Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
X-XSS-Protection
Expect-CT
Via
CF-RAY
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-Served-By
CF-Ray
X-Xss-Protection
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Request-ID
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-DNS-Prefetch-Control
P3p
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
Upgrade
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
Keep-Alive
X-Template
X-Via
X-Language
X-Ws-Request-Id
Feature-Policy
X-Age
X-Dns-Prefetch-Control
X-Backend
X-Cache-Group
X-Hacker
X-Server
X-Amz-Request-Id
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
EagleId
X-UA-Device
X-Proxy-Cache
Request-Context
X-Turbo-Charged-By
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Host-Header
Grace
X-Buckets
Report-To
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
X-Vhost
Cf-Bgj
X-WebKit-CSP
X-Host
X-Dispatcher
X-Backend-Server
X-Device
X-Node
NEL
Surrogate-Control
X-Ruxit-JS-Agent
X-Cache-Lookup
X-Response-Time
Content-Location
Request-Id
X-Origin-Cache
X-Server-Id
X-Akam-SW-Version
X-Ac
X-ASPNET-VERSION
Accept-CH-Lifetime
EagleEye-TraceId
X-Country
X-HW
X-Mod-Pagespeed
Rating
Accept-CH
X-Readtime
X-Cloud-Trace-Context
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Application-Context
Edge-Control
Pinterest-Generated-By
X-Country-Code
Allow
X-Url
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-PC
X-Vname
X-TtlSet
X-DataDome
X-Varnish-TTL
X-Cnection
X-Origin-Upstream-Status
X-MS-InvokeApp
X-GitHub-Request-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
X-Content-Type
X-D2id
X-Clacks-Overhead
X-Trace
X-ESI
X-Abt-Application-Version
X-Server-Name
Pagespeed
X-Sol
X-Middleton-Response
X-Middleton-Display
Display
Response
X-Px
X-Vcap-Request-Id
X-Navigation-Version
X-Rack-Cache
Pinterest-Version
X-Pinterest-Rid
X-FTR-Request-ID
Verso
X-B3-TraceId
X-DynaTrace
X-Cached
Service-Worker-Allowed
X-Webkit-CSP
MS-Author-Via
X-Element-Page-Cache
X-Fastly-Request-ID
X-Client-IP
Accept-Ch
Arr-Disable-Session-Affinity
X-Cache-TTL
X-Dw-Request-Base-Id
X-Powered-By-Plesk
X-TTL
X-Upstream
Content-MD5
X-Version
AR-PoweredBy
AR-ATIME
X-SharePointHealthScore
SPRequestGuid
AR-CACHE
AR-Request-ID
Ar-Sid
X-Forwarded-Proto
Fastly-Restarts
X-FastCGI-Cache
X-NF-Request-ID
X-Debug
X-CST
X-VARITI-CCR
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja-Revision
X-Exp-Variant
X-Kinja
X-Kinja-Build
X-Use-Magma
X-Exp-Id
X-Cdn-Fetch
X-Goog-Hash
X-T
X-Server-ID
X-Jurisdiction
Access-Control-Request-Method
X-Powered-CMS
X-XRDS-Location
X-MSEdge-Ref
TP-L2-Cache
TP-Cache
X-Content-Digest
X-Release
S
X-Edge
SPIisLatency
SPRequestDuration
X-Amz-Rid
TCN
X-Ttl
RTSS
Cache-Tag
X-NWS-LOG-UUID
X-Pinterest-Direct
X-PressLabs-Stats
Public-Key-Pins
X-Node-Name
X-Ezoic-Cdn
Fastcgi-Cache
X-Yandex-Sdch-Disable
X-Request-Received
X-Request-Processing-Time
Accept-Ch-Lifetime
X-Cache-Key
X-MCACHE
Server-Node
X-Mid
X-Accel-Expires
Front-End-Https
X-Amzn-Trace-Id
X-Logged-In
X-Ratelimit-Remaining
X-Request-Handler-Origin-Region
X-Ser
X-Recruiting
X-Microsite
X-Cache-Hit
X-Kinsta-Cache
ServerID
X-Page-Id
X-Origin-Server
Accept-Charset
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Host
Alternate-Protocol
X-Mg-S
X-B
X-Content-Security-Policy-Report-Only
X-Varnish-Age
X-Shield-Request-Id
X-Grace
X-Mobile-URL
Filterid
X-Forwarded-For
Nginx-Cache
X-Ratelimit-Limit
X-Amz-Server-Side-Encryption
X-Hostname
X-DIS-Request-ID
Edge-Cache-Tag
X-FTR-DC
X-FTR-Realm
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Balancer
X-FTR-Backend-Server
X-ECACHE
X-FireWall-Port
X-FTR-Expires
X-HP-Webp
X-Seen-By
X-Load-Cache
X-Content-Options
X-Hits
X-F-Cache
Realpath
X-LB-Cache
X-Git-Hash
X-Activity-Id
X-Jobs
X-Az
X-AppVersion
X-N
X-Varnish-Grace
X-Request-Guid
X-App-Environment
MicrosoftSharePointTeamServices
X-Type
X-Varnish-Backend
Fastcgi-Useragent
X-Rid
Cache-Tags
Paypal-Debug-Id
X-WebKit-CSP-Report-Only
X-Zen-Fury
DynaTrace
X-Daa-Tunnel
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Kong-Proxy-Latency
Access-Control-Allow-Method
X-Upgrade-Enabled
X-Kong-Upstream-Latency
X-Proxy
Cleartype
Nel
X-Cached-By
X-FB-Debug
X-App-Server
X-Akamai-Edgescape
X-Id
X-Cache-Age
X-Amz-Meta-S3cmd-Attrs
Powered-By-ChinaCache
X-Cache-Rule
X-Cache-Operation
X-Geo-Country
X-Content-Powered-By
Content-Disposition
X-User-Agent
DC
X-HS-Cache-Config
X-Host-Name
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-HS-Content-Id
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-HS-Hub-Id
X-HS-Combine-CSS
X-Respond-Thread
X-Wix-Request-Id
X-IPLB-Instance
X-AOL-HN
X-Response-Served-From
X-B-Cache
X-Accel-Buffering
X-Original-Request-Id
X-Signature
MS-CV
X-Whom
X-Debug-Info
AMP-Access-Control-Allow-Source-Origin
Healthy
X-B3-Sampled
X-Ua
X-HTML-Minification-Powered-By
X-Is-Bot
X-Rendered-As
Payment
X-Region
X-FW-Dynamic
X-FW-Static
X-Frontend
X-UUID
X-Rule
X-FW-Serve
X-VCache
Datacenter
X-FW-Hash
X-FW-Server
X-FW-Type
X-Instance
Akamai-Age-Ms
X-Correlation-ID
X-Endurance-Cache-Level
X-Cacheable-TTL
X-Cache-Time
X-Distributor
NGB
Refresh
X-Mobile
X-Tumblr-Pixel
Countrycode
X-Tumblr-User
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
Surrogate-Key
X-Via-JSL
S-Cnection
X-Protected-By
X-XRDS-LOCATION
X-Acc-Debug-Context
X-App-Version
Liferay-Portal
X-Varnish-Server
Filters
PB-PID
Arc-Version
X-Backend-Name
PB-RID
Charset
Viewport
X-Ah-Environment
X-Tec-Api-Version
X-Oneagent-Js-Injection
X-Tec-Api-Root
X-Hyper-Cache
X-Tec-Api-Origin
X-Cache-Expired-At
X-PHP-Backend
X-NewRelic-App-Data
X-Azure-Ref
X-Cache-Server
Retry-After
Section-Io-Cache
X-Correlation-Id
X-Litespeed-Cache
Referer-Policy
X-Proxy-Cache-Status
X-Fastcgi-Cache
X-Cache-Action
X-Source
X-Amz-Replication-Status
X-WA-Info
X-Sucuri-ID
X-DynaTrace-JS-Agent
X-Cache-Control
Version
GEO-INFO
X-Time
X-EdgeConnect-Cache-Status
Powered
Eomportal-Instance
X-Environment-Context
X-L-Path
X-Yottaa-Optimizations
X-Cache-Var
X-RN-RSRV
X-ES-SERVER
X-Yottaa-Metrics
X-Real-IP
X-Cache-Var-Map
Uber-Trace-Id
X-Framework
X-CSRF-Token
Ms-Operation-Id
X-RemovedCookies
X-From
X-Air-Hostname
X-RTag
X-GeoIP
X-Revision
X-ProcessESI
X-Unique-Id
Frame-Options
X-Mode
X-Time-Microsecs
X-ProxyCache-Status
X-Qloud-Router
X-R9-Blue-Green-Version
X-Cache-TTL-Remaining
X-Xfnlog-Site
X-ProxyCache-Key
X-Cache-Host
X-BYPASS-REASON
Mn-Server-Ip
X-AWS-Id
X-Cluster
X-FW-Version
Meta-Geo
Ec-Rule-Version
Cache-Tv-Group
Cross-Origin-Window-Policy
DB-Nickname
X-Hosted-By
X-Human
X-Server-W
X-TNCMS
X-VWS-Id
X-FB-TRIP-ID
X-PHP-Host
X-PCL
X-LJ-Flow-ID
X-Loop
X-OCL
X-Hp-Webp
X-Labrador-Cache-Channel
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
X-Amzn-Remapped-Content-Length
X-BCube-Filmed-By
X-Hl-Ver
X-Detected-As
TWC-Privacy
TWC-Locale-Group
Selected-Fe
Property-Id
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-JoinUs
X-Handled-By
X-SaId
Server-Name
X-Timing-Wait
X-Status
X-NYM-Debug-Backend
X-Proxy-Build
X-Origin-Hint
X-Section
X-ServerID
X-Generated-By
X-Drupal-Cache-Contexts
X-Zipkin-Id
X-Debug-Cache
X-Routing-Service
X-Access
X-Proxied
X-Be
X-Ratelimit-Reset
X-Redis-Cache
X-Proto
X-Format
X-Device-Type
FSS-Cache
X-Cache-PHP
Cache
X-ATG-Version
X-Sucuri-Cache
X-Site-Version
X-Locale
X-Via-Fastly
X-No-Session
X-Contextid
X-Drupal-Cache-Tags
From-Origin
X-Varnish-Cache-Hits
X-CDN-Forward
X-FTR-Cache-Host
CF-Cached-On
Webserver
X-NCache
X-NWS-UUID-VERIFY
OT-Force-Account-Verify
X-Origin
X-Adobe-Content
X-Adobe-Loc
X-NC
X-ECache
X-Oss-Object-Type
CACHE
X-Oss-Storage-Class
X-Oss-Server-Time
X-GoCache-CacheStatus
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-AIR-PT
X-Bc-Bl
Azure-Version
X-Tt-Trace-Host
Azure-SlotName
X-TT
Azure-RegionName
X-Tt-Trace-Tag
X-IPS-LoggedIn
Azure-InstanceId
Azure-SiteName
X-TA-CDN-Provider
VIX-Pulpo-Node
X-EIG-Tracking-Id
VIX-Pulpo-Upstream-Status
X-Akamai-Transformed
X-IP
X-EC-Lua
X-Cache-Enabled
X-Esi
Access-Control-Request-Headers
X-CCM
X-APP-VERSION
X-Backend-Host
X-Adobe-Source
SD-X-WS
X-Cache-2
X-Ruxit-Js-Agent
X-Sorting-Hat-ShopId
X-ShardId
Upgrade-Insecure-Requests
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-Shopify-Stage
X-Viewer-Country
X-Sorting-Hat-PodId
X-Tumblr-Pixel-3
X-ShopId
X-Soup
Node
X-Backend-TTL
X-Cdn
X-URL
X-Vgn-Hpd-Cached
X-TIME
X-Vgn-Hpd-Variations-Key
X-A-Dam
X-A-Ccd
Machine
X-A-Dgt
X-Application
X-Aed
MD5-Digest
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-B-Cookie
X-Cache-NE
X-Storage
X-Connection-Hash
X-Accel-Expires-Debug
X-Date
X-Destination
X-Web-Node
Fastcgi-X-Cache-Version
X-D
X-A-Wwc
Xc-Version
X-A-Dcw
X-Vdms-Version
X-A
Surrogated-Key
Decoy-Debug-TTL
Fastly-SSL
X-Cache-Backend
X-Say-Cacheable
Decoy-Debug-Status
X-PBS-Appsvrname
X-Say-TTL
X-Flags
X-ARC
Decoy-Debug-Key
X-Cache-Config
X-ScT
X-Aspnet-Duration-Ms
DCR-Decision-By
Apple-News-Services-Host
DCR-Processing-Time-Ms
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Rendered-Blocks
X-Request-UUID
X-S-Cookie
Apple-News-Services-Handled
X-S
X-Rojux
X-Rewrite-Enabled
X-Vdms-Path
X-Cache-Grace
X-Vtex-Remote-Cache
X-G
X-Pubstack
X-VG-WebCache
X-Cluster-Name
X-Forwarded-Host
X-External-Request-Id
X-RCS-CacheZone
X-Worker
Mobile-Detection-Method
X-VG-WebServer
X-ApacheServer
X-Providence-Cookie
X-Twitter-Response-Tags
X-Is-Crawler
X-Trv-Group
X-Transaction
X-SayCDN-TTL
X-PERF
X-Route-Name
Cache-Status
X-Vtex-Processado-Em
X-NGENIX-Cache
X-Varnishpool
Platform
CDN-RequestId
Meta-Geo-Continent
X-LAGOON
X-Generation-Time
Fastly-SWR
X-PAYTM-SRV-ID
Fastly-SIE
Adler-Geo
Host-ID
X-TX-ID
X-Cache-Bucket
X-Processor
X-Rebelmouse-Cache-Control
CDN-CachedAt
CDN-EdgeStorageId
X-Variation
CDN-Cache
X-Servername
X-Rebelmouse-Surrogate-Control
X-Req
Is-Eu
X-WADP-Cache
X-Envoy-Decorator-Operation
CDN-RequestCountryCode
X-Fmm-Version
X-Fastly-Cache
CDN-PullZone
X-DPWN-IS-SECURE
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-Clara-WADP
X-Varnish-Beresp-Status
X-VG-TLSProxy
CDN-Uid
Time
Backend
X-UA
Country-Code
Memcached
Mail-Subject
Fastly-Drupal-HTML
L
CloudFront-Viewer-Country
Group
Gh-Request-Id
X-Fastly-Backend
X-Old-Content-Length
X-OVcl
X-OVcl-Cache
X-Platform
X-Ms-Version
X-Ms-Request-Id
X-Li-Fabric
X-Li-Pop
X-LI-UUID
X-Micro-Cache
X-Policy
X-Render-Time
X-Webstats-RespID
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Platform-Server
X-Varnish-Cacheable
X-Up
X-Request-Host
X-Request-Start
X-Slack-Backend
X-SN
X-Irp-Debug
X-HS-Content-Campaign-Id
X-Auto-Login
X-Backend-State
X-Cache-Id
X-Cache-NGX
Wxu-Next-Region
Wxu-Next-Commit
Origin
Rt-Fastcgi-Cache
Ufe-Result
We-Hiring
X-Cache-URL
X-Cdn-Srv
X-Dispatcher-Server
X-Esi-Check
X-Gzip
X-Hash
X-CUA
X-Core-Value
X-Clientip
X-Cms-Context
X-Core-Mission
NM-Fastcgi-Cache
Wxu-Next-Hostname
Akamai-GRN
Country
X-Varnish-Ttl
C-Via
X-UPSTREAM-Address
Now
X-Is-Gdpr
X-Csrf-Jwt
X-Owner
X-Developers
X-CS
X-JWT-State
X-Varnish-CookieHashed-On
X-Skip-Cache
X-Cache-Tags
X-Varnish-Remaining-TTL
X-CGP
X-Content-Age
X-Thanos
X-Amz-Meta-Cb-Modifiedtime
X-Varnish-CookieINHashed-On
L5d-Success-Class
X-Edge-Location
X-Microcachable
X-Mvc-Supplant-Cachable
X-Reqid
X-Has-Esi
X-Minions-Version
CacheControlHeader
Fastly-Backend-Name
X-Method
X-DefElseHash
X-Eu-Site
Ha-Gx-Prefs
X-DefHash
HA-Ipaddr
X-Bip
X-CACHE-AGE
X-VarnishDD-TTL
X-Location
FSS-Proxy
X-Aicache-OS
X-Cache-Date
Pagetype
X-HN
X-Wa
X-Proxy-Upstream
AKAMAI
X-Generated-On
PFcat
X-Level-Front-Cache
X-Gamma-Serve
X-DC
X-Refresh
X-BC
X-Geo-Header
X-ZONE
X-LB-ID
UCS
X-Cache-Debug
X-Session-Fingerprint
X-Branch-Name
X-NODE
X-Via-Poph
X-Via-Popn
X-Agile
X-Agile-Age
X-Page-View
X-Agile-Id
X-Ftr-Cache-Host
X-PF-Uncompressing
HostName
X-B3-Traceid
X-RateLimit-Remaining
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-GEO
X-Servedbyhost
M-TraceId
NGX
X-Pinterest-Sli-Latency-Threshold
X-Pinterest-Sli-Response-Type
SRV
X-LI-Proto
X-Pinterest-Sli-Endpoint-Name
Xserver
X-Datadome
X-B3-Spanid
X-Ua-Device
X-Mvc-Supplant-OutputCached
X-Nginx-Cache
Hostname
X-Dc
Arc-Country
X-Via-CDN
X-Instart-Request-ID
X-Cdn-Forward
X-SERVER
X-Edge-Server
X-Request-Time
Viewtype
WebServer
Cdn-Request-Time
X-Check-Cacheable
Cdn-Host
X-Varnish-Hostname
VivaBuild
X-Bc
X-Zone
X-RunCloud-Cache
X-Via-Ucdn
X-SERVER-NAME
X-VCL-Version
X-Sql-Count
X-NU-AKA-ACS-Version
X-UnsetCookies
X-Sql-Duration-Ms
Srv
X-SRV
X-Cluster-Node
Memory
X-FPC
X-APP
X-Action
X-DB
X-CF-Powered-By
X-DI
X-DW
X-RPM
X-RSL
WWW-Authenticate
X-DSS
Edge-Copy-Time
X-Cache-Remote
X-Via-SSL
X-Via-Popv
X-Via-Edge
X-ID
X-RPS
X-Cs
X-HS-Status
X-Vgn-Hpd-Ssi
SID
X-NGINX-Cache
X-LLID
X-We-Are-Hiring
ProcessTime
X-Svr
X-Srv
X-Www-Served-By
X-Oss-Cdn-Auth
Actual-Object-TTL
NtCoent-Length
X-ORACLE-APMCS-REQUEST-ID
X-LiteSpeed-Cache-Control
X-MP-GENERATED-AT
On-Server
X-Vcache
X-Hit
X-Geo
ServedBy
GeoIP-Latitude
GeoIP-Country-Code
Apigw-Requestid
X-Dynatrace-Js-Agent
GeoIp-Country-Code
Cache-Hits
X-S-Maxage
Geoip-Latitude
Geo-Info
X-CSRF-TOKEN
X-Unique-ID
User-Agent
Amp-Access-Control-Allow-Source-Origin
T-Server
W
Server-Info
X-Akamai-Request-ID2
Processtime
Sid
XServer
X-FORWARDED-FOR
LB
X-Pass-Why
X-Epic-Correlation-Id
X-MSEdge-Flight
X-MSEdge-Features
X-HOST
Ohc-File-Size
X-Envoy-Upstream-Healthchecked-Cluster
CF-IPCountry
N-Cache
Cdn
Pics-Label
Server-Host
X-Tb
X-Presslabs-Stats
X-HITS
X-Varnish-Hits
X-FC-Vary-Parameters
X-Vcl-Version
X-Cache-Hm
Accept-Language
Magicmarker
WZWS-RAY
X-Cache-Hfrom
S-Rt
Protected
X-Mobile-Rewrite
X-Fpc
X-Pjax-Url
X-Webkit-CSP-Report-Only
X-Nc
X-VC
X-Fastly-Country-Code
X-SB
X-Erf-Stays-Bingo-Pdp-Web
Esi-Enabled
A
X-Key
Cteonnt-Length
X-Info
X-Uri
X-CACHE-KEY
X-COUNTRY
Origin-Edge-Control
CDN
X-Via-NSCOPI
Origin-Cache-Control
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Lb
Ohc-Cache-HIT
Proxy-Firewall
X-Newrelic-Synthetics
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
User-Cache-Control
X-Dispatch
X-TT-LOGID
X-Instart-Info
Tracecode
X-Acc-Rdl
X-Provided-By
Odigeo-Trace-Id
DSUID
Ssr
X-Li-Proto
X-Newrelic-App-Data
X-Geo-Region
Section-Origin-Responded
X-B3-SpanId
X-ServedByHost
Powered-By
Section-Io-Id
Section-Io-Origin-Status
X-StackifyID
Section-Io-Origin-Time-Seconds
X-UA-Device-Type
X-Dynatrace
Cache-Key
X-TH-Server
HitType
Lfy
X-Akamai-Pragma-Client-IP
Server-Ttl
X-Magnolia-Registration
X-Served-From
X-RAMCache
Cache-Name
X-Cache-Tag
X-Origin-Date
X-Block-Status
X-Cache-ASPX
X-BBXSRF
X-BBC-Edge-Cache-Status
Web-Mar-Node
X-API-Version
X-Cache-Expires
X-Cache-Info
X-Gen-Mode
X-GeoIP-City
X-Gdpr
X-ElasticPress-Query
X-Contensis-Viewer-Groups
X-Developer
Vix-Hermes-Req-Id
Locid
SR-User-Adfree
Thinkindot-CacheControl
Sever-Int
Server-ID
Server-Ext
Server-Hostname
Thinkindot-CacheControl-Type
Path
X-Goog-Meta-Goog-Reserved-File-Mtime
V-Age
MIME-Version
True-Client-Country-4JS
Thinkindot-Control
X-Via-PopN
X-Matched-Rule
X-SRCache-Key
X-SVT-ORM-RULES
X-SIPLIST1
X-Sigma-Backend
X-ServiceProvider
X-Sigma
X-SVT-ORM-VERSION
X-Thinkindot-L3
X-VC-Cache
X-VServer
X-Varnish-Url
X-Varnish-Authentication
X-Traceid
X-User
X-Server-IP
X-SD-PageType
X-Nyt-Route
X-Origin-CC
X-Node-Id
X-Nginx-Cache-Key
X-Loc
IsBot
X-Origin-Expires
X-Origin-Time
X-Response-By
X-Rocket-Build-Number
X-Request-URI
X-RateLimit-Remaining-Second
X-Origin-TTL
X-RateLimit-Limit-Second
X-Hnp-Log
Release
D-Cc-Upstream
X-Cc-Req-Id
X-Cc-Via
BehaviorPad-Version
Fastcgi-Cache-TTL
X-Generated
X-TrackingId
Cache-Provider
X-Men
X-Lb-Id
FNAC-ModuleRouting
CDCHOST
X-Via-PopV
Instruction
X-Via-PopH
X-No-Cache
X-WA
X-App
Xet-Cookie
Kp-EeAlive
X-Agile-Brick-Ok
X-Device-Os
X-Fetched-On
X-LiteSpeed-Tag
X-Swa-Ws
X-Generated-In
X-Var-Ttl
X-Cache-Spec
X-Tt-Logid
X-Batcache
Cache-Host
X-Scheme
X-Azure-Ref-OriginShield
Pramga
Tcn
X-RateLimit-Limit
X-PJAX-URL
X-Sn-Servicetimems
X-Parent-Response-Time
X-Trace-Id
Inserted-Into-Cache-At
X-Pf-Uncompressing
Cf-Alt-Svc
Who
X-Yottaa-OS
X-HostName
X-Varnish-Beresp-TTL
X-Planisys-CDN-Cache
X-Cdn-Origin
X-Planisys-CDN-TTL
X-NodeID
Dnion-Transfer-Encoding
X-Planisys-CDN-Rules
X-Path-Route
X-Selected-Scheme
X-Selected-Name
X-Selected-Host-Header
CountryCode
Source
X-CacheTTL
X-MiniProfiler-Ids
X-BBC-Origin-Response-Status
Mime-Version
Resin-Trace
X-C
Req-Svc-Chain
X-Snapshot-Date
X-Apw-Access-Token
Pragrma
X-Proxy-Cachei7
X-Vgn-Hpd-Reason
PICS-Label
X-Apw-Access-Action
X-Apw-Access-Object
X-Dw-Trace-Id
X-Apw-Hits
Vha6-Origin
X-Request-URL