Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
CF-RAY
Via
Age
X-XSS-Protection
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-Served-By
CF-Ray
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
P3p
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Dns-Prefetch-Control
X-Template
X-Language
X-Backend
X-Cache-Group
X-Hacker
X-Amz-Request-Id
X-Server
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
X-UA-Device
EagleId
X-Proxy-Cache
Request-Context
X-Turbo-Charged-By
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Grace
Host-Header
Report-To
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Buckets
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-Vhost
X-Host
X-WebKit-CSP
X-Backend-Server
NEL
X-Dispatcher
X-Device
X-Server-Id
X-Node
Surrogate-Control
X-Ruxit-JS-Agent
Accept-CH-Lifetime
Content-Location
X-Response-Time
Request-Id
Accept-CH
X-Cache-Lookup
X-Akam-SW-Version
X-Origin-Cache
EagleEye-TraceId
X-Ac
Cf-Bgj
X-ASPNET-VERSION
X-Readtime
Rating
X-HW
X-Mod-Pagespeed
Allow
X-Country
X-Cloud-Trace-Context
X-Application-Context
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Edge-Control
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-DataDome
X-Vname
X-Country-Code
X-TtlSet
X-PC
X-Cnection
X-Varnish-TTL
X-MS-InvokeApp
X-Origin-Upstream-Status
X-Content-Type
X-GitHub-Request-Id
X-Url
X-Clacks-Overhead
X-D2id
Fusion-Source
Fusion-Component-Id
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Content-Id
X-Trace
Display
X-Middleton-Display
Response
X-Sol
Pagespeed
X-Middleton-Response
X-Pinterest-Rid
Pinterest-Version
X-Abt-Application-Version
X-Server-Name
X-Vcap-Request-Id
X-B3-TraceId
X-Px
X-CST
X-Rack-Cache
X-Navigation-Version
MS-Author-Via
Verso
Service-Worker-Allowed
X-DynaTrace
X-FTR-Request-ID
X-Cached
X-Fastly-Request-ID
X-Client-IP
X-Element-Page-Cache
X-ESI
Arr-Disable-Session-Affinity
X-Cache-TTL
X-Webkit-CSP
X-FastCGI-Cache
X-Dw-Request-Base-Id
X-Powered-By-Plesk
X-TTL
SPRequestGuid
X-SharePointHealthScore
X-Upstream
X-VARITI-CCR
Fastly-Restarts
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Goog-Hash
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
AR-CACHE
AR-ATIME
X-NF-Request-ID
AR-Request-ID
AR-PoweredBy
X-Exp-Variant
X-Debug
Ar-Sid
Content-MD5
X-Version
X-Forwarded-Proto
X-MSEdge-Ref
X-T
X-Powered-CMS
Access-Control-Request-Method
X-XRDS-Location
X-Jurisdiction
X-Pinterest-Direct
SPRequestDuration
SPIisLatency
X-Release
X-Amz-Rid
X-Ttl
S
X-Content-Digest
X-Edge
TP-Cache
TP-L2-Cache
TCN
RTSS
Cache-Tag
X-Ezoic-Cdn
Public-Key-Pins
X-Node-Name
X-Cache-Key
X-Yandex-Sdch-Disable
X-MCACHE
X-Mid
Fastcgi-Cache
X-Request-Received
X-Request-Processing-Time
Server-Node
Front-End-Https
Accept-Ch
X-NWS-LOG-UUID
X-Amzn-Trace-Id
X-Accel-Expires
X-Recruiting
X-Ser
X-Kinsta-Cache
X-Mg-S
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Microsite
X-PressLabs-Stats
X-Request-Handler-Origin-Region
X-Amz-Server-Side-Encryption
ServerID
X-Origin-Server
X-Logged-In
X-Grace
X-Ratelimit-Remaining
Accept-Charset
X-Cache-Hit
X-Page-Id
X-HP-Webp
X-Litespeed-Cache
X-Varnish-Age
Host
X-Content-Security-Policy-Report-Only
X-DIS-Request-ID
X-ECACHE
Nginx-Cache
X-B
Edge-Cache-Tag
X-Shield-Request-Id
X-Hostname
MicrosoftSharePointTeamServices
X-Mobile-URL
Alternate-Protocol
X-Hits
X-Server-ID
X-Ratelimit-Limit
X-F-Cache
Realpath
X-LB-Cache
X-Git-Hash
X-Content-Options
X-Activity-Id
X-Az
X-AppVersion
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-DC
X-N
X-FTR-Balancer
X-FTR-Realm
Cache-Tags
X-FTR-Expires
X-Load-Cache
X-Seen-By
X-Type
X-Jobs
X-App-Environment
X-Request-Guid
X-Cache-Age
Paypal-Debug-Id
X-Varnish-Backend
Cleartype
X-Rid
DynaTrace
Powered-By-ChinaCache
X-Cached-By
Fastcgi-Useragent
X-Forwarded-For
X-FireWall-Port
X-Kong-Proxy-Latency
X-Upgrade-Enabled
X-Kong-Upstream-Latency
Filterid
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-WebKit-CSP-Report-Only
Access-Control-Allow-Method
X-Correlation-ID
X-Proxy
X-Amz-Meta-S3cmd-Attrs
X-Respond-Thread
X-Zen-Fury
X-Varnish-Grace
X-Akamai-Edgescape
X-FB-Debug
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Generation
X-Daa-Tunnel
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-B3-Sampled
DC
X-App-Server
X-IPLB-Instance
X-Id
X-Host-Name
X-Signature
X-B-Cache
X-Debug-Info
X-Geo-Country
X-AOL-HN
X-Cache-Rule
X-Cache-Operation
X-User-Agent
X-Whom
X-Region
Healthy
MS-CV
X-Original-Request-Id
X-Response-Served-From
Charset
X-Accel-Buffering
X-Mobile
X-Frontend
AMP-Access-Control-Allow-Source-Origin
X-Content-Powered-By
Payment
X-VCache
Content-Disposition
X-HTML-Minification-Powered-By
X-Instance
Filters
X-FW-Server
X-FW-Static
X-FW-Dynamic
X-FW-Serve
X-Rule
X-FW-Type
X-FW-Hash
X-Cacheable-TTL
X-Distributor
X-UUID
X-Cache-Time
X-Tumblr-User
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Wix-Request-Id
Surrogate-Key
Refresh
Accept-Ch-Lifetime
Liferay-Portal
X-Acc-Debug-Context
X-Rendered-As
Viewport
X-Is-Bot
X-Protected-By
Akamai-Age-Ms
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Via-JSL
S-Cnection
X-Ua
X-Endurance-Cache-Level
Datacenter
X-App-Version
X-Amz-Replication-Status
X-Backend-Name
X-Cache-Expired-At
X-Hyper-Cache
PB-PID
GEO-INFO
Arc-Version
PB-RID
X-XRDS-LOCATION
X-Esi
Nel
Section-Io-Cache
NGB
X-URL
X-Cache-Action
X-Cache-Server
Countrycode
Version
X-Ah-Environment
X-Sucuri-ID
X-Tec-Api-Version
X-Tec-Api-Origin
Retry-After
X-Varnish-Server
X-Oneagent-Js-Injection
X-Tec-Api-Root
X-Source
X-Unique-Id
X-EdgeConnect-Cache-Status
Server-Name
Referer-Policy
X-Air-Hostname
Eomportal-Instance
X-RemovedCookies
X-Real-IP
X-Environment-Context
X-Framework
X-L-Path
X-ProcessESI
X-WA-Info
X-Azure-Ref
Frame-Options
X-Revision
X-Yottaa-Optimizations
X-Cache-Control
X-Yottaa-Metrics
X-Proxy-Cache-Status
X-Fastcgi-Cache
X-RTag
Ms-Operation-Id
CACHE
X-RN-RSRV
X-Cache-Var-Map
X-ES-SERVER
X-GeoIP
X-Cache-Var
X-NewRelic-App-Data
Meta-Geo
X-PHP-Backend
X-Drupal-Cache-Contexts
X-Sucuri-Cache
X-Mode
X-From
Cache-Tv-Group
X-CDN-Forward
DB-Nickname
X-Cache-Host
X-BYPASS-REASON
X-Cache-TTL-Remaining
X-ProxyCache-Key
X-DynaTrace-JS-Agent
X-Xfnlog-Site
X-Time-Microsecs
X-Qloud-Router
X-R9-Blue-Green-Version
X-ProxyCache-Status
X-PCL
X-Origin-Hint
X-TNCMS
X-Status
X-Server-W
X-Hosted-By
X-Labrador-Cache-Channel
X-Human
X-Handled-By
X-FW-Version
X-LJ-Flow-ID
Ec-Rule-Version
Cross-Origin-Window-Policy
X-PHP-Host
X-Cluster
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Name
Mn-Server-Ip
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Property-Id
TWC-Connection-Speed
TWC-Device-Class
X-VWS-Id
Webcakes-App-Version
Webcakes-Region
X-Amzn-Remapped-Content-Length
X-Loop
X-NYM-Debug-Backend
X-OCL
X-AWS-Id
X-Locale
X-Proxy-Build
X-Proxied
X-Proto
X-Site-Version
X-Zipkin-Id
X-Detected-As
X-Hl-Ver
X-Redis-Cache
X-Access
X-Timing-Wait
Selected-Fe
X-Section
X-Routing-Service
X-Format
X-FB-TRIP-ID
X-ServerID
X-Drupal-Cache-Tags
X-Be
X-No-Session
X-Via-Fastly
Uber-Trace-Id
X-Contextid
X-Pinterest-Sli-Endpoint-Name
X-Debug-Cache
X-Pinterest-Sli-Response-Type
X-Pinterest-Sli-Latency-Threshold
X-Cache-PHP
X-Device-Type
X-ATG-Version
X-BCube-Filmed-By
X-Generated-By
X-Ratelimit-Reset
FSS-Cache
X-Time
Powered
X-Correlation-Id
From-Origin
Webserver
X-CSRF-Token
X-Varnish-Cache-Hits
X-Adobe-Loc
X-Adobe-Content
X-AIR-PT
X-NC
X-FTR-Cache-Host
X-SaId
X-JoinUs
X-TT
VIX-Pulpo-Node
Azure-RegionName
X-NCache
Azure-InstanceId
Azure-SiteName
Cache
CF-Cached-On
X-TIME
Azure-SlotName
VIX-Pulpo-Upstream-Status
Azure-Version
X-Is-Crawler
X-Flags
X-Aspnet-Duration-Ms
OT-Force-Account-Verify
X-Providence-Cookie
X-Oss-Request-Id
X-Route-Name
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Oss-Storage-Class
X-Oss-Server-Time
X-Origin
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Akamai-Transformed
X-GoCache-CacheStatus
Upgrade-Insecure-Requests
Access-Control-Request-Headers
X-COUNTRY
X-Hp-Webp
X-Cache-2
X-NWS-UUID-VERIFY
SD-X-WS
X-Adobe-Source
X-CCM
X-Backend-TTL
X-IP
X-Backend-Host
X-LAGOON
X-ShardId
X-ShopId
X-IPS-LoggedIn
X-Shopify-Stage
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-Cache-Enabled
X-Cache-Grace
X-Pubstack
X-ApacheServer
X-Forwarded-Host
X-Soup
X-PERF
X-Web-Node
X-TA-CDN-Provider
X-Storage
Fastly-SSL
X-Varnishpool
Decoy-Debug-Key
X-Cluster-Name
Decoy-Debug-TTL
Decoy-Debug-Status
X-EC-Lua
X-Say-Cacheable
Cache-Status
X-Say-TTL
X-UPSTREAM-Address
X-SayCDN-TTL
X-Tumblr-Pixel-3
X-ECache
Country
X-APP-VERSION
Node
X-Bc-Bl
X-G
X-TX-ID
X-Ruxit-Js-Agent
X-Viewer-Country
Rendered-Blocks
Machine
X-A-Ccd
X-A
X-Connection-Hash
Host-ID
MD5-Digest
X-PBS-Appsvrname
X-External-Request-Id
X-CF-Lambda-Version
Meta-Geo-Continent
X-PAYTM-SRV-ID
Fastcgi-X-Cache-Version
X-VG-WebCache
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
X-VG-WebServer
X-A-Dgt
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-ARC
X-Application
X-Aed
X-EIG-Tracking-Id
X-A-Wwc
X-Vdms-Path
X-Destination
X-Trv-Group
X-Vdms-Version
X-Cache-Backend
Apple-News-Services-Handled
DCR-Decision-By
X-D
X-Request-UUID
X-A-Dam
X-B-Cookie
Mobile-Detection-Method
X-Processor
X-RCS-CacheZone
X-Cache-NE
X-CF-Lambda-Fn
X-Rewrite-Enabled
X-Worker
DCR-Processing-Time-Ms
X-ScT
Xc-Version
X-S-Cookie
X-Rojux
X-S
X-A-Dcw
X-Cdn
X-Cache-Config
X-DefElseHash
X-CUA
Fastly-SIE
CDN-Cache
CDN-Uid
CloudFront-Viewer-Country
CDN-CachedAt
CDN-EdgeStorageId
CDN-RequestId
CDN-PullZone
X-Auto-Login
Adler-Geo
X-Clara-WADP
Is-Eu
X-Cms-Context
Gh-Request-Id
Fastly-SWR
X-Cache-Bucket
CDN-RequestCountryCode
Platform
X-Ms-Version
X-Ms-Request-Id
X-Varnish-CookieHashed-On
X-Variation
X-Varnish-CookieINHashed-On
X-Micro-Cache
X-VG-TLSProxy
X-DefHash
X-Twitter-Response-Tags
X-Varnish-Beresp-Ttl
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Servername
X-Platform-Server
X-Transaction
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-WADP-Cache
X-Varnish-Remaining-TTL
X-Fastly-Cache
X-Page-View
X-DPWN-IS-SECURE
X-Envoy-Decorator-Operation
X-Fmm-Version
X-Generation-Time
Backend
X-SN
X-Thanos
X-Request-Start
C-Via
AKAMAI
Akamai-GRN
X-Skip-Cache
Rt-Fastcgi-Cache
Origin
X-Microcachable
X-Slack-Backend
Wxu-Next-Commit
Fastly-Backend-Name
Fastly-Drupal-HTML
X-Webstats-RespID
Country-Code
X-Wikidot-Backend
X-Core-Value
X-CS
X-Wikidot-Static-Cache
L
Wxu-Next-Hostname
Wxu-Next-Region
X-Varnish-Cacheable
CacheControlHeader
X-Request-Host
X-JWT-State
X-Backend-State
X-Irp-Debug
X-Li-Fabric
X-Li-Pop
X-Minions-Version
X-Method
X-LI-UUID
X-HS-Content-Campaign-Id
X-Hash
X-Esi-Check
X-Dispatcher-Server
X-Developers
X-Core-Mission
X-Fastly-Backend
X-Has-Esi
X-Gzip
NM-Fastcgi-Cache
X-Is-Gdpr
X-Platform
X-Bip
X-Policy
X-Cache-NGX
X-Render-Time
X-Owner
X-OVcl-Cache
X-OVcl
X-Old-Content-Length
X-Clientip
X-Cache-Id
X-DC
X-UA
X-LLID
X-Csrf-Jwt
X-Level-Front-Cache
X-Cache-Debug
X-Session-Fingerprint
X-HN
X-VarnishDD-TTL
X-Reqid
X-Location
X-Generated-On
X-Branch-Name
PFcat
X-CGP
X-Amz-Meta-Cb-Modifiedtime
X-Cache-Date
X-Gamma-Serve
X-Eu-Site
X-Geo-Header
X-Mvc-Supplant-Cachable
X-Content-Age
X-Cache-Tags
X-Varnish-Ttl
HA-Ipaddr
L5d-Success-Class
SRV
Ha-Gx-Prefs
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
Pagetype
X-Accel-Expires-Debug
X-Date
X-Presslabs-Stats
X-GEO
X-Wa
UCS
Surrogated-Key
X-NGENIX-Cache
FSS-Proxy
X-Up
X-Req
X-B3-Spanid
X-LB-ID
X-Via-CDN
X-Edge-Location
X-Refresh
Time
Mail-Subject
X-Cdn-Srv
X-Cache-URL
X-Via-Poph
We-Hiring
X-PF-Uncompressing
Ufe-Result
Group
Now
Memcached
X-Via-Popn
X-FORWARDED-FOR
X-NODE
X-ID
X-Aicache-OS
X-Proxy-Upstream
X-Mvc-Supplant-OutputCached
Hostname
NGX
X-Nginx-Cache
X-Servedbyhost
X-RateLimit-Remaining
X-LI-Proto
X-Ftr-Cache-Host
X-B3-Traceid
X-Sql-Count
X-Sql-Duration-Ms
X-Debug-Cache-Fetch
X-SRV
X-Agile
X-Agile-Id
HostName
X-Cache-Remote
X-ZONE
X-BC
X-Agile-Age
X-Debug-Cache-Store
X-Datadome
X-Cache-Spec
X-Ua-Device
X-NU-AKA-ACS-Version
X-Varnish-Hostname
X-Check-Cacheable
X-Dc
X-CACHE-AGE
X-Request-Time
M-TraceId
X-FPC
X-Www-Served-By
X-Webkit-Csp
X-SERVER
Xserver
X-Via-Edge
Edge-Copy-Time
XServer
X-LiteSpeed-Cache-Control
X-Via-SSL
X-S-Maxage
Cache-Hits
X-VCL-Version
WebServer
SID
X-Cluster-Node
On-Server
X-Erf-Stays-Bingo-Pdp-Web
X-Svr
Arc-Country
ServedBy
X-SERVER-NAME
X-CSRF-TOKEN
NtCoent-Length
Geoip-Latitude
Cdn-Host
Cdn-Request-Time
Viewtype
X-APP
GeoIp-Country-Code
X-Bc
VivaBuild
X-Via-Popv
X-Zone
X-CF-Powered-By
X-MP-GENERATED-AT
X-Edge-Server
Protected
X-UnsetCookies
X-Via-Ucdn
ProcessTime
X-Dynatrace-Js-Agent
X-Action
X-RunCloud-Cache
X-Pass-Why
X-Cs
T-Server
X-HS-Status
X-Cdn-Forward
Srv
X-NGINX-Cache
Ohc-File-Size
X-RSL
X-RPM
X-RPS
Memory
WWW-Authenticate
X-DB
X-DI
X-DSS
X-DW
X-Srv
Apigw-Requestid
X-Oss-Cdn-Auth
X-Acc-Rdl
X-Erf-Bev-Bev
X-We-Are-Hiring
Pics-Label
X-Erf-Bev-Bev-Is-Generated
Server-Host
X-Vgn-Hpd-Ssi
N-Cache
Server-Info
X-Varnish-Hits
User-Agent
X-Uri
CF-IPCountry
Processtime
Request-ID
W
WZWS-RAY
X-MSEdge-Flight
Magicmarker
X-Instart-Request-ID
X-MSEdge-Features
X-SB
X-VC
LB
X-Geo
Amp-Access-Control-Allow-Source-Origin
Sid
GeoIP-Country-Code
S-Rt
GeoIP-Latitude
X-Tb
X-Info
Ohc-Cache-HIT
X-Newrelic-App-Data
X-HOST
X-Hit
X-Vcache
X-Akamai-Request-ID2
CDN
X-TT-LOGID
Cteonnt-Length
X-Newrelic-Synthetics
DSUID
Odigeo-Trace-Id
Section-Io-Id
Section-Io-Origin-Status
X-HITS
Section-Origin-Responded
Actual-Object-TTL
Section-Io-Origin-Time-Seconds
X-ORACLE-APMCS-REQUEST-ID
X-Cache-Hm
X-Cache-Hfrom
X-Vcl-Version
X-UA-Device-Type
User-Cache-Control
X-Unique-ID
X-Pjax-Url
Geo-Info
X-Envoy-Upstream-Healthchecked-Cluster
X-Epic-Correlation-Id
Tracecode
Cache-Name
X-Webkit-CSP-Report-Only
Ssr
X-Fastly-Country-Code
Accept-Language
A
X-FC-Vary-Parameters
X-Origin-Date
X-Fpc
X-Nc
X-CACHE-KEY
Cdn
Esi-Enabled
Lb
X-Magnolia-Registration
Lfy
X-Provided-By
X-Mobile-Rewrite
CountryCode
X-Origin-TTL
X-SD-PageType
X-Scheme
X-Request-URI
X-Loc
X-Hnp-Log
X-Server-IP
CDCHOST
X-Node-Id
X-Origin-Time
X-Nginx-Cache-Key
X-Origin-Expires
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Nyt-Route
X-Cc-Req-Id
X-Origin-CC
X-Matched-Rule
D-Cc-Upstream
X-Cc-Via
Locid
Thinkindot-Control
X-Cache-ASPX
Thinkindot-CacheControl-Type
X-Cache-Expires
X-Cache-Info
Thinkindot-CacheControl
True-Client-Country-4JS
V-Age
Web-Mar-Node
X-API-Version
X-BBC-Edge-Cache-Status
X-BBXSRF
Vix-Hermes-Req-Id
X-Block-Status
X-Contensis-Viewer-Groups
SR-User-Adfree
Release
Server-Ext
Path
MIME-Version
Instruction
IsBot
Server-Hostname
X-GeoIP-City
X-Developer
Sever-Int
X-Gdpr
X-Gen-Mode
Server-ID
FNAC-ModuleRouting
X-SVT-ORM-RULES
X-Varnish-Authentication
X-Varnish-Url
X-Thinkindot-L3
X-SRCache-Key
X-User
X-SVT-ORM-VERSION
X-Via-NSCOPI
X-Traceid
X-Amzn-Remapped-Date
X-Key
X-SIPLIST1
X-Amzn-Remapped-Connection
X-Response-By
X-VServer
Pramga
X-Generated-In
Kp-EeAlive
X-NodeID
X-Trace-Id
X-Azure-Ref-OriginShield
X-Device-Os
X-Fetched-On
X-Var-Ttl
X-Cdn-Origin
X-Li-Proto
X-StackifyID
X-Swa-Ws
X-ServedByHost
Cache-Host
X-Sn-Servicetimems
X-Men
X-Dynatrace
X-B3-SpanId
X-Cache-Tag
Proxy-Firewall
X-Geo-Region
X-TH-Server
X-Dispatch
Origin-Cache-Control
Server-Ttl
X-Sigma
X-Instart-Info
Origin-Edge-Control
X-Served-From
X-Rocket-Build-Number
X-Akamai-Pragma-Client-IP
X-Sigma-Backend
Cache-Key
X-Via-PopH
X-Parent-Response-Time
Cache-Provider
X-Via-PopN
X-Via-PopV
X-RAMCache
Source
X-Lb-Id
Powered-By
Cf-Device-Type
X-No-Cache
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-WA
X-Agile-Brick-Ok
HitType
X-Tt-Logid
X-Apw-Hits
X-ServiceProvider
X-VC-Cache
X-LiteSpeed-Tag
X-Batcache
X-ElasticPress-Query
X-Apw-Access-Token
Fastcgi-Cache-TTL
X-Apw-Access-Object
X-Apw-Access-Action
Tcn
Expiry
X-Origin-Response-Time
Req-Svc-Chain
Content-Style-Type
Content-Script-Type
Vha6-Origin
X-HostName
X-Pf-Uncompressing
X-Yottaa-OS
Xet-Cookie
X-MiniProfiler-Ids
X-RateLimit-Limit
X-PJAX-URL
Who
X-Request-URL
BehaviorPad-Version
X-Varnish-Beresp-TTL
X-Generated
Cf-Alt-Svc
X-TrackingId
X-Selected-Name
X-Selected-Scheme
X-Selected-Host-Header
X-B3-Parentspanid
X-BBC-Origin-Response-Status
X-Dw-Trace-Id
PICS-Label
X-Vgn-Hpd-Reason
X-Snapshot-Date
Pragrma
Inserted-Into-Cache-At
Resin-Trace
Mime-Version
X-C
Dnion-Transfer-Encoding