Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
CF-Ray
P3P
X-Xss-Protection
Alt-Svc
X-Served-By
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Methods
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Permitted-Cross-Domain-Policies
X-Request-ID
P3p
X-Cache-Status
X-Generator
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Upgrade
X-Template
Content-Encoding
X-Language
X-CDN
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Ws-Request-Id
X-Buckets
X-Age
Feature-Policy
X-Backend
X-AH-Environment
X-UA-Device
X-Hacker
X-Robots-Tag
X-Cache-Group
EagleId
X-Server
X-Amz-Request-Id
X-Amz-Id-2
X-Proxy-Cache
X-Turbo-Charged-By
X-Server-Powered-By
Request-Context
Server-Timing
Host-Header
X-Nginx-Cache-Status
Grace
Xkey
X-Dns-Prefetch-Control
Report-To
X-Page-Speed
X-Rq
Cf-Bgj
X-LiteSpeed-Cache
X-Varnish-Cache
X-OneAgent-JS-Injection
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-Vhost
NEL
X-Dispatcher
X-Host
X-Backend-Server
X-Device
X-Node
Surrogate-Control
X-Cache-Lookup
X-Origin-Cache
X-Response-Time
X-Ruxit-JS-Agent
Content-Location
X-Akam-SW-Version
Request-Id
X-ASPNET-VERSION
X-Ac
X-Server-Id
Akamai-Age-Ms
X-Country
X-Mod-Pagespeed
X-HW
Rating
EagleEye-TraceId
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Readtime
X-Cloud-Trace-Context
Accept-CH
Accept-CH-Lifetime
Pinterest-Generated-By
X-Application-Context
X-Origin-Upstream-Status
X-DataDome
Edge-Control
X-Country-Code
X-PC
X-TtlSet
X-Vname
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Deployment-Id
X-Varnish-TTL
X-Cnection
X-Url
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-D2id
X-ESI
X-GitHub-Request-Id
X-Server-Name
X-MS-InvokeApp
X-Clacks-Overhead
X-Content-Type
X-Navigation-Version
X-FTR-Request-ID
X-Abt-Application-Version
Verso
X-Vcap-Request-Id
Accept-Ch
X-Trace
Pinterest-Version
X-Px
X-Pinterest-Rid
Allow
X-Sol
Display
Pagespeed
Response
X-Middleton-Display
X-Middleton-Response
X-Cached
X-Element-Page-Cache
X-DynaTrace
X-Rack-Cache
X-Fastly-Request-ID
Service-Worker-Allowed
X-B3-TraceId
Accept-Ch-Lifetime
X-TTL
X-Server-ID
X-Client-IP
X-Cache-TTL
X-Powered-By-Plesk
X-Version
Arr-Disable-Session-Affinity
MS-Author-Via
X-Forwarded-Proto
X-T
X-Upstream
X-NF-Request-ID
X-Debug
Content-MD5
Fastly-Restarts
SPRequestGuid
X-Dw-Request-Base-Id
X-SharePointHealthScore
AR-ATIME
AR-PoweredBy
AR-CACHE
AR-Request-ID
Ar-Sid
X-VARITI-CCR
X-Jurisdiction
X-Kinja-Server
X-Kinja-Revision
X-Use-Magma
X-Kinja-Build
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja
X-Goog-Hash
Access-Control-Request-Method
X-Powered-CMS
X-Content-Digest
TP-L2-Cache
TP-Cache
X-PressLabs-Stats
X-XRDS-Location
X-Release
X-NWS-LOG-UUID
X-Edge
X-MSEdge-Ref
RTSS
SPIisLatency
SPRequestDuration
X-Amz-Rid
Public-Key-Pins
Cache-Tag
TCN
Fastcgi-Cache
X-Request-Received
X-Request-Processing-Time
S
X-Yandex-Sdch-Disable
X-FastCGI-Cache
X-Accel-Expires
X-Ezoic-Cdn
X-MCACHE
X-Cache-Hit
X-Ttl
X-Mid
ServerID
Server-Node
X-Logged-In
X-Amzn-Trace-Id
X-Cache-Key
X-Node-Name
X-ECACHE
X-Ratelimit-Remaining
Alternate-Protocol
Front-End-Https
X-Microsite
X-Request-Handler-Origin-Region
X-Pinterest-Direct
X-Ser
X-Webkit-CSP
X-Recruiting
X-Origin-Server
X-Page-Id
X-Kinsta-Cache
X-B
X-Mobile-URL
Host
Accept-Charset
X-Ratelimit-Limit
Realpath
X-Hostname
X-Forwarded-For
X-FTR-DC
X-FTR-Realm
X-FireWall-Port
X-FTR-Expires
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Content-Security-Policy-Report-Only
Nginx-Cache
X-Seen-By
X-Load-Cache
Filterid
X-Jobs
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Varnish-Age
X-Content-Options
X-Id
X-CST
X-DIS-Request-ID
X-Shield-Request-Id
X-AppVersion
X-Daa-Tunnel
X-Az
X-Activity-Id
X-Correlation-ID
Paypal-Debug-Id
X-F-Cache
X-Type
X-App-Environment
X-Zen-Fury
Edge-Cache-Tag
X-Rid
X-LB-Cache
X-Varnish-Backend
X-Git-Hash
X-Varnish-Grace
X-Grace
X-N
X-Request-Guid
X-Hits
X-FB-Debug
X-Amz-Server-Side-Encryption
X-App-Server
X-Proxy
Fastcgi-Useragent
DC
AMP-Access-Control-Allow-Source-Origin
X-Cdn
X-Akamai-Edgescape
X-WebKit-CSP-Report-Only
Content-Disposition
X-Hp-Webp
Cache-Tags
X-Endurance-Cache-Level
X-Content-Powered-By
X-Cache-Rule
DynaTrace
X-Cache-Operation
Access-Control-Allow-Method
X-Upgrade-Enabled
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Mg-S
X-VCache
X-Geo-Country
X-Wix-Request-Id
X-Cached-By
Cleartype
MicrosoftSharePointTeamServices
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Original-Request-Id
X-Response-Served-From
X-Amz-Meta-S3cmd-Attrs
Refresh
Powered
X-Accel-Buffering
X-XRDS-LOCATION
X-IPLB-Instance
X-B3-Sampled
X-Amzn-RequestId
X-Amz-Apigw-Id
MS-CV
X-AOL-HN
X-HS-Cache-Config
X-HS-Hub-Id
X-User-Agent
X-Fastcgi-Cache
NGB
X-HS-Combine-CSS
X-HS-Content-Id
X-B-Cache
Payment
X-Goog-Storage-Class
X-Signature
X-Region
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Goog-Generation
X-Goog-Metageneration
Healthy
X-Rule
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Host-Name
X-Whom
X-FW-Serve
X-Distributor
X-FW-Dynamic
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-UUID
X-Cache-Time
X-FW-Server
X-FW-Hash
X-FW-Type
X-FW-Static
X-HTML-Minification-Powered-By
X-Tec-Api-Version
X-Instance
X-Is-Bot
X-Tec-Api-Root
X-Tec-Api-Origin
X-Rendered-As
X-Cacheable-TTL
Datacenter
X-Frontend
PB-RID
Arc-Version
PB-PID
Countrycode
X-Varnish-Server
X-Mobile
Surrogate-Key
X-Debug-Info
X-Cache-Age
X-DynaTrace-JS-Agent
X-HP-Webp
X-App-Version
X-PHP-Backend
X-Oneagent-Js-Injection
X-FTR-Cache-Host
X-NewRelic-App-Data
X-Backend-Name
X-Azure-Ref
X-Via-JSL
X-Ua
S-Cnection
X-Cache-Server
Cache
Webserver
X-WA-Info
Powered-By-ChinaCache
X-Protected-By
X-Hyper-Cache
X-Cache-Control
Referer-Policy
Retry-After
X-Respond-Thread
Filters
From-Origin
Charset
Liferay-Portal
X-EdgeConnect-Cache-Status
X-Time
Viewport
X-URL
X-ProcessESI
X-Cache-Expired-At
X-Proxy-Cache-Status
X-RemovedCookies
X-ES-SERVER
Section-Io-Cache
X-GeoIP
X-Cache-Var
X-Mode
X-R9-Blue-Green-Version
X-Source
X-FB-TRIP-ID
X-Cache-Var-Map
Eomportal-Instance
Meta-Geo
X-Debug-Cache
X-Revision
X-RN-RSRV
X-Cache-Action
X-Device-Type
X-Framework
X-RTag
X-Server-W
X-Ruxit-Js-Agent
X-Qloud-Router
X-From
X-Sucuri-ID
X-Amz-Replication-Status
Ms-Operation-Id
X-LJ-Flow-ID
X-PCL
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-LatLong
X-Site-Version
Mn-Server-Ip
X-Origin-Hint
X-Via-Fastly
X-BYPASS-REASON
X-AWS-Id
X-ProxyCache-Status
Webcakes-Region
X-ProxyCache-Key
Webcakes-App-Version
Property-Id
X-VWS-Id
Webcakes-App-Name
DB-Nickname
TWC-GeoIP-Country
X-Time-Microsecs
TWC-Device-Class
X-Environment-Context
X-L-Path
X-Ratelimit-Reset
X-Locale
TWC-Connection-Speed
X-OCL
X-ServerID
X-CSRF-Token
X-Proxy-Build
X-Status
X-Amzn-Remapped-Content-Length
X-Handled-By
Cache-Tv-Group
Selected-Fe
Cross-Origin-Window-Policy
X-Routing-Service
X-Timing-Wait
X-FW-Version
X-Acc-Debug-Context
X-Hl-Ver
X-Proxied
X-Zipkin-Id
X-Cache-Host
X-Varnish-Cache-Hits
X-Hosted-By
X-JoinUs
X-Redis-Cache
X-Labrador-Cache-Channel
X-Proto
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Be
X-Xfnlog-Site
X-Access
X-Format
X-Real-IP
X-NYM-Debug-Backend
X-Section
X-PHP-Host
X-SaId
X-Human
X-Cluster
Uber-Trace-Id
X-Generated-By
X-TA-CDN-Provider
Ec-Rule-Version
X-TNCMS
X-Loop
X-NWS-UUID-VERIFY
X-Detected-As
X-BCube-Filmed-By
X-Origin
Frame-Options
CF-Cached-On
Server-Name
X-Cache-TTL-Remaining
X-ATG-Version
X-NCache
X-No-Session
Version
X-Cache-PHP
FSS-Cache
X-EIG-Tracking-Id
X-Instart-Request-ID
X-Contextid
X-Sucuri-Cache
X-Tt-Trace-Tag
X-Air-Hostname
X-Tt-Trace-Host
X-IPS-LoggedIn
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
X-Vgn-Hpd-Cached
X-EC-Lua
X-Vgn-Hpd-Variations-Key
X-Cache-Enabled
GEO-INFO
Now
X-Tumblr-Pixel-3
X-Unique-Id
X-IP
X-Bc-Bl
X-CACHE-AGE
Time
X-Akamai-Transformed
X-Litespeed-Cache
X-Backend-Host
X-UA
X-Cache-Backend
X-TT
X-TIME
OT-Force-Account-Verify
Node
X-Adobe-Content
X-RCS-CacheZone
Azure-RegionName
Azure-SlotName
Azure-Version
X-GoCache-CacheStatus
Azure-SiteName
X-Adobe-Loc
Azure-InstanceId
Access-Control-Request-Headers
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Cache-NE
X-NGENIX-Cache
X-Oss-Storage-Class
X-Pubstack
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Adobe-Source
X-APP-VERSION
X-CDN-Forward
X-CCM
X-S-Cookie
X-ScT
Apple-News-Services-Parsed-Url
X-S
X-Rojux
Apple-News-Services-Request-Url
X-Rewrite-Enabled
X-ARC
Apple-News-Services-Host
X-B-Cookie
Apple-News-Services-Handled
X-Vdms-Version
X-Twitter-Response-Tags
X-Trv-Group
X-Transaction
CloudFront-Viewer-Country
X-Vdms-Path
X-CF-Lambda-Fn
X-D
X-Generation-Time
Rendered-Blocks
X-G
X-Date
X-Destination
X-External-Request-Id
Surrogated-Key
X-Connection-Hash
X-PBS-Appsvrname
X-CF-Lambda-Version
X-Application
X-PAYTM-SRV-ID
X-OVcl-Cache
X-Minions-Version
X-OVcl
X-Processor
X-Up
DCR-Decision-By
DCR-Processing-Time-Ms
MD5-Digest
X-VG-WebCache
Mobile-Detection-Method
X-Accel-Expires-Debug
X-Worker
Xc-Version
X-A-Wwc
Fastcgi-X-Cache-Version
X-A-Ccd
X-A
Host-ID
X-A-Dam
Machine
X-A-Dgt
X-A-Dcw
X-Aed
Meta-Geo-Continent
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-VG-WebServer
X-Sorting-Hat-PodId
X-PERF
X-Viewer-Country
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-ApacheServer
X-ShopId
X-Storefront-Renderer-Rendered
X-Varnishpool
X-ShardId
X-Forwarded-Host
X-Shopify-Stage
X-Core-Value
X-Varnish-Beresp-Ttl
AKAMAI
X-CUA
X-Dispatcher-Server
CacheControlHeader
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Correlation-Id
X-Cache-Bucket
X-Cache-2
Wxu-Next-Commit
Wxu-Next-Hostname
X-Agile
X-Cache-Grace
X-Bip
X-Agile-Id
X-Cms-Context
X-Varnish-Ttl
X-Agile-Age
X-Clara-WADP
We-Hiring
X-AIR-PT
X-Owner
X-Soup
X-Storage
X-Thanos
X-SN
X-Reqid
CDN-Uid
X-Render-Time
X-Edge-Location
X-Dc
NM-Fastcgi-Cache
Mail-Subject
Fastly-SSL
X-Request-UUID
SD-X-WS
X-Webstats-RespID
X-VG-TLSProxy
X-WADP-Cache
HostName
X-Platform
X-Req
X-Hash
X-Fmm-Version
CDN-RequestCountryCode
Wxu-Next-Region
CDN-PullZone
X-Generated-On
CDN-CachedAt
CDN-Cache
X-HS-Content-Campaign-Id
X-Microcachable
X-Envoy-Decorator-Operation
X-TX-ID
X-Micro-Cache
X-Method
X-Level-Front-Cache
CDN-RequestId
CDN-EdgeStorageId
Akamai-GRN
Decoy-Debug-TTL
Decoy-Debug-Key
X-Cdn-Forward
Decoy-Debug-Status
L5d-Success-Class
M-TraceId
PFcat
Pagetype
Ufe-Result
X-Gamma-Serve
Adler-Geo
Fastly-SIE
Fastly-SWR
X-VarnishDD-TTL
X-Varnish-Cacheable
X-Policy
X-Proxy-Upstream
Is-Eu
Platform
X-Servername
X-Skip-Cache
X-Variation
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Backend-TTL
X-DPWN-IS-SECURE
X-Location
X-HN
X-Cache-URL
X-Cdn-Srv
X-CGP
X-Cache-NGX
X-Cache-Id
X-Auto-Login
X-Cache-Config
X-Cluster-Name
X-Core-Mission
HA-Ipaddr
X-Geo-Header
X-Gzip
X-Eu-Site
X-Esi-Check
X-Csrf-Jwt
X-Developers
X-Amz-Meta-Cb-Modifiedtime
X-Fastly-Cache
Ha-Gx-Prefs
Country-Code
Backend
Cache-Status
X-VHOST
Fastly-Drupal-HTML
Country
Gh-Request-Id
Group
X-RateLimit-Remaining
X-NC
X-Web-Node
X-Content-Age
X-Wikidot-Backend
X-Wikidot-Static-Cache
C-Via
X-Esi
Fastly-Backend-Name
X-Slack-Backend
X-Request-Host
X-Old-Content-Length
L
X-Say-Cacheable
X-SayCDN-TTL
X-Say-TTL
X-Irp-Debug
UCS
X-JWT-State
X-Is-Gdpr
X-Has-Esi
Memcached
X-Li-Pop
X-CS
X-Request-Start
X-LI-UUID
X-Fastly-Backend
X-Li-Fabric
X-Cache-Date
X-Clientip
X-Backend-State
Rt-Fastcgi-Cache
X-Cache-Tags
Nel
X-ORACLE-APMCS-REQUEST-ID
X-Mvc-Supplant-Cachable
Origin
X-Ms-Request-Id
X-Ms-Version
X-PF-Uncompressing
Arc-Country
Actual-Object-TTL
X-B3-Spanid
X-Refresh
X-NODE
Viewtype
X-Aicache-OS
VivaBuild
X-Wa
Srv
X-BC
NGX
X-ZONE
X-Via-Poph
X-Via-Ucdn
FSS-Proxy
X-LB-ID
X-Via-Popn
X-RunCloud-Cache
X-LAGOON
Geo-Info
X-B3-Traceid
X-Platform-Server
X-Unique-ID
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-DefHash
X-DefElseHash
X-Varnish-CookieINHashed-On
Upgrade-Insecure-Requests
X-Srv
Memory
X-Vgn-Hpd-Ssi
Cdn-Host
X-Mvc-Supplant-OutputCached
X-Branch-Name
X-Edge-Server
X-LI-Proto
Cdn-Request-Time
X-Servedbyhost
X-SERVER
X-UPSTREAM-Address
X-Cache-Debug
X-Session-Fingerprint
X-Zone
X-Bc
X-Mobile-Rewrite
Sid
X-LiteSpeed-Cache-Control
X-Geo
X-Request-Time
X-Cluster-Node
Server-Info
X-NGINX-Cache
X-Action
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Akamai-Request-ID2
X-FPC
X-Epic-Correlation-Id
X-APP
X-FC-Vary-Parameters
X-Hit
CACHE
X-CF-Powered-By
X-DW
WWW-Authenticate
X-Via-Popv
X-Varnish-Hostname
X-RPM
X-RSL
X-RPS
X-DB
X-DSS
X-DI
X-Cs
X-Nc
X-Nginx-Cache
X-CSRF-TOKEN
Apigw-Requestid
X-ECache
X-Route-Name
X-Is-Crawler
Xserver
X-Providence-Cookie
GeoIp-Country-Code
Geoip-Latitude
X-Aspnet-Duration-Ms
X-Oss-Cdn-Auth
X-MP-GENERATED-AT
X-Flags
XServer
X-GEO
X-DC
X-Vcache
Hostname
X-HS-Status
X-Vcl-Version
NtCoent-Length
User-Agent
ProcessTime
X-VCL-Version
X-Check-Cacheable
Origin-Edge-Control
Origin-Cache-Control
X-SERVER-NAME
Processtime
CF-IPCountry
X-FORWARDED-FOR
X-NU-AKA-ACS-Version
GeoIP-Country-Code
X-Ftr-Cache-Host
Accept-Language
GeoIP-Latitude
X-Page-View
X-Tb
X-Dynatrace-Js-Agent
X-Key
X-Dispatch
X-HOST
Esi-Enabled
X-UnsetCookies
X-Envoy-Upstream-Healthchecked-Cluster
X-Via-CDN
X-Webkit-CSP-Report-Only
SID
SRV
X-HITS
HitType
X-Cache-Hfrom
X-App
W
X-Cache-Hm
X-Via-SSL
X-Via-Edge
X-Fpc
Edge-Copy-Time
Proxy-Firewall
X-Svr
X-Pass-Why
X-Fastly-Country-Code
X-RAMCache
X-Sql-Duration-Ms
Lb
X-Generated
On-Server
CDN
X-Www-Served-By
Fastcgi-Cache-TTL
Cdn
BehaviorPad-Version
X-Path-Route
A
X-We-Are-Hiring
X-Sql-Count
X-CACHE-KEY
X-COUNTRY
Ohc-File-Size
ServedBy
X-Geo-Region
Cache-Hits
X-TrackingId
Amp-Access-Control-Allow-Source-Origin
Cteonnt-Length
S-Rt
LB
Xet-Cookie
WebServer
N-Cache
T-Server
X-SRV
X-MSEdge-Flight
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Instart-Info
Powered-By
X-Newrelic-App-Data
X-MSEdge-Features
X-Pjax-Url
X-Newrelic-Synthetics
X-ServedByHost
X-S-Maxage
Server-Host
X-Li-Proto
X-Cache-Remote
X-Dynatrace
X-Origin-Response-Time
X-Datadome
X-Akamai-Pragma-Client-IP
Cache-Key
Content-Script-Type
Tcn
WZWS-RAY
X-Lb-Id
X-TH-Server
X-HostName
X-Batcache
X-Served-From
X-LiteSpeed-Tag
Magicmarker
Pics-Label
Content-Style-Type
X-VC
X-SB
Odigeo-Trace-Id
X-RateLimit-Limit
X-Via-NSCOPI
Cache-Provider
X-Region-Sid
X-StackifyID
X-Via-PopH
X-TT-LOGID
X-Via-PopN
X-Via-PopV
Dnion-Transfer-Encoding
Ohc-Cache-HIT
User-Cache-Control
X-Presslabs-Stats
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
Cf-Alt-Svc
X-Planisys-CDN-Cache
X-Info
X-B3-SpanId
X-Varnish-Hits
X-WA
X-ID
X-Agile-Brick-Ok
X-Tt-Logid
Load-Balancing
X-Vgn-Hpd-Reason
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Cache-Tag
Inserted-Into-Cache-At
Server-Ttl
X-PJAX-URL
Who
X-Developer
X-Yottaa-OS
X-Origin-CC
X-SRCache-Key
AsisCache
GEO-REGION-INFO
X-Pf-Uncompressing
X-Parent-Response-Time
X-Origin-TTL
X-Pad
X-Magnolia-Registration
X-DevSite-Last-Modified
X-Tid
Proxy-Connection
Source
CountryCode
X-BACKEND-TTL
X-Selected-Host-Header
X-Selected-Name
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-UA-Device-Type
Protected
Cache-Name
DSUID
Section-Io-Id
X-Selected-Scheme
Section-Origin-Responded
X-ElasticPress-Query
X-Hnp-Log
X-Loc
X-Logging-Id
X-Goog-Meta-Goog-Reserved-File-Mtime
Warning
X-Request-URL
URI
Pragrma
X-Matched-Rule
X-RateLimit-Remaining-Second
X-Request-URI
X-Uri
X-RateLimit-Limit-Second
X-Origin-Expires
X-Nginx-Cache-Key
X-NodeID
X-Origin-Date
X-GeoIP-City
X-Gen-Mode
X-Cdn-Request-ID
X-Apw-Access-Token
PICS-Label
X-Cdn-Origin
X-Apw-Access-Object
X-Block-Status
X-Cache-Info
X-Apw-Access-Action
X-Contensis-Viewer-Groups
X-Apw-Hits
X-Akamai-Request-ID
X-Fetched-On
X-Cache-ASPX
X-Device-Os
X-Varnish-Beresp-TTL
X-ServiceProvider
X-BBXSRF
X-Generated-In
X-SVT-ORM-VERSION
Server-Ext
X-Compress-Hint
Release
X-Fastly-Cache-Hits
Server-Hostname
Sever-Int
Thinkindot-CacheControl
X-Akamai-ERPolicy
X-Akamai-ERRuleID
Pramga
X-Proxy-Cachei7
Locid
X-Nananana
Kp-EeAlive
Cneonction
FNAC-ModuleRouting
CDCHOST
Path
MIME-Version
Vha6-Origin
Thinkindot-CacheControl-Type
X-Swa-Ws
X-Thinkindot-L3
X-Trace-Id
X-MiniProfiler-Ids
IsBot
Mime-Version
X-Sn-Servicetimems
X-SVT-ORM-RULES
X-C
Web-Mar-Node
X-Var-Ttl
X-Azure-Ref-OriginShield
Tracecode
Thinkindot-Control
V-Age
Vix-Hermes-Req-Id
X-Varnish-Authentication
X-Varnish-URL
X-Dw-Trace-Id
X-SIPLIST1