X-Hacker
X-Cache-Group
X-AH-Environment
X-Server
X-Robots-Tag
X-Amz-Request-Id
X-UA-Device
EagleId
X-Amz-Id-2
X-Proxy-Cache
X-Buckets
X-Turbo-Charged-By
Request-Context
X-Server-Powered-By
Server-Timing
Host-Header
X-Nginx-Cache-Status
Grace
Report-To
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Ali-Swift-Global-Savetime
Cf-Bgj
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Vhost
X-Amz-Version-Id
X-Host
X-WebKit-CSP
NEL
X-Dispatcher
X-Device
X-Backend-Server
X-Node
Surrogate-Control
X-Ruxit-JS-Agent
X-Cache-Lookup
X-Response-Time
Content-Location
X-Origin-Cache
Request-Id
X-Server-Id
X-Akam-SW-Version
X-ASPNET-VERSION
X-Ac
Accept-CH-Lifetime
EagleEye-TraceId
X-Country
Accept-CH
X-HW
X-Mod-Pagespeed
Rating
X-Readtime
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Cloud-Trace-Context
X-Application-Context
Pinterest-Generated-By
Edge-Control
X-Country-Code
X-DataDome
X-Vname
X-TtlSet
X-PC
X-Url
X-Varnish-TTL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Origin-Upstream-Status
X-Cnection
Allow
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
X-MS-InvokeApp
X-D2id
X-GitHub-Request-Id
X-Content-Type
X-Clacks-Overhead
X-Server-Name
X-ESI
X-Abt-Application-Version
X-Pinterest-Rid
X-Trace
X-Navigation-Version
Pinterest-Version
X-FTR-Request-ID
Pagespeed
Display
Response
X-Sol
X-Vcap-Request-Id
X-Middleton-Response
X-Middleton-Display
X-B3-TraceId
X-Px
Verso
X-Rack-Cache
X-Webkit-CSP
X-Cached
X-DynaTrace
X-Element-Page-Cache
X-Fastly-Request-ID
Service-Worker-Allowed
MS-Author-Via
X-Client-IP
X-Cache-TTL
Arr-Disable-Session-Affinity
X-Dw-Request-Base-Id
X-Powered-By-Plesk
X-Upstream
Content-MD5
X-Version
X-Forwarded-Proto
X-TTL
AR-Request-ID
AR-CACHE
AR-PoweredBy
AR-ATIME
X-NF-Request-ID
Ar-Sid
SPRequestGuid
X-SharePointHealthScore
X-T
Accept-Ch
Fastly-Restarts
X-Debug
X-VARITI-CCR
X-Server-ID
X-Exp-Variant
X-Kinja-Revision
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Server
X-Use-Magma
X-Kinja
X-Kinja-Build
X-Cdn-Fetch
X-Jurisdiction
X-XRDS-Location
X-Goog-Hash
Access-Control-Request-Method
X-Powered-CMS
TP-Cache
TP-L2-Cache
X-FastCGI-Cache
X-MSEdge-Ref
X-Content-Digest
X-Release
X-Ttl
X-Edge
X-NWS-LOG-UUID
TCN
X-CST
S
SPIisLatency
SPRequestDuration
X-Amz-Rid
RTSS
X-Pinterest-Direct
Cache-Tag
X-Request-Received
X-Request-Processing-Time
Fastcgi-Cache
X-Ezoic-Cdn
Public-Key-Pins
X-Yandex-Sdch-Disable
X-Node-Name
X-PressLabs-Stats
X-Cache-Key
X-MCACHE
X-Mid
Server-Node
X-Accel-Expires
Accept-Ch-Lifetime
X-Amzn-Trace-Id
Front-End-Https
X-Logged-In
X-Cache-Hit
X-Ratelimit-Remaining
ServerID
X-Ser
X-Request-Handler-Origin-Region
X-Microsite
X-Recruiting
X-Kinsta-Cache
X-Origin-Server
X-Page-Id
Alternate-Protocol
Accept-Charset
Host
X-B
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ratelimit-Limit
X-Hostname
X-Mobile-URL
X-Varnish-Age
X-ECACHE
X-Content-Security-Policy-Report-Only
X-FireWall-Port
Nginx-Cache
Filterid
X-DIS-Request-ID
X-FTR-DC
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Backend
X-Shield-Request-Id
X-FTR-Expires
X-Mg-S
X-Seen-By
X-Content-Options
Realpath
X-Load-Cache
X-Grace
Edge-Cache-Tag
X-Daa-Tunnel
X-Jobs
X-Forwarded-For
Akamai-Age-Ms
X-Amz-Server-Side-Encryption
X-F-Cache
X-LB-Cache
X-Git-Hash
X-N
X-Type
X-Az
X-AppVersion
X-Activity-Id
X-App-Environment
X-Varnish-Backend
X-Hits
X-Request-Guid
Paypal-Debug-Id
X-Varnish-Grace
X-Rid
X-HP-Webp
X-Id
Fastcgi-Useragent
X-Proxy
X-Zen-Fury
X-Litespeed-Cache
MicrosoftSharePointTeamServices
DynaTrace
X-FB-Debug
X-Correlation-ID
Cache-Tags
Access-Control-Allow-Method
X-Upgrade-Enabled
Cleartype
X-App-Server
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-WebKit-CSP-Report-Only
DC
X-Geo-Country
X-Akamai-Edgescape
X-Cached-By
Content-Disposition
X-Content-Powered-By
X-Cache-Rule
X-Cache-Operation
AMP-Access-Control-Allow-Source-Origin
X-Host-Name
X-Wix-Request-Id
X-IPLB-Instance
X-Amz-Meta-S3cmd-Attrs
X-User-Agent
X-B3-Sampled
X-Response-Served-From
X-Original-Request-Id
Powered-By-ChinaCache
X-Accel-Buffering
Healthy
X-Cache-Age
X-Endurance-Cache-Level
X-HS-Cache-Config
X-HTML-Minification-Powered-By
X-HS-Hub-Id
X-HS-Content-Id
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-HS-Combine-CSS
X-Goog-Storage-Class
X-Signature
X-B-Cache
X-VCache
NGB
X-AOL-HN
X-Distributor
X-Whom
X-Respond-Thread
X-Region
X-UUID
X-Cacheable-TTL
MS-CV
X-Rendered-As
X-Is-Bot
Payment
X-FW-Serve
X-FW-Type
X-Cache-Time
X-FW-Static
X-FW-Dynamic
Refresh
X-FW-Hash
X-Debug-Info
X-FW-Server
X-Rule
Datacenter
X-Instance
X-Mobile
X-Frontend
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Tumblr-Pixel-2
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Ua
X-XRDS-LOCATION
Countrycode
X-App-Version
PB-RID
PB-PID
Arc-Version
Surrogate-Key
X-Fastcgi-Cache
X-Varnish-Server
S-Cnection
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Oneagent-Js-Injection
X-PHP-Backend
X-Protected-By
X-Acc-Debug-Context
X-Backend-Name
X-Via-JSL
Viewport
X-Cache-Server
Liferay-Portal
X-Azure-Ref
X-Hyper-Cache
X-Cache-Expired-At
X-NewRelic-App-Data
Powered
X-Hp-Webp
Filters
X-WA-Info
Referer-Policy
X-Proxy-Cache-Status
Retry-After
Charset
X-Sucuri-ID
X-Cache-Control
X-DynaTrace-JS-Agent
Section-Io-Cache
X-Source
X-EdgeConnect-Cache-Status
X-Amz-Replication-Status
X-ProcessESI
X-FB-TRIP-ID
X-RemovedCookies
X-FTR-Cache-Host
X-Cache-Action
Cache
X-ES-SERVER
X-RN-RSRV
X-Cache-Var-Map
X-Real-IP
X-Mode
Eomportal-Instance
X-GeoIP
Meta-Geo
X-Cache-Var
X-Debug-Cache
X-Time
X-R9-Blue-Green-Version
X-Locale
X-From
X-Qloud-Router
X-Framework
X-Site-Version
Mn-Server-Ip
X-Yottaa-Metrics
X-Human
X-AWS-Id
X-Cache-Host
X-Device-Type
X-LJ-Flow-ID
X-Yottaa-Optimizations
Version
X-Time-Microsecs
X-Via-Fastly
X-VWS-Id
X-Xfnlog-Site
X-Server-W
X-Environment-Context
X-L-Path
TWC-Connection-Speed
Uber-Trace-Id
Ms-Operation-Id
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Selected-Fe
X-RTag
Cache-Tv-Group
Cross-Origin-Window-Policy
X-Revision
Property-Id
TWC-Locale-Group
Ec-Rule-Version
X-FW-Version
X-Ratelimit-Reset
X-ProxyCache-Status
X-ProxyCache-Key
X-Proxy-Build
X-Routing-Service
X-Timing-Wait
X-Cache-TTL-Remaining
X-Zipkin-Id
X-TNCMS
X-Proxied
X-PCL
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
X-BYPASS-REASON
X-Cluster
X-Origin-Hint
X-Loop
X-Handled-By
TWC-Privacy
X-OCL
GEO-INFO
X-CSRF-Token
FSS-Cache
X-Labrador-Cache-Channel
X-Hosted-By
X-Generated-By
DB-Nickname
X-JoinUs
X-SaId
X-NYM-Debug-Backend
X-Status
X-Hl-Ver
X-BCube-Filmed-By
X-Air-Hostname
X-Amzn-Remapped-Content-Length
Frame-Options
X-Be
X-PHP-Host
X-Detected-As
X-Redis-Cache
X-Access
X-Format
X-Proto
X-ServerID
X-Section
X-Unique-Id
X-No-Session
Nel
X-ATG-Version
X-Cache-PHP
From-Origin
X-Sucuri-Cache
X-NWS-UUID-VERIFY
X-Drupal-Cache-Contexts
Webserver
X-Varnish-Cache-Hits
Server-Name
X-TA-CDN-Provider
X-Contextid
X-URL
X-Drupal-Cache-Tags
X-NCache
X-Origin
X-EIG-Tracking-Id
X-CDN-Forward
X-Correlation-Id
OT-Force-Account-Verify
CF-Cached-On
X-EC-Lua
X-AIR-PT
X-IPS-LoggedIn
X-Tt-Trace-Tag
X-Adobe-Content
X-Oss-Request-Id
X-Tt-Trace-Host
X-Oss-Storage-Class
X-Akamai-Transformed
X-Bc-Bl
X-Oss-Object-Type
X-GoCache-CacheStatus
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Adobe-Loc
X-TIME
X-Cache-Enabled
X-IP
X-Esi
X-NC
X-TT
X-ECache
X-Vgn-Hpd-Variations-Key
X-Backend-Host
X-Vgn-Hpd-Cached
X-Ruxit-Js-Agent
Azure-SlotName
X-Cache-Backend
Azure-RegionName
Azure-Version
Azure-InstanceId
X-UA
Azure-SiteName
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Cdn
X-Tumblr-Pixel-3
X-Cache-2
Access-Control-Request-Headers
SD-X-WS
X-Adobe-Source
X-CCM
X-CACHE-AGE
X-APP-VERSION
Node
Time
Host-ID
X-Processor
X-ARC
X-Vdms-Path
DCR-Processing-Time-Ms
Apple-News-Services-Handled
X-PBS-Appsvrname
X-Up
DCR-Decision-By
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Cache-NE
X-B-Cookie
X-External-Request-Id
X-Destination
CloudFront-Viewer-Country
X-Minions-Version
X-Ms-Request-Id
X-PAYTM-SRV-ID
X-Varnishpool
X-Twitter-Response-Tags
Apple-News-Services-Host
X-Alternate-Cache-Key
X-Ms-Version
X-Date
X-D
X-Aed
X-Backend-TTL
X-S-Cookie
X-VG-WebServer
X-S
X-ShardId
X-ShopId
X-ScT
Fastcgi-X-Cache-Version
X-Connection-Hash
X-VG-WebCache
X-ApacheServer
X-Accel-Expires-Debug
X-Sorting-Hat-ShopId
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Machine
X-Worker
X-Request-UUID
X-Rojux
Now
Xc-Version
X-Sorting-Hat-PodId
Mobile-Detection-Method
Meta-Geo-Continent
X-Shopify-Stage
MD5-Digest
X-Soup
X-Pubstack
X-CF-Lambda-Fn
X-A-Dam
Rendered-Blocks
X-Application
X-A-Dgt
X-Storefront-Renderer-Rendered
X-Vdms-Version
X-Transaction
X-Rewrite-Enabled
X-A
Surrogated-Key
X-A-Ccd
X-Trv-Group
X-A-Wwc
X-A-Dcw
X-RCS-CacheZone
X-Forwarded-Host
X-CF-Lambda-Version
X-PERF
X-Cache-Grace
X-G
X-Edge-Location
X-Web-Node
CDN-CachedAt
CDN-Cache
X-Envoy-Decorator-Operation
X-CUA
X-DPWN-IS-SECURE
Cache-Status
X-Say-TTL
X-Viewer-Country
X-SayCDN-TTL
X-Say-Cacheable
X-Cache-Config
X-Storage
X-Dispatcher-Server
X-Core-Value
Adler-Geo
Fastly-SSL
We-Hiring
CDN-EdgeStorageId
Wxu-Next-Region
Ufe-Result
Platform
Wxu-Next-Hostname
X-VG-TLSProxy
X-OVcl-Cache
X-Owner
Wxu-Next-Commit
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
CACHE
Fastly-SIE
Fastly-SWR
X-Req
NM-Fastcgi-Cache
X-Skip-Cache
X-Servername
Mail-Subject
X-NGENIX-Cache
X-OVcl
CDN-RequestCountryCode
CDN-RequestId
CDN-Uid
X-Variation
X-Hash
X-Bip
X-Cache-Bucket
X-Generation-Time
CDN-PullZone
Is-Eu
X-Varnish-Ttl
X-Method
X-Microcachable
X-Thanos
X-SN
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-Cluster-Name
X-Micro-Cache
Gh-Request-Id
Group
L
X-Auto-Login
X-Cache-Date
X-Backend-State
C-Via
CacheControlHeader
Country-Code
X-Cache-NGX
Origin
PFcat
AKAMAI
Rt-Fastcgi-Cache
Fastly-Drupal-HTML
X-Platform
X-Render-Time
X-Ah-Environment
X-Reqid
X-Request-Start
X-Policy
X-LI-UUID
X-Level-Front-Cache
X-Li-Fabric
X-Li-Pop
X-Slack-Backend
Upgrade-Insecure-Requests
X-Fmm-Version
X-WADP-Cache
X-Webstats-RespID
X-Fastly-Cache
X-Clara-WADP
X-TX-ID
X-Varnish-Cacheable
X-VarnishDD-TTL
X-HN
X-Request-Host
Country
X-Core-Mission
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-Fastly-Backend
X-Cms-Context
X-Gamma-Serve
X-Clientip
X-Generated-On
Backend
X-Cache-URL
X-Wikidot-Backend
X-Cache-Id
Memcached
X-Platform-Server
Akamai-GRN
X-Wikidot-Static-Cache
X-Esi-Check
X-Gzip
X-HS-Content-Campaign-Id
X-Old-Content-Length
X-LAGOON
Pagetype
X-Content-Age
X-Cache-Tags
X-Cdn-Srv
X-Csrf-Jwt
X-Proxy-Upstream
X-Eu-Site
L5d-Success-Class
FSS-Proxy
X-Location
X-JWT-State
X-Has-Esi
X-Geo-Header
Fastly-Backend-Name
X-Amz-Meta-Cb-Modifiedtime
X-Is-Gdpr
Ha-Gx-Prefs
HA-Ipaddr
X-CGP
X-Developers
X-CS
X-DefHash
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-DefElseHash
X-Varnish-Remaining-TTL
X-Wa
X-Irp-Debug
X-Agile
X-Agile-Id
X-Agile-Age
UCS
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Providence-Cookie
X-Route-Name
X-UPSTREAM-Address
X-Flags
X-NODE
HostName
X-LB-ID
X-Aicache-OS
X-Branch-Name
X-Refresh
X-PF-Uncompressing
X-Mvc-Supplant-Cachable
X-ZONE
X-BC
X-Instart-Request-ID
M-TraceId
X-Cache-Debug
X-Session-Fingerprint
X-RateLimit-Remaining
X-Via-Popn
X-Via-Poph
X-Dc
X-Cdn-Forward
X-DC
X-B3-Spanid
X-Servedbyhost
X-Debug-Cache-Fetch
X-LI-Proto
X-Debug-Cache-Store
Arc-Country
NGX
X-Ua-Device
X-Page-View
Cdn-Host
Viewtype
VivaBuild
X-Edge-Server
X-Mvc-Supplant-OutputCached
Cdn-Request-Time
X-GEO
X-SERVER
X-RunCloud-Cache
X-Via-Ucdn
X-Request-Time
X-Nginx-Cache
Srv
X-Zone
X-Bc
X-Ftr-Cache-Host
X-Varnish-Hostname
SRV
X-COUNTRY
Hostname
Xserver
X-Action
X-HS-Status
X-ORACLE-APMCS-REQUEST-ID
Actual-Object-TTL
X-Vgn-Hpd-Ssi
X-Pinterest-Sli-Latency-Threshold
X-Pinterest-Sli-Response-Type
Memory
X-Pinterest-Sli-Endpoint-Name
X-Check-Cacheable
X-FPC
X-APP
X-LiteSpeed-Cache-Control
X-FORWARDED-FOR
X-RPS
X-RSL
X-RPM
X-NU-AKA-ACS-Version
X-B3-Traceid
X-Via-CDN
X-Srv
X-VCL-Version
X-DB
X-DSS
X-DI
X-DW
WWW-Authenticate
X-Cs
Geo-Info
X-CSRF-TOKEN
X-NGINX-Cache
X-Unique-ID
X-Datadome
X-Presslabs-Stats
X-Via-Popv
X-Cluster-Node
X-UnsetCookies
X-Oss-Cdn-Auth
X-Sql-Count
XServer
Geoip-Latitude
GeoIp-Country-Code
X-Sql-Duration-Ms
WebServer
X-Vcache
X-Geo
X-Via-Edge
X-Via-SSL
Edge-Copy-Time
X-CF-Powered-By
X-Dynatrace-Js-Agent
Sid
X-Akamai-Request-ID2
ProcessTime
X-MP-GENERATED-AT
User-Agent
SID
X-Hit
On-Server
X-SERVER-NAME
X-We-Are-Hiring
X-Epic-Correlation-Id
W
X-Svr
GeoIP-Latitude
Apigw-Requestid
GeoIP-Country-Code
Processtime
X-Www-Served-By
X-SRV
X-Webkit-CSP-Report-Only
NtCoent-Length
Server-Info
Cache-Hits
ServedBy
X-Cache-Remote
X-S-Maxage
X-Mobile-Rewrite
LB
X-FC-Vary-Parameters
X-HOST
Ohc-File-Size
S-Rt
X-Envoy-Upstream-Healthchecked-Cluster
X-Nc
X-Fpc
T-Server
Amp-Access-Control-Allow-Source-Origin
X-HITS
X-Vcl-Version
CF-IPCountry
X-Cache-Hm
N-Cache
X-Tb
X-Cache-Hfrom
X-Pjax-Url
Server-Host
X-MSEdge-Features
Accept-Language
Esi-Enabled
X-Pass-Why
X-MSEdge-Flight
X-Fastly-Country-Code
Lb
A
Magicmarker
X-Key
Pics-Label
Cteonnt-Length
CDN
Cdn
Origin-Edge-Control
Origin-Cache-Control
X-Varnish-Hits
X-CACHE-KEY
WZWS-RAY
X-VC
X-SB
Proxy-Firewall
X-ID
X-LLID
X-Dispatch
Ohc-Cache-HIT
X-Newrelic-App-Data
X-Instart-Info
X-Geo-Region
Powered-By
X-Info
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
Protected
X-StackifyID
X-B3-SpanId
X-Li-Proto
X-ServedByHost
HitType
X-Via-NSCOPI
X-RAMCache
X-Dynatrace
X-Uri
X-Served-From
X-TH-Server
X-Akamai-Pragma-Client-IP
Cache-Key
Fastcgi-Cache-TTL
X-TT-LOGID
Server-Ttl
User-Cache-Control
X-Generated
X-Newrelic-Synthetics
BehaviorPad-Version
X-Cache-Tag
Tracecode
X-App
X-Erf-Bev-Bev-Is-Generated
X-LiteSpeed-Tag
X-Via-PopH
X-Via-PopV
Cache-Provider
X-Via-PopN
X-Lb-Id
Ssr
X-Erf-Bev-Bev
X-TrackingId
Section-Io-Origin-Status
Section-Io-Id
Odigeo-Trace-Id
DSUID
Cache-Name
X-Cc-Via
X-Erf-Stays-Bingo-Pdp-Web
X-Cc-Req-Id
X-WA
D-Cc-Upstream
X-Agile-Brick-Ok
Lfy
X-Tt-Logid
X-Cache-Spec
X-Men
X-Path-Route
X-Magnolia-Registration
X-UA-Device-Type
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Batcache
X-Provided-By
Xet-Cookie
X-Planisys-CDN-TTL
Section-Origin-Responded
X-Scheme
Dnion-Transfer-Encoding
Section-Io-Origin-Time-Seconds
Tcn
X-Azure-Ref-OriginShield
X-API-Version
X-BBXSRF
X-Cache-Info
X-Block-Status
X-Cache-Expires
X-Cache-ASPX
Server-Hostname
Web-Mar-Node
Vix-Hermes-Req-Id
V-Age
X-BBC-Edge-Cache-Status
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Server-ID
Sever-Int
SR-User-Adfree
True-Client-Country-4JS
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Origin-Date
X-Origin-Expires
X-Origin-CC
X-Nyt-Route
X-Node-Id
X-NodeID
X-Origin-Time
X-Origin-TTL
X-Request-URI
X-Response-By
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Parent-Response-Time
X-Nginx-Cache-Key
X-Matched-Rule
X-ElasticPress-Query
X-Fetched-On
X-Device-Os
X-Developer
X-Contensis-Viewer-Groups
X-Gdpr
X-Gen-Mode
X-Hnp-Log
X-Loc
Server-Ext
X-GeoIP-City
X-SD-PageType
X-Cdn-Origin
X-Sigma-Backend
X-RateLimit-Limit
X-HostName
Who
X-Swa-Ws
X-Varnish-Url
Cf-Alt-Svc
X-Var-Ttl
X-Server-IP
Inserted-Into-Cache-At
X-PJAX-URL
X-Trace-Id
X-Varnish-Authentication
X-Traceid
X-VC-Cache
X-Yottaa-OS
X-Thinkindot-L3
X-VServer
X-Rocket-Build-Number
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
Kp-EeAlive
IsBot
Instruction
Locid
MIME-Version
Release
Pramga
Path
FNAC-ModuleRouting
CDCHOST
X-SIPLIST1
X-Sn-Servicetimems
X-SRCache-Key
X-Varnish-Beresp-TTL
X-Pf-Uncompressing
Cache-Host
X-ServiceProvider
X-Sigma
X-User
X-Selected-Scheme
CountryCode
X-No-Cache
X-Selected-Host-Header
X-Acc-Rdl
X-Selected-Name
X-BBC-Origin-Response-Status
Req-Svc-Chain
X-Proxy-Cachei7
X-Dw-Trace-Id
X-MiniProfiler-Ids
Mime-Version
X-C
Vha6-Origin
X-Tid
Content-Style-Type
Content-Script-Type
X-Origin-Response-Time
X-Pad
Pragrma
PICS-Label
X-Request-URL
Source
X-Snapshot-Date
Resin-Trace
X-Apw-Hits
X-Apw-Access-Token
X-Vgn-Hpd-Reason
X-Apw-Access-Action
X-Apw-Access-Object
X-Generated-In