Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
CF-RAY
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-UA-Compatible
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
X-Xss-Protection
Alt-Svc
X-Served-By
CF-Ray
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-DNS-Prefetch-Control
P3p
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Backend
X-Cache-Group
X-Server
X-Hacker
X-Amz-Request-Id
X-Dns-Prefetch-Control
X-Robots-Tag
X-Amz-Id-2
X-UA-Device
X-AH-Environment
X-Template
EagleId
X-Proxy-Cache
Request-Context
X-Language
X-Turbo-Charged-By
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Grace
Host-Header
Report-To
X-Rq
X-Page-Speed
Xkey
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-Buckets
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
X-Vhost
X-Host
X-WebKit-CSP
X-Backend-Server
X-Dispatcher
X-Device
X-Server-Id
NEL
Surrogate-Control
X-Node
Request-Id
Content-Location
X-Ruxit-JS-Agent
X-Response-Time
Accept-CH-Lifetime
EagleEye-TraceId
X-Cache-Lookup
Accept-CH
X-Akam-SW-Version
X-Origin-Cache
X-Ac
X-Ua-Compatible
X-Readtime
Allow
Rating
X-HW
X-Mod-Pagespeed
X-Country
X-Cloud-Trace-Context
X-Application-Context
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Edge-Control
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-TtlSet
X-PC
X-Vname
X-DataDome
X-Cnection
X-Country-Code
X-MS-InvokeApp
X-Varnish-TTL
X-GitHub-Request-Id
X-Content-Type
X-ASPNET-VERSION
X-CST
X-D2id
X-Origin-Upstream-Status
X-Clacks-Overhead
X-Trace
Response
Display
X-Middleton-Display
Pagespeed
X-Middleton-Response
X-Sol
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Source
Pinterest-Version
Fusion-Content-Id
X-Server-Name
Fusion-Template-Id
X-Pinterest-Rid
Fusion-Component-Id
X-Url
MS-Author-Via
X-Abt-Application-Version
X-Vcap-Request-Id
X-Px
X-Navigation-Version
X-B3-TraceId
X-Rack-Cache
Service-Worker-Allowed
Verso
X-DynaTrace
X-ESI
X-Fastly-Request-ID
X-FastCGI-Cache
X-Client-IP
Arr-Disable-Session-Affinity
Cf-Bgj
X-Cached
X-Webkit-CSP
X-Element-Page-Cache
X-FTR-Request-ID
X-Cache-TTL
X-TTL
X-Dw-Request-Base-Id
X-SharePointHealthScore
SPRequestGuid
X-Powered-By-Plesk
X-VARITI-CCR
X-Exp-Id
X-GoogleNews-Bot
X-Exp-Variant
X-Goog-Hash
X-Kinja-Revision
X-Upstream
X-Use-Magma
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Cdn-Fetch
X-NF-Request-ID
Fastly-Restarts
AR-Request-ID
AR-ATIME
AR-PoweredBy
AR-CACHE
Ar-Sid
X-Debug
Content-MD5
X-Forwarded-Proto
X-MSEdge-Ref
X-Version
X-Powered-CMS
X-Pinterest-Direct
SPRequestDuration
SPIisLatency
X-T
Access-Control-Request-Method
X-Release
X-Jurisdiction
X-Amz-Rid
S
X-Content-Digest
X-Edge
X-XRDS-Location
X-Ttl
TP-Cache
TP-L2-Cache
RTSS
TCN
Accept-Ch
X-Litespeed-Cache
Cache-Tag
X-Ezoic-Cdn
Public-Key-Pins
X-Cache-Key
X-Node-Name
X-MCACHE
X-Mid
Front-End-Https
X-Yandex-Sdch-Disable
X-Request-Processing-Time
Server-Node
X-Request-Received
Fastcgi-Cache
X-Mg-S
X-Accel-Expires
X-Amzn-Trace-Id
X-Recruiting
X-Ser
X-NWS-LOG-UUID
X-Amz-Server-Side-Encryption
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-SRCache-Store-Status
X-Kinsta-Cache
X-SRCache-Fetch-Status
X-PressLabs-Stats
X-HP-Webp
X-Grace
X-Microsite
X-Request-Handler-Origin-Region
X-Origin-Server
Accept-Charset
X-Logged-In
ServerID
X-Varnish-Age
X-Page-Id
X-Cache-Hit
X-DIS-Request-ID
Host
X-Shield-Request-Id
Nginx-Cache
MicrosoftSharePointTeamServices
X-ECACHE
Edge-Cache-Tag
X-Ratelimit-Remaining
X-Content-Security-Policy-Report-Only
X-B
X-Server-ID
X-Hits
X-Hostname
X-Mobile-URL
X-F-Cache
Cache-Tags
X-LB-Cache
Realpath
Powered-By-ChinaCache
X-AppVersion
X-Activity-Id
X-Az
Accept-Ch-Lifetime
Alternate-Protocol
Cleartype
X-N
X-Git-Hash
X-Content-Options
X-Cached-By
X-Forwarded-For
X-Respond-Thread
X-Upgrade-Enabled
X-Ratelimit-Limit
DynaTrace
X-Type
X-Load-Cache
X-App-Environment
X-Varnish-Backend
Paypal-Debug-Id
X-Request-Guid
X-Jobs
X-Cache-Age
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-DC
X-FTR-Realm
X-FTR-Balancer
X-FTR-Cache-Status
X-Rid
X-FTR-Backend
X-Seen-By
X-FTR-Expires
Fastcgi-Useragent
X-Amz-Meta-S3cmd-Attrs
Access-Control-Allow-Method
X-FireWall-Port
X-Proxy
Nel
X-WebKit-CSP-Report-Only
X-Zen-Fury
X-Correlation-ID
Filterid
X-GUploader-UploadID
X-Akamai-Edgescape
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Storage-Class
X-FB-Debug
X-Varnish-Grace
X-Daa-Tunnel
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-B3-Sampled
X-VCache
Charset
X-IPLB-Instance
X-Signature
X-B-Cache
DC
X-Host-Name
Healthy
MS-CV
X-Mobile
X-Debug-Info
X-AOL-HN
X-App-Server
X-Region
X-Whom
X-Geo-Country
X-User-Agent
AMP-Access-Control-Allow-Source-Origin
Filters
X-URL
X-Cache-Rule
X-Cache-Operation
X-Accel-Buffering
X-Frontend
X-Original-Request-Id
Viewport
X-Response-Served-From
X-XRDS-LOCATION
Payment
X-Id
Liferay-Portal
X-UUID
X-HTML-Minification-Powered-By
X-Content-Powered-By
X-Instance
X-Distributor
X-FW-Hash
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-FW-Static
X-Tumblr-Pixel-1
X-FW-Dynamic
X-FW-Serve
X-Tumblr-User
X-Acc-Debug-Context
X-Tumblr-Pixel-2
X-FW-Type
X-FW-Server
X-Cacheable-TTL
X-Cache-Time
X-Rule
Surrogate-Key
Refresh
X-Protected-By
Content-Disposition
X-Rendered-As
X-Via-JSL
X-Is-Bot
X-Wix-Request-Id
S-Cnection
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Amz-Replication-Status
X-Cache-Expired-At
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Hyper-Cache
Section-Io-Cache
X-App-Version
X-Backend-Name
Datacenter
X-Sucuri-ID
Version
X-Endurance-Cache-Level
X-Cache-Action
X-Ah-Environment
X-Ua
PB-PID
X-Oneagent-Js-Injection
PB-RID
Arc-Version
X-Cache-Server
Retry-After
Akamai-Age-Ms
GEO-INFO
Server-Name
X-Pinterest-Sli-Response-Type
X-Pinterest-Sli-Endpoint-Name
X-Air-Hostname
X-Source
X-Pinterest-Sli-Latency-Threshold
NGB
X-EdgeConnect-Cache-Status
X-Varnish-Server
Eomportal-Instance
X-Real-IP
Referer-Policy
Countrycode
X-L-Path
X-RemovedCookies
X-ProcessESI
X-Environment-Context
X-Framework
CACHE
X-RTag
X-Yottaa-Optimizations
X-Sucuri-Cache
X-Yottaa-Metrics
Ms-Operation-Id
X-Revision
Frame-Options
X-Drupal-Cache-Contexts
X-Unique-Id
X-Esi
X-Cache-Control
X-DynaTrace-JS-Agent
X-Proxy-Cache-Status
X-Azure-Ref
X-WA-Info
X-RN-RSRV
X-Cache-Var
X-NewRelic-App-Data
X-ES-SERVER
Meta-Geo
X-Cache-Var-Map
X-GeoIP
X-Ruxit-Js-Agent
X-Mode
X-Drupal-Cache-Tags
Webserver
X-Cache-Host
X-BYPASS-REASON
X-Xfnlog-Site
X-ProxyCache-Status
X-Cache-TTL-Remaining
X-R9-Blue-Green-Version
X-ProxyCache-Key
X-Qloud-Router
X-Time-Microsecs
DB-Nickname
X-Labrador-Cache-Channel
X-FW-Version
X-From
Webcakes-App-Version
X-PCL
TWC-Privacy
X-Hl-Ver
X-Handled-By
X-Status
X-Server-W
X-Cluster
X-Amzn-Remapped-Content-Length
X-AWS-Id
X-Redis-Cache
X-NYM-Debug-Backend
X-PHP-Host
Webcakes-Region
X-TNCMS
X-VWS-Id
X-Origin-Hint
X-Human
Ec-Rule-Version
X-OCL
X-LJ-Flow-ID
Cross-Origin-Window-Policy
X-Loop
Mn-Server-Ip
Property-Id
TWC-Locale-Group
X-Hosted-By
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Connection-Speed
TWC-Device-Class
Cache-Tv-Group
Webcakes-App-Name
X-Format
X-Locale
X-No-Session
X-FB-TRIP-ID
X-Detected-As
X-Access
X-Be
X-Proxied
X-Proxy-Build
X-Timing-Wait
X-Via-Fastly
X-Zipkin-Id
X-Site-Version
X-ServerID
X-Routing-Service
X-Section
Selected-Fe
X-Proto
X-Contextid
X-PHP-Backend
X-Fastcgi-Cache
FSS-Cache
Uber-Trace-Id
X-CDN-Forward
X-Correlation-Id
X-Debug-Cache
X-Cache-PHP
X-Device-Type
X-ATG-Version
X-Generated-By
X-BCube-Filmed-By
X-Ratelimit-Reset
X-Adobe-Loc
X-TIME
X-AIR-PT
X-Adobe-Content
X-Flags
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Route-Name
X-Providence-Cookie
X-TT
X-CSRF-Token
X-Varnish-Cache-Hits
VIX-Pulpo-Node
X-NC
Cache
X-Tt-Trace-Tag
VIX-Pulpo-Upstream-Status
X-Tt-Trace-Host
Azure-Version
Upgrade-Insecure-Requests
Azure-SiteName
Azure-SlotName
Azure-RegionName
Azure-InstanceId
From-Origin
Powered
OT-Force-Account-Verify
X-Time
X-NCache
Access-Control-Request-Headers
X-Oss-Object-Type
X-Oss-Storage-Class
CF-Cached-On
X-SaId
X-Oss-Server-Time
X-Oss-Request-Id
X-Origin
X-Oss-Hash-Crc64ecma
X-JoinUs
X-COUNTRY
X-GoCache-CacheStatus
X-Akamai-Transformed
X-FTR-Cache-Host
X-Cache-2
X-CCM
SD-X-WS
X-Adobe-Source
X-UPSTREAM-Address
X-Backend-TTL
X-Shopify-Stage
X-ShopId
X-Backend-Host
X-LAGOON
X-Sorting-Hat-PodId
X-ShardId
X-Sorting-Hat-ShopId
X-Varnishpool
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-LLID
X-Forwarded-Host
X-PERF
Country
X-Cache-Grace
X-ApacheServer
X-Soup
X-Pubstack
Fastly-SSL
X-Storage
Decoy-Debug-TTL
X-Page-View
Decoy-Debug-Key
Cache-Status
X-Web-Node
Decoy-Debug-Status
X-G
X-IP
X-Say-TTL
X-Cluster-Name
Node
X-SayCDN-TTL
X-Say-Cacheable
X-ECache
X-NWS-UUID-VERIFY
X-TA-CDN-Provider
X-APP-VERSION
X-Cache-Enabled
X-TX-ID
X-IPS-LoggedIn
X-Cache-Spec
X-Cdn
X-Tumblr-Pixel-3
X-Viewer-Country
X-B-Cookie
X-Rewrite-Enabled
DCR-Processing-Time-Ms
X-VG-WebServer
X-CF-Lambda-Fn
Rendered-Blocks
DCR-Decision-By
X-CF-Lambda-Version
X-Destination
Apple-News-Services-Host
Apple-News-Services-Handled
X-D
X-VG-WebCache
X-Connection-Hash
Apple-News-Services-Parsed-Url
X-Vtex-Remote-Cache
X-External-Request-Id
Apple-News-Services-Request-Url
X-Cache-NE
X-Vtex-Processado-Em
X-PBS-Appsvrname
Mobile-Detection-Method
Meta-Geo-Continent
X-Processor
Host-ID
X-A-Dam
X-S
X-S-Cookie
X-A-Dcw
X-PAYTM-SRV-ID
X-Trv-Group
SRV
X-A
MD5-Digest
X-A-Ccd
X-A-Dgt
X-A-Wwc
X-Aed
X-RCS-CacheZone
Machine
X-Worker
X-Vdms-Path
X-ScT
X-Application
X-ARC
Xc-Version
Fastcgi-X-Cache-Version
X-Bc-Bl
X-Vdms-Version
X-Request-UUID
X-Rojux
X-EC-Lua
X-Cache-Config
X-Platform-Server
X-Varnish-CookieHashed-On
X-DefElseHash
X-Varnish-Beresp-Grace
X-DefHash
X-Variation
Fastly-SIE
Fastly-SWR
X-Varnish-Beresp-Ttl
Gh-Request-Id
X-Ms-Request-Id
X-CUA
X-Auto-Login
X-Rebelmouse-Cache-Control
X-Varnish-CookieINHashed-On
X-Microcachable
X-Rebelmouse-Surrogate-Control
X-Session-Fingerprint
X-Micro-Cache
X-Ms-Version
X-VG-TLSProxy
X-Cms-Context
X-WADP-Cache
CDN-Uid
CDN-Cache
X-Cache-Backend
CDN-RequestId
CDN-CachedAt
Adler-Geo
CDN-PullZone
X-Cache-Bucket
CDN-EdgeStorageId
X-Generation-Time
X-Core-Value
X-DPWN-IS-SECURE
X-Envoy-Decorator-Operation
CloudFront-Viewer-Country
X-Varnish-Beresp-Status
CDN-RequestCountryCode
X-Clara-WADP
Is-Eu
Platform
X-Fmm-Version
X-Fastly-Cache
X-Cache-Debug
X-Varnish-Remaining-TTL
X-UA
Backend
X-ID
Fastly-Backend-Name
Wxu-Next-Commit
AKAMAI
X-Branch-Name
X-Bip
Rt-Fastcgi-Cache
L
Origin
X-Backend-State
PFcat
X-Cache-Date
Wxu-Next-Hostname
X-Cache-NGX
Wxu-Next-Region
Fastly-Drupal-HTML
C-Via
Akamai-GRN
CacheControlHeader
X-Cache-Id
NM-Fastcgi-Cache
X-Method
X-Render-Time
X-Policy
X-EIG-Tracking-Id
X-Request-Host
X-Request-Start
X-Platform
X-Varnish-Ttl
X-Location
X-Old-Content-Length
X-OVcl
X-Owner
X-Servername
X-Skip-Cache
X-Via-CDN
X-VarnishDD-TTL
X-Webstats-RespID
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Varnish-Cacheable
X-Twitter-Response-Tags
X-Slack-Backend
X-SN
X-Thanos
X-Transaction
X-LI-UUID
X-OVcl-Cache
X-Geo-Header
X-Generated-On
X-Gzip
X-Li-Pop
X-Hash
X-Gamma-Serve
X-Fastly-Backend
X-Core-Mission
X-Clientip
X-Developers
X-Dispatcher-Server
X-Esi-Check
X-HN
X-Has-Esi
X-Is-Gdpr
X-Irp-Debug
X-JWT-State
X-Li-Fabric
X-Level-Front-Cache
X-HS-Content-Campaign-Id
X-Hp-Webp
X-CS
X-Csrf-Jwt
X-Minions-Version
X-B3-Spanid
X-Content-Age
X-CGP
Pagetype
X-Mvc-Supplant-Cachable
X-Eu-Site
X-GEO
HA-Ipaddr
Ha-Gx-Prefs
L5d-Success-Class
X-Cache-Tags
X-Reqid
X-PF-Uncompressing
UCS
X-Refresh
X-Amz-Meta-Cb-Modifiedtime
Country-Code
FSS-Proxy
X-B3-Traceid
X-RateLimit-Remaining
X-DC
X-Aicache-OS
X-Date
X-Accel-Expires-Debug
X-Wa
Surrogated-Key
X-NGENIX-Cache
X-Vgn-Hpd-Variations-Key
X-NODE
X-Vgn-Hpd-Cached
X-Sql-Count
X-Req
X-Sql-Duration-Ms
X-Via-Poph
X-Up
X-Via-Popn
X-Cache-Remote
X-Edge-Location
X-LB-ID
X-Cdn-Srv
We-Hiring
Ufe-Result
X-Cache-URL
X-Ftr-Cache-Host
NGX
X-Presslabs-Stats
Mail-Subject
Group
Memcached
X-Mvc-Supplant-OutputCached
Time
X-Dc
X-Nginx-Cache
X-Debug-Cache-Fetch
X-Proxy-Upstream
Now
Hostname
X-Debug-Cache-Store
HostName
X-SRV
X-NU-AKA-ACS-Version
X-Www-Served-By
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-BC
X-Servedbyhost
X-FPC
X-FORWARDED-FOR
X-ZONE
XServer
X-LI-Proto
X-Ua-Device
Cache-Hits
X-Check-Cacheable
X-CACHE-AGE
X-S-Maxage
X-Varnish-Hostname
X-Agile-Id
X-Agile-Age
X-Via-SSL
X-Agile
X-Via-Edge
Edge-Copy-Time
X-Webkit-Csp
X-Request-Time
X-Svr
On-Server
Protected
GeoIp-Country-Code
Geoip-Latitude
ServedBy
M-TraceId
X-Cdn-Forward
Xserver
X-LiteSpeed-Cache-Control
X-CSRF-TOKEN
T-Server
X-Cluster-Node
X-VCL-Version
X-Pass-Why
X-UnsetCookies
SID
X-Datadome
X-APP
X-Cs
Arc-Country
X-MP-GENERATED-AT
X-HS-Status
X-CF-Powered-By
NtCoent-Length
X-Via-Popv
X-Zone
X-Bc
X-Acc-Rdl
X-NGINX-Cache
Cdn-Host
X-Srv
Viewtype
Pics-Label
N-Cache
X-Edge-Server
VivaBuild
X-Erf-Stays-Bingo-Pdp-Web
Server-Host
Cdn-Request-Time
X-Varnish-Hits
Ohc-File-Size
X-Uri
X-SB
X-VC
WZWS-RAY
Processtime
X-We-Are-Hiring
X-Via-Ucdn
Magicmarker
X-RunCloud-Cache
ProcessTime
Apigw-Requestid
X-Action
Memory
User-Agent
X-Dynatrace-Js-Agent
Srv
X-DI
Section-Origin-Responded
X-DSS
Section-Io-Id
X-Info
X-RPM
X-RPS
Section-Io-Origin-Status
W
X-RSL
Section-Io-Origin-Time-Seconds
X-MSEdge-Flight
X-DW
Sid
WebServer
X-MSEdge-Features
WWW-Authenticate
X-Oss-Cdn-Auth
X-DB
Ohc-Cache-HIT
Geo-Info
LB
X-TT-LOGID
X-Geo
Server-Info
CF-IPCountry
X-Unique-ID
X-Vgn-Hpd-Ssi
DSUID
X-UA-Device-Type
Cteonnt-Length
Cache-Name
Odigeo-Trace-Id
X-Newrelic-App-Data
X-SERVER-NAME
X-HOST
X-Tb
S-Rt
X-Vcl-Version
Tracecode
User-Cache-Control
X-Hit
X-HITS
X-Origin-Date
CDN
Ssr
X-Cache-Hfrom
X-Pjax-Url
X-Cache-Hm
Amp-Access-Control-Allow-Source-Origin
CountryCode
X-Webkit-CSP-Report-Only
Lfy
X-Magnolia-Registration
X-Fastly-Country-Code
GeoIP-Latitude
GeoIP-Country-Code
A
X-Akamai-Request-ID2
X-CACHE-KEY
X-Nc
True-Client-Country-4JS
V-Age
Thinkindot-Control
Thinkindot-CacheControl
Vix-Hermes-Req-Id
Thinkindot-CacheControl-Type
X-API-Version
X-Block-Status
X-Cache-ASPX
X-BBXSRF
X-BBC-Edge-Cache-Status
SR-User-Adfree
Web-Mar-Node
Sever-Int
X-Scheme
CDCHOST
X-Cc-Via
X-Cc-Req-Id
Cdn
D-Cc-Upstream
Instruction
Locid
Server-Hostname
Server-ID
Server-Ext
Release
MIME-Version
Path
X-Cache-Expires
X-Contensis-Viewer-Groups
X-SIPLIST1
X-SRCache-Key
X-Server-IP
X-SD-PageType
X-Request-URI
X-Response-By
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Varnish-Url
X-VServer
X-Varnish-Authentication
X-User
X-Thinkindot-L3
X-Origin-TTL
X-Origin-Time
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hnp-Log
X-GeoIP-City
X-Gen-Mode
X-Developer
X-Gdpr
X-Loc
X-Matched-Rule
X-Origin-CC
X-Origin-Expires
X-Nyt-Route
X-Node-Id
X-Nginx-Cache-Key
X-Cache-Info
IsBot
X-Epic-Correlation-Id
X-FC-Vary-Parameters
X-Envoy-Upstream-Healthchecked-Cluster
Lb
X-Newrelic-Synthetics
X-Provided-By
X-Generated-In
X-Fetched-On
X-Cdn-Origin
Pramga
X-ServedByHost
X-Azure-Ref-OriginShield
X-Via-NSCOPI
X-NodeID
X-Trace-Id
X-Traceid
X-Var-Ttl
X-Swa-Ws
X-Sn-Servicetimems
Cache-Host
Accept-Language
X-Li-Proto
X-Device-Os
X-Fpc
Actual-Object-TTL
X-ORACLE-APMCS-REQUEST-ID
Tcn
X-Amzn-Remapped-Connection
Esi-Enabled
X-Instart-Request-ID
X-Men
X-StackifyID
FNAC-ModuleRouting
X-Amzn-Remapped-Date
X-Vcache
X-Dynatrace
X-Cache-Tag
X-Key
Source
X-Sigma-Backend
X-Lb-Id
X-Rocket-Build-Number
X-Sigma
X-Akamai-Pragma-Client-IP
Cache-Key
X-Served-From
X-TH-Server
Kp-EeAlive
Cf-Device-Type
Server-Ttl
X-B3-SpanId
X-Mobile-Rewrite
X-Parent-Response-Time
Cache-Provider
X-Via-PopH
X-RateLimit-Limit
X-WA
Req-Svc-Chain
X-Via-PopN
X-Via-PopV
X-No-Cache
X-Origin-Response-Time
X-RateLimit-Remaining-Second
Content-Style-Type
Expiry
X-RateLimit-Limit-Second
X-BBC-Origin-Response-Status
X-VC-Cache
X-Dispatch
Proxy-Firewall
Origin-Edge-Control
X-Batcache
X-ServiceProvider
X-Instart-Info
Origin-Cache-Control
Content-Script-Type
X-MiniProfiler-Ids
X-Agile-Brick-Ok
X-ElasticPress-Query
X-Yottaa-OS
X-Geo-Region
X-Tt-Logid
NnCoection
Url
Cf-Alt-Svc
Location
Inserted-Into-Cache-At
Powered-By
Who
X-PJAX-URL
X-B3-Parentspanid
HitType
X-Apw-Access-Object
X-HostName
X-Apw-Access-Action
X-Apw-Hits
X-Varnish-Beresp-TTL
X-Apw-Access-Token
X-RAMCache
X-Request-URL
X-Selected-Host-Header
X-Selected-Name
X-Selected-Scheme
X-Request-Url
X-ServerName
X-TraceId
X-Miniprofiler-Ids
X-Akamai-Request-ID
EpKe-Alive
X-Snapshot-Date
Vha6-Origin
Mime-Version
X-Vgn-Hpd-Reason
X-LiteSpeed-Tag
PICS-Label
X-C
Dnion-Transfer-Encoding
Fastcgi-Cache-TTL
X-Dw-Trace-Id
Xet-Cookie
Resin-Trace
Pragrma
X-Pf-Uncompressing