Threat Level: green Handler on Duty: Remco Verhoef

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
Accept-Ranges
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
CF-RAY
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
P3P
X-Cache-Hits
Alt-Svc
X-Served-By
CF-Ray
X-Xss-Protection
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-Iinfo
P3p
X-Content-Security-Policy
X-AspNetMvc-Version
Status
Content-Encoding
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Ua-Compatible
X-Age
X-Cache-Group
X-Server
X-Backend
X-Amz-Request-Id
X-Hacker
X-Robots-Tag
X-Amz-Id-2
X-UA-Device
X-AH-Environment
Request-Context
X-Proxy-Cache
EagleId
X-Turbo-Charged-By
X-Server-Powered-By
X-Template
Server-Timing
X-Language
X-Nginx-Cache-Status
Grace
Host-Header
Report-To
X-Dns-Prefetch-Control
X-Rq
X-Page-Speed
Xkey
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-Buckets
X-Vhost
X-WebKit-CSP
X-Host
X-Backend-Server
NEL
X-Server-Id
X-Dispatcher
X-Device
Surrogate-Control
X-Node
X-Ruxit-JS-Agent
Request-Id
Content-Location
Accept-CH-Lifetime
X-Response-Time
EagleEye-TraceId
Accept-CH
X-Cache-Lookup
X-Akam-SW-Version
X-Origin-Cache
X-Ac
Allow
X-Readtime
Rating
X-Mod-Pagespeed
X-HW
X-Country
X-Application-Context
X-Cloud-Trace-Context
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Edge-Control
Pinterest-Generated-By
X-TtlSet
X-PC
X-Vname
X-MS-InvokeApp
X-Cnection
X-Country-Code
X-DataDome
X-Varnish-TTL
X-CST
X-GitHub-Request-Id
X-Content-Type
X-D2id
X-Clacks-Overhead
X-Server-Name
X-Trace
X-Sol
Display
X-Middleton-Display
X-Middleton-Response
Pagespeed
Response
X-Origin-Upstream-Status
X-Pinterest-Rid
Pinterest-Version
MS-Author-Via
Fusion-Component-Id
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Content-Id
Fusion-Source
X-Vcap-Request-Id
X-Abt-Application-Version
X-Px
X-Rack-Cache
X-TTL
X-Navigation-Version
X-B3-TraceId
X-ESI
X-FastCGI-Cache
Service-Worker-Allowed
Verso
X-Fastly-Request-ID
Arr-Disable-Session-Affinity
X-Client-IP
X-Url
X-Element-Page-Cache
X-Webkit-CSP
X-Cached
X-Cache-TTL
X-DynaTrace
X-FTR-Request-ID
X-Dw-Request-Base-Id
X-SharePointHealthScore
SPRequestGuid
X-VARITI-CCR
X-Exp-Id
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Exp-Variant
X-Powered-By-Plesk
X-Goog-Hash
X-Upstream
X-NF-Request-ID
Fastly-Restarts
AR-CACHE
AR-ATIME
AR-Request-ID
AR-PoweredBy
X-Debug
Ar-Sid
Content-MD5
X-MSEdge-Ref
X-Pinterest-Direct
SPIisLatency
SPRequestDuration
X-Forwarded-Proto
X-Powered-CMS
X-Version
Access-Control-Request-Method
X-Release
X-T
X-Amz-Rid
X-Jurisdiction
S
X-Content-Digest
X-Edge
X-XRDS-Location
RTSS
TP-L2-Cache
TP-Cache
Accept-Ch
TCN
Cache-Tag
X-Litespeed-Cache
X-Ezoic-Cdn
Public-Key-Pins
X-Cache-Key
Front-End-Https
X-Mid
X-Node-Name
X-MCACHE
X-Yandex-Sdch-Disable
Server-Node
X-Request-Received
X-Request-Processing-Time
X-Mg-S
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-Recruiting
X-Amzn-Trace-Id
X-HP-Webp
X-B3-TraceId-Primal
X-SRCache-Fetch-Status
X-Accel-Expires
X-SRCache-Store-Status
Mrf-Cache-Status
MRF-Tech
X-Ser
X-Ttl
X-Kinsta-Cache
X-PressLabs-Stats
X-Grace
X-NWS-LOG-UUID
X-Microsite
X-Request-Handler-Origin-Region
X-ASPNET-VERSION
X-Origin-Server
Accept-Charset
X-Varnish-Age
X-Logged-In
MicrosoftSharePointTeamServices
ServerID
Cf-Bgj
X-DIS-Request-ID
X-Page-Id
Host
X-Ratelimit-Remaining
X-Cache-Hit
X-Shield-Request-Id
Edge-Cache-Tag
Nginx-Cache
X-ECACHE
X-Content-Security-Policy-Report-Only
X-Server-ID
X-Hits
X-B
Powered-By-ChinaCache
Cache-Tags
X-Forwarded-For
X-F-Cache
X-Mobile-URL
X-LB-Cache
Cleartype
X-Respond-Thread
X-Az
X-AppVersion
X-Activity-Id
Accept-Ch-Lifetime
Realpath
X-Git-Hash
X-URL
X-Hostname
X-Cached-By
X-N
X-Content-Options
X-Ratelimit-Limit
Alternate-Protocol
X-Upgrade-Enabled
DynaTrace
X-Type
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Rid
X-Load-Cache
X-Jobs
X-Varnish-Backend
Paypal-Debug-Id
X-Request-Guid
X-App-Environment
X-Amz-Meta-S3cmd-Attrs
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
Fastcgi-Useragent
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-DC
X-Country-Code-Real
X-FTR-Expires
X-Seen-By
Access-Control-Allow-Method
X-Cache-Age
X-Proxy
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-WebKit-CSP-Report-Only
X-Zen-Fury
X-HS-Content-Id
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-HS-Cache-Config
X-HS-Hub-Id
X-Goog-Metageneration
X-Goog-Generation
X-FireWall-Port
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Akamai-Edgescape
X-HS-Combine-CSS
Charset
X-B3-Sampled
X-FB-Debug
Filterid
X-VCache
X-Daa-Tunnel
X-Correlation-ID
X-Varnish-Grace
X-IPLB-Instance
Filters
X-Signature
X-B-Cache
X-Host-Name
Healthy
X-AOL-HN
X-Debug-Info
DC
MS-CV
X-Mobile
X-Whom
Viewport
X-Region
AMP-Access-Control-Allow-Source-Origin
X-Geo-Country
X-User-Agent
X-App-Server
X-Frontend
Liferay-Portal
X-Accel-Buffering
X-Original-Request-Id
Payment
X-Cache-Rule
X-Response-Served-From
X-Cache-Operation
X-XRDS-LOCATION
X-Instance
X-HTML-Minification-Powered-By
X-UUID
X-Distributor
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Tumblr-Pixel
Surrogate-Key
X-Rule
X-FW-Type
X-FW-Hash
X-FW-Dynamic
X-Cacheable-TTL
X-Cache-Time
X-FW-Serve
X-FW-Server
X-Tumblr-User
X-Acc-Debug-Context
X-FW-Static
X-Tumblr-Pixel-0
X-Content-Powered-By
X-Protected-By
Refresh
X-Amz-Replication-Status
X-Id
S-Cnection
X-Via-JSL
X-Is-Bot
X-Cache-Expired-At
X-Rendered-As
Content-Disposition
X-Wix-Request-Id
Section-Io-Cache
X-Hyper-Cache
Version
Nel
X-App-Version
X-Sucuri-ID
X-Backend-Name
X-Amz-Apigw-Id
X-Amzn-RequestId
Datacenter
X-Cache-Action
X-Ah-Environment
X-Pinterest-Sli-Endpoint-Name
X-Pinterest-Sli-Response-Type
Server-Name
X-Oneagent-Js-Injection
X-Endurance-Cache-Level
X-Tec-Api-Origin
CACHE
X-Tec-Api-Root
X-Pinterest-Sli-Latency-Threshold
X-Tec-Api-Version
Retry-After
PB-PID
Arc-Version
PB-RID
X-Cache-Server
GEO-INFO
X-Ua
X-Air-Hostname
X-Source
Eomportal-Instance
X-Real-IP
X-EdgeConnect-Cache-Status
Referer-Policy
X-Framework
X-ProcessESI
X-RemovedCookies
X-Yottaa-Metrics
Frame-Options
X-L-Path
X-Varnish-Server
X-Environment-Context
X-Sucuri-Cache
X-Yottaa-Optimizations
Ms-Operation-Id
X-Drupal-Cache-Contexts
NGB
X-Revision
X-RTag
X-Unique-Id
Webserver
Countrycode
Akamai-Age-Ms
X-Correlation-Id
X-Cache-Control
X-ES-SERVER
X-Drupal-Cache-Tags
X-WA-Info
X-RN-RSRV
X-Proxy-Cache-Status
X-Cache-Var
Meta-Geo
X-Cache-Var-Map
X-Azure-Ref
X-Mode
Cache-Tv-Group
X-Xfnlog-Site
X-BYPASS-REASON
X-Qloud-Router
X-GeoIP
X-DynaTrace-JS-Agent
X-Cache-TTL-Remaining
X-R9-Blue-Green-Version
X-ProxyCache-Key
X-ProxyCache-Status
DB-Nickname
X-Time-Microsecs
X-Cache-Host
X-LJ-Flow-ID
X-Hosted-By
X-FW-Version
X-Handled-By
X-Human
X-Cluster
X-Labrador-Cache-Channel
X-PCL
TWC-Locale-Group
X-VWS-Id
Mn-Server-Ip
TWC-Privacy
Webcakes-App-Name
X-TNCMS
TWC-GeoIP-LatLong
Ec-Rule-Version
Cross-Origin-Window-Policy
X-Server-W
X-Status
Property-Id
TWC-Connection-Speed
X-OCL
X-Amzn-Remapped-Content-Length
X-AWS-Id
TWC-GeoIP-Country
X-NYM-Debug-Backend
X-Origin-Hint
X-PHP-Host
X-Hl-Ver
TWC-Device-Class
X-Redis-Cache
Webcakes-App-Version
X-Loop
Webcakes-Region
X-From
X-Locale
X-ServerID
X-Proxied
X-Format
X-FB-TRIP-ID
Selected-Fe
X-TIME
X-Detected-As
X-Proxy-Build
X-Routing-Service
X-Via-Fastly
X-Zipkin-Id
X-Be
X-No-Session
X-Timing-Wait
X-Section
X-Site-Version
X-Proto
X-Contextid
X-Access
X-Providence-Cookie
X-Route-Name
X-Aspnet-Duration-Ms
X-NewRelic-App-Data
X-Is-Crawler
X-Flags
FSS-Cache
X-Adobe-Loc
X-Adobe-Content
Uber-Trace-Id
X-CDN-Forward
X-Debug-Cache
X-Cache-PHP
X-AIR-PT
X-Device-Type
X-ATG-Version
X-Generated-By
X-PHP-Backend
X-TT
X-BCube-Filmed-By
X-Ratelimit-Reset
X-Tt-Trace-Host
X-Cache-Spec
X-Tt-Trace-Tag
X-Esi
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-CSRF-Token
Upgrade-Insecure-Requests
Azure-Version
X-NC
Azure-SiteName
Azure-SlotName
X-Varnish-Cache-Hits
Azure-InstanceId
Azure-RegionName
X-LLID
X-Fastcgi-Cache
Access-Control-Request-Headers
OT-Force-Account-Verify
From-Origin
X-NCache
X-COUNTRY
X-UPSTREAM-Address
Cache
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Server-Time
X-Origin
X-Akamai-Transformed
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-GoCache-CacheStatus
X-FTR-Cache-Host
X-CCM
X-Cache-2
X-Adobe-Source
X-Page-View
X-SaId
Powered
X-JoinUs
CF-Cached-On
X-Backend-TTL
SD-X-WS
X-Sorting-Hat-ShopId
X-ShardId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Alternate-Cache-Key
X-ShopId
X-LAGOON
X-Varnishpool
X-Storefront-Renderer-Rendered
X-Pubstack
X-ID
X-G
X-Backend-Host
X-Cache-Grace
X-Time
X-PERF
X-Forwarded-Host
X-ApacheServer
Cache-Status
X-Say-TTL
X-Say-Cacheable
Decoy-Debug-TTL
X-SayCDN-TTL
Fastly-SSL
X-Cluster-Name
Decoy-Debug-Key
X-Storage
Country
Decoy-Debug-Status
X-Web-Node
X-Soup
Node
X-ECache
SRV
X-Ruxit-Js-Agent
X-IP
X-NWS-UUID-VERIFY
X-Viewer-Country
X-TX-ID
X-Cache-Enabled
X-EC-Lua
X-Cdn
X-A-Dam
MD5-Digest
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-A-Ccd
Apple-News-Services-Handled
Mobile-Detection-Method
X-A
DCR-Processing-Time-Ms
DCR-Decision-By
Fastcgi-X-Cache-Version
Host-ID
Machine
Rendered-Blocks
Meta-Geo-Continent
X-Cache-NE
X-ScT
X-S-Cookie
X-S
X-Session-Fingerprint
X-Trv-Group
X-Vdms-Version
X-PBS-Appsvrname
X-Destination
X-External-Request-Id
X-Rojux
X-RCS-CacheZone
X-Processor
X-PAYTM-SRV-ID
X-Request-UUID
X-APP-VERSION
X-Rewrite-Enabled
X-A-Dcw
X-D
X-Vdms-Path
X-B-Cookie
Xc-Version
X-Worker
X-CF-Lambda-Fn
X-ARC
X-Application
X-A-Dgt
X-A-Wwc
X-Aed
X-Tumblr-Pixel-3
X-Vtex-Remote-Cache
X-CF-Lambda-Version
X-Vtex-Processado-Em
X-Connection-Hash
X-VG-WebServer
X-VG-WebCache
X-IPS-LoggedIn
X-Via-CDN
X-Cache-Config
X-VG-TLSProxy
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Platform-Server
X-Varnish-CookieINHashed-On
X-Servername
X-WADP-Cache
X-Variation
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
CDN-Cache
Fastly-SWR
Gh-Request-Id
Fastly-SIE
X-DefElseHash
CloudFront-Viewer-Country
X-DefHash
X-CUA
X-Core-Value
Platform
X-Cache-Bucket
X-Cache-Debug
X-Clara-WADP
Is-Eu
X-Cms-Context
CDN-Uid
CDN-RequestId
X-Generation-Time
X-Fmm-Version
X-Micro-Cache
X-Microcachable
Adler-Geo
X-Ms-Request-Id
X-Fastly-Cache
X-Envoy-Decorator-Operation
CDN-PullZone
CDN-RequestCountryCode
CDN-EdgeStorageId
CDN-CachedAt
X-DPWN-IS-SECURE
X-Ms-Version
X-Auto-Login
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-Bc-Bl
X-B3-Traceid
X-GEO
X-Cache-Backend
Backend
X-UA
X-Core-Mission
X-Clientip
X-Cache-Id
X-Cache-NGX
X-Gamma-Serve
X-Developers
X-Fastly-Backend
X-Cache-Date
X-Esi-Check
X-Dispatcher-Server
X-Varnish-Ttl
PFcat
Rt-Fastcgi-Cache
Origin
NM-Fastcgi-Cache
L
Wxu-Next-Commit
Wxu-Next-Hostname
X-Bip
X-Backend-State
X-Generated-On
Wxu-Next-Region
X-Branch-Name
X-Gzip
X-Skip-Cache
X-Slack-Backend
X-Request-Start
X-Request-Host
X-Owner
X-Policy
X-Thanos
X-Varnish-Cacheable
X-Irp-Debug
X-Platform
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-VarnishDD-TTL
X-Webstats-RespID
X-OVcl-Cache
X-OVcl
X-Is-Gdpr
X-JWT-State
X-HS-Content-Campaign-Id
X-HN
X-Has-Esi
X-Hash
X-Level-Front-Cache
X-Li-Fabric
X-Method
X-Old-Content-Length
X-Location
X-LI-UUID
X-Li-Pop
X-Geo-Header
X-SN
CacheControlHeader
Fastly-Drupal-HTML
Fastly-Backend-Name
C-Via
Akamai-GRN
AKAMAI
X-B3-Spanid
X-CS
X-Cache-Tags
X-CGP
X-Mvc-Supplant-Cachable
Pagetype
X-Eu-Site
X-Csrf-Jwt
X-Transaction
X-Render-Time
X-Content-Age
X-PF-Uncompressing
X-Twitter-Response-Tags
Ha-Gx-Prefs
L5d-Success-Class
HA-Ipaddr
X-Reqid
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-EIG-Tracking-Id
X-TA-CDN-Provider
FSS-Proxy
X-DC
X-Refresh
X-Cache-Remote
X-Minions-Version
X-Sql-Duration-Ms
X-Sql-Count
X-Wa
Country-Code
X-Aicache-OS
X-Amz-Meta-Cb-Modifiedtime
UCS
X-NODE
X-Via-Poph
Surrogated-Key
X-Date
X-Accel-Expires-Debug
X-Via-Popn
X-NGENIX-Cache
X-Hp-Webp
X-CACHE-AGE
X-SRV
X-Vgn-Hpd-Cached
X-Presslabs-Stats
X-Edge-Location
X-LB-ID
X-Www-Served-By
X-RateLimit-Remaining
X-Req
XServer
X-Up
X-Vgn-Hpd-Variations-Key
X-NU-AKA-ACS-Version
NGX
X-Dc
Ufe-Result
Hostname
Group
We-Hiring
X-Cdn-Srv
X-Cache-URL
X-Mvc-Supplant-OutputCached
Memcached
X-S-Maxage
HostName
Mail-Subject
X-Ftr-Cache-Host
X-Debug-Cache-Fetch
X-Debug-Cache-Store
Time
Protected
X-Check-Cacheable
Cache-Hits
X-LI-Proto
X-Ua-Device
X-Nginx-Cache
Edge-Copy-Time
X-Via-Edge
X-Proxy-Upstream
X-Via-SSL
X-Servedbyhost
X-FPC
Now
X-Svr
Geoip-Latitude
GeoIp-Country-Code
ServedBy
X-Varnish-Hostname
On-Server
X-ZONE
X-BC
X-Agile-Id
X-Agile-Age
X-Agile
X-Request-Time
T-Server
X-Cdn-Forward
X-FORWARDED-FOR
X-Acc-Rdl
X-Pass-Why
M-TraceId
X-VCL-Version
X-CSRF-TOKEN
X-Cluster-Node
X-LiteSpeed-Cache-Control
X-NGINX-Cache
SID
X-UnsetCookies
Xserver
X-Cs
X-Via-Popv
X-Uri
X-MP-GENERATED-AT
X-Datadome
Server-Host
N-Cache
Pics-Label
X-Varnish-Hits
X-Dynatrace-Js-Agent
X-Zone
WZWS-RAY
X-Bc
X-CF-Powered-By
X-Srv
X-HS-Status
X-SB
X-VC
X-APP
Arc-Country
Magicmarker
X-Erf-Stays-Bingo-Pdp-Web
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Origin-Responded
NtCoent-Length
Section-Io-Id
Ohc-File-Size
VivaBuild
Cdn-Host
Viewtype
ProcessTime
Cdn-Request-Time
Processtime
X-TT-LOGID
X-Edge-Server
X-We-Are-Hiring
Apigw-Requestid
X-Info
Ohc-Cache-HIT
DSUID
User-Agent
Memory
X-MSEdge-Features
X-MSEdge-Flight
Sid
X-RunCloud-Cache
X-UA-Device-Type
Cache-Name
W
X-Via-Ucdn
X-Action
Srv
Geo-Info
Odigeo-Trace-Id
User-Cache-Control
LB
X-Origin-Date
X-RPM
Tracecode
X-RSL
X-Oss-Cdn-Auth
X-DI
X-Unique-ID
Cteonnt-Length
X-DSS
X-DW
X-RPS
X-DB
WWW-Authenticate
CF-IPCountry
X-HOST
Server-Info
CountryCode
X-Newrelic-App-Data
S-Rt
Ssr
X-Vcl-Version
X-Geo
X-Vgn-Hpd-Ssi
X-Tb
WebServer
CDN
X-Dynatrace
X-HITS
X-Cache-Hm
X-Magnolia-Registration
X-Cache-Hfrom
Amp-Access-Control-Allow-Source-Origin
Lfy
X-Pjax-Url
X-Hit
X-Webkit-CSP-Report-Only
X-API-Version
Web-Mar-Node
Vix-Hermes-Req-Id
Thinkindot-CacheControl-Type
Thinkindot-Control
Thinkindot-CacheControl
V-Age
True-Client-Country-4JS
Locid
CDCHOST
X-Scheme
X-Cc-Req-Id
D-Cc-Upstream
Instruction
IsBot
Sever-Int
Server-Hostname
Server-Ext
X-BBXSRF
SR-User-Adfree
X-Cache-Info
X-SIPLIST1
X-SRCache-Key
X-Server-IP
X-Response-By
X-Origin-TTL
X-Request-URI
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Varnish-Url
X-VServer
X-Varnish-Authentication
X-User
X-Thinkindot-L3
X-Origin-Time
X-Origin-Expires
X-Gdpr
X-Gen-Mode
X-Developer
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Newrelic-Synthetics
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hnp-Log
X-Nyt-Route
X-Origin-CC
X-Node-Id
X-Nginx-Cache-Key
X-Matched-Rule
X-Block-Status
X-Cc-Via
X-Fastly-Country-Code
A
X-CLOUD-TRACE-CONTEXT
X-Nc
X-CACHE-KEY
X-Cdn-Origin
X-SD-PageType
X-Loc
X-GeoIP-City
X-Akamai-Request-ID2
X-NodeID
Pramga
Release
Path
MIME-Version
X-Generated-In
Server-ID
X-FC-Vary-Parameters
X-Sn-Servicetimems
X-Azure-Ref-OriginShield
X-Traceid
X-Device-Os
X-BBC-Edge-Cache-Status
X-Var-Ttl
X-Fetched-On
X-Cache-Expires
GeoIP-Country-Code
Lb
GeoIP-Latitude
X-Provided-By
Cdn
X-Envoy-Upstream-Healthchecked-Cluster
X-Fpc
X-Swa-Ws
X-Trace-Id
X-ServedByHost
X-Epic-Correlation-Id
X-Li-Proto
Cache-Host
X-Via-NSCOPI
Tcn
X-Cache-Tag
X-Lb-Id
Cf-Device-Type
Source
Accept-Language
FNAC-ModuleRouting
X-Men
X-Browser-Type
Esi-Enabled
X-StackifyID
X-SERVER-NAME
Server-Ttl
X-Akamai-Pragma-Client-IP
X-Amzn-Remapped-Date
X-Origin-Response-Time
X-Served-From
X-TH-Server
X-Sigma-Backend
X-Amzn-Remapped-Connection
X-Rocket-Build-Number
Cache-Key
Kp-EeAlive
X-Sigma
Actual-Object-TTL
X-ORACLE-APMCS-REQUEST-ID
X-B3-SpanId
X-HostName
Expiry
Content-Style-Type
Content-Script-Type
X-Parent-Response-Time
X-Instart-Request-ID
X-Via-PopV
X-Key
Cache-Provider
X-Via-PopN
X-Via-PopH
X-WA
X-No-Cache
Req-Svc-Chain
X-RateLimit-Remaining-Second
X-Tt-Logid
X-RateLimit-Limit-Second
X-Batcache
X-VC-Cache
X-Vgn-Hpd-Reason
X-ServiceProvider
X-Request-URL
X-Agile-Brick-Ok
Url
Inserted-Into-Cache-At
X-Mobile-Rewrite
X-ElasticPress-Query
Location
X-Yottaa-OS
X-MiniProfiler-Ids
X-Vcache
X-Instart-Info
X-Proxy-Cachei7
X-RateLimit-Limit
Xkeyi7
URI
X-B3-Parentspanid
X-PJAX-URL
Who
X-BBC-Origin-Response-Status
Content-Secure-Policy
X-Akamai-Request-ID
X-Apw-Hits
X-Apw-Access-Token
Origin-Cache-Control
X-Varnish-Beresp-TTL
Origin-Edge-Control
X-Dispatch
X-Apw-Access-Object
X-Apw-Access-Action
Proxy-Firewall
X-Selected-Name
X-Selected-Scheme
X-Geo-Region
X-Selected-Host-Header
Mime-Version
Vha6-Origin
EpKe-Alive
Powered-By
X-TraceId
BehaviorPad-Version
X-Dw-Trace-Id
Pragrma
Xet-Cookie
PICS-Label
HitType
Cf-Alt-Svc
X-Snapshot-Date
X-C
X-RAMCache
Resin-Trace
NnCoection