Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
Age
CF-RAY
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-Xss-Protection
P3P
Alt-Svc
X-Served-By
CF-Ray
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Methods
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
P3p
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
Status
Upgrade
X-AspNetMvc-Version
X-Template
Content-Encoding
X-Language
Access-Control-Max-Age
X-CDN
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Ws-Request-Id
X-Buckets
X-Age
Feature-Policy
X-Backend
X-AH-Environment
X-UA-Device
X-Hacker
X-Cache-Group
X-Robots-Tag
EagleId
X-Server
X-Amz-Request-Id
X-Amz-Id-2
X-Proxy-Cache
X-Turbo-Charged-By
X-Server-Powered-By
Request-Context
Server-Timing
Host-Header
X-Nginx-Cache-Status
Grace
Xkey
X-Dns-Prefetch-Control
Report-To
X-Page-Speed
X-Rq
Cf-Bgj
X-LiteSpeed-Cache
X-Varnish-Cache
X-OneAgent-JS-Injection
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
X-Vhost
NEL
X-Dispatcher
X-Host
X-Backend-Server
X-Node
X-Device
Surrogate-Control
X-Cache-Lookup
X-Origin-Cache
X-Ruxit-JS-Agent
X-Response-Time
Content-Location
X-Akam-SW-Version
Request-Id
X-ASPNET-VERSION
X-Ac
X-Server-Id
Akamai-Age-Ms
X-Country
X-Mod-Pagespeed
X-HW
Rating
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-Readtime
X-ORACLE-DMS-RID
Accept-CH
X-Cloud-Trace-Context
Accept-CH-Lifetime
Pinterest-Generated-By
X-Application-Context
X-Origin-Upstream-Status
X-DataDome
Edge-Control
X-Country-Code
X-PC
X-TtlSet
X-Vname
X-Url
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Template-Id
X-Varnish-TTL
X-Cnection
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-D2id
X-ESI
X-GitHub-Request-Id
X-Server-Name
X-MS-InvokeApp
X-Clacks-Overhead
X-Content-Type
X-Navigation-Version
X-FTR-Request-ID
X-Abt-Application-Version
Verso
X-Vcap-Request-Id
Accept-Ch
X-Trace
X-Pinterest-Rid
Pinterest-Version
X-Px
Allow
X-Middleton-Display
Response
Display
X-Sol
X-Middleton-Response
Pagespeed
X-Cached
X-Rack-Cache
X-Element-Page-Cache
Service-Worker-Allowed
X-B3-TraceId
Accept-Ch-Lifetime
X-DynaTrace
X-TTL
X-Fastly-Request-ID
X-Server-ID
X-Client-IP
X-Cache-TTL
X-Powered-By-Plesk
X-Version
Arr-Disable-Session-Affinity
X-Forwarded-Proto
X-Upstream
MS-Author-Via
X-T
X-NF-Request-ID
X-Debug
Content-MD5
Fastly-Restarts
SPRequestGuid
X-SharePointHealthScore
X-Dw-Request-Base-Id
AR-PoweredBy
AR-ATIME
AR-CACHE
AR-Request-ID
Ar-Sid
X-VARITI-CCR
X-Jurisdiction
X-Use-Magma
X-Kinja-Revision
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-Goog-Hash
Access-Control-Request-Method
X-Powered-CMS
X-Content-Digest
X-PressLabs-Stats
TP-L2-Cache
X-XRDS-Location
TP-Cache
X-Release
X-NWS-LOG-UUID
X-Edge
X-MSEdge-Ref
RTSS
SPRequestDuration
SPIisLatency
X-Amz-Rid
Cache-Tag
Public-Key-Pins
TCN
Fastcgi-Cache
X-Request-Received
X-Request-Processing-Time
S
X-Yandex-Sdch-Disable
X-Accel-Expires
X-FastCGI-Cache
X-Ttl
X-MCACHE
X-Mid
X-Ezoic-Cdn
ServerID
X-Cache-Hit
Server-Node
X-Logged-In
X-Amzn-Trace-Id
X-Cache-Key
X-Node-Name
X-ECACHE
X-Ratelimit-Remaining
Alternate-Protocol
Front-End-Https
X-Microsite
X-Request-Handler-Origin-Region
X-Pinterest-Direct
X-Ser
X-Recruiting
X-Webkit-CSP
X-Origin-Server
X-Kinsta-Cache
X-Page-Id
X-B
X-Mobile-URL
X-Ratelimit-Limit
Host
Accept-Charset
Realpath
X-Hostname
X-Forwarded-For
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Expires
X-FTR-Realm
X-FireWall-Port
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend
X-FTR-Backend-Server
X-Content-Security-Policy-Report-Only
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Nginx-Cache
Filterid
X-Seen-By
X-Load-Cache
Mrf-Cache-Status
X-Varnish-Age
MRF-Tech
X-Jobs
X-B3-TraceId-Primal
X-Id
X-Content-Options
X-CST
X-DIS-Request-ID
X-Shield-Request-Id
X-Activity-Id
X-AppVersion
X-Az
X-Daa-Tunnel
X-Correlation-ID
Paypal-Debug-Id
X-Type
X-App-Environment
X-Zen-Fury
X-Rid
X-F-Cache
Edge-Cache-Tag
X-LB-Cache
X-Git-Hash
X-Varnish-Backend
X-Varnish-Grace
X-Grace
X-N
X-Request-Guid
X-Amz-Server-Side-Encryption
X-FB-Debug
X-Hits
X-Proxy
X-App-Server
Fastcgi-Useragent
AMP-Access-Control-Allow-Source-Origin
DC
X-Cdn
X-Akamai-Edgescape
Content-Disposition
X-WebKit-CSP-Report-Only
X-Hp-Webp
X-Endurance-Cache-Level
X-Content-Powered-By
Cache-Tags
DynaTrace
X-Cache-Operation
X-Cache-Rule
Access-Control-Allow-Method
X-Upgrade-Enabled
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-VCache
X-Geo-Country
X-Mg-S
X-Wix-Request-Id
MicrosoftSharePointTeamServices
Cleartype
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Cached-By
X-Original-Request-Id
X-Accel-Buffering
X-XRDS-LOCATION
X-Response-Served-From
Refresh
Powered
X-Amz-Meta-S3cmd-Attrs
X-B3-Sampled
X-IPLB-Instance
X-Amzn-RequestId
X-User-Agent
X-Amz-Apigw-Id
NGB
X-Fastcgi-Cache
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
MS-CV
X-Tumblr-User
Payment
X-Tumblr-Pixel
X-Region
X-B-Cache
X-Tumblr-Pixel-0
Healthy
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Signature
X-Goog-Generation
X-Rule
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-FW-Dynamic
X-FW-Hash
X-FW-Type
X-FW-Static
X-Cache-Time
X-UUID
X-Tumblr-Pixel-1
X-Whom
X-Tumblr-Pixel-2
X-FW-Serve
X-AOL-HN
X-FW-Server
X-Host-Name
X-HTML-Minification-Powered-By
X-Instance
X-Tec-Api-Version
X-Distributor
X-Tec-Api-Root
X-Tec-Api-Origin
X-Rendered-As
X-Frontend
X-Is-Bot
X-Cacheable-TTL
PB-RID
PB-PID
Arc-Version
Countrycode
X-Mobile
Datacenter
X-Debug-Info
X-Varnish-Server
Surrogate-Key
X-HP-Webp
X-Cache-Age
X-DynaTrace-JS-Agent
X-PHP-Backend
X-Oneagent-Js-Injection
X-App-Version
X-NewRelic-App-Data
X-FTR-Cache-Host
X-Backend-Name
X-Azure-Ref
X-Via-JSL
X-Ua
Cache
X-Cache-Server
S-Cnection
X-WA-Info
Powered-By-ChinaCache
Webserver
X-Protected-By
X-Hyper-Cache
X-Cache-Control
Referer-Policy
Retry-After
X-Respond-Thread
From-Origin
Filters
Charset
Liferay-Portal
Viewport
X-Time
X-ProcessESI
X-Proxy-Cache-Status
X-Cache-Expired-At
X-EdgeConnect-Cache-Status
X-RemovedCookies
X-R9-Blue-Green-Version
Meta-Geo
X-Cache-Var
X-Revision
X-ES-SERVER
X-RN-RSRV
X-Cache-Var-Map
X-FB-TRIP-ID
Section-Io-Cache
X-Debug-Cache
X-GeoIP
X-Mode
X-From
X-Server-W
Ms-Operation-Id
X-Ruxit-Js-Agent
X-Device-Type
X-Framework
X-Cache-Action
X-Sucuri-ID
X-Qloud-Router
X-Source
X-Amz-Replication-Status
Eomportal-Instance
X-RTag
X-Site-Version
X-Ratelimit-Reset
X-AWS-Id
X-Origin-Hint
X-OCL
X-BYPASS-REASON
Property-Id
X-PCL
X-Via-Fastly
X-ProxyCache-Key
Mn-Server-Ip
X-LJ-Flow-ID
TWC-Connection-Speed
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
TWC-Privacy
TWC-Locale-Group
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-ProxyCache-Status
X-Time-Microsecs
DB-Nickname
X-VWS-Id
X-Locale
X-Amzn-Remapped-Content-Length
X-Environment-Context
Selected-Fe
Cache-Tv-Group
X-Timing-Wait
X-Routing-Service
X-Zipkin-Id
X-CSRF-Token
X-Acc-Debug-Context
X-Proxied
X-Proxy-Build
Cross-Origin-Window-Policy
X-FW-Version
X-Hl-Ver
X-Handled-By
X-L-Path
X-Access
X-Redis-Cache
X-Real-IP
X-Section
X-Cache-Host
X-Format
X-Human
X-Be
X-Yottaa-Optimizations
X-ServerID
X-NYM-Debug-Backend
X-Xfnlog-Site
X-Proto
X-PHP-Host
X-Yottaa-Metrics
X-Labrador-Cache-Channel
X-Varnish-Cache-Hits
X-Status
X-Cluster
X-Generated-By
X-Hosted-By
X-SaId
Uber-Trace-Id
X-JoinUs
X-TA-CDN-Provider
X-Loop
X-TNCMS
Ec-Rule-Version
X-NWS-UUID-VERIFY
X-BCube-Filmed-By
CF-Cached-On
X-Origin
X-Detected-As
Server-Name
X-ATG-Version
Frame-Options
X-NCache
X-Cache-TTL-Remaining
X-No-Session
X-Cache-PHP
X-URL
X-Contextid
X-Instart-Request-ID
X-EIG-Tracking-Id
X-Sucuri-Cache
FSS-Cache
X-Tt-Trace-Host
X-Tt-Trace-Tag
Version
X-Air-Hostname
X-Drupal-Cache-Contexts
X-Vgn-Hpd-Cached
X-IPS-LoggedIn
X-Vgn-Hpd-Variations-Key
X-Drupal-Cache-Tags
X-EC-Lua
Now
GEO-INFO
X-Cache-Enabled
X-Unique-Id
X-Tumblr-Pixel-3
X-IP
X-Aspnetmvc-Version
X-CACHE-AGE
X-Bc-Bl
X-Akamai-Transformed
Time
X-Litespeed-Cache
X-Cache-Backend
X-Backend-Host
X-TIME
X-UA
X-TT
Node
OT-Force-Account-Verify
Azure-InstanceId
Azure-RegionName
Azure-Version
X-RCS-CacheZone
X-GoCache-CacheStatus
Azure-SlotName
Azure-SiteName
X-Adobe-Content
X-Adobe-Loc
Access-Control-Request-Headers
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Cache-NE
X-NGENIX-Cache
X-Adobe-Source
X-APP-VERSION
X-Dc
X-Pubstack
X-Oss-Storage-Class
X-CCM
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Trv-Group
X-VG-WebServer
X-Twitter-Response-Tags
Mobile-Detection-Method
Xc-Version
Fastcgi-X-Cache-Version
X-Application
X-ARC
Host-ID
X-VG-WebCache
MD5-Digest
X-Connection-Hash
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Vdms-Version
X-Vdms-Path
X-Up
Meta-Geo-Continent
X-Date
X-Destination
X-Aed
X-D
Machine
X-B-Cookie
X-CDN-Forward
X-Rewrite-Enabled
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Rojux
X-Minions-Version
Rendered-Blocks
X-Worker
Apple-News-Services-Host
Surrogated-Key
X-PAYTM-SRV-ID
X-PBS-Appsvrname
Apple-News-Services-Handled
X-OVcl-Cache
X-OVcl
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-A
X-S
CloudFront-Viewer-Country
X-Accel-Expires-Debug
X-A-Wwc
X-G
DCR-Decision-By
X-Transaction
DCR-Processing-Time-Ms
X-Generation-Time
X-Processor
X-A-Ccd
X-S-Cookie
X-A-Dam
X-A-Dcw
X-A-Dgt
X-ScT
X-External-Request-Id
X-Storefront-Renderer-Rendered
X-PERF
X-Alternate-Cache-Key
X-ShopId
X-ShardId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Varnishpool
X-Viewer-Country
X-ApacheServer
X-Forwarded-Host
CDN-Cache
CacheControlHeader
X-Webstats-RespID
SD-X-WS
CDN-Uid
NM-Fastcgi-Cache
Fastly-SSL
X-WADP-Cache
Mail-Subject
CDN-RequestId
CDN-EdgeStorageId
CDN-PullZone
CDN-CachedAt
X-Clara-WADP
X-Generated-On
X-SN
X-Hash
X-Soup
X-Storage
X-Thanos
X-Fmm-Version
X-HS-Content-Campaign-Id
X-Level-Front-Cache
X-Req
X-Render-Time
X-Platform
X-Reqid
X-Microcachable
X-Method
X-Micro-Cache
X-Envoy-Decorator-Operation
X-Edge-Location
X-Agile-Age
X-Agile-Id
X-VG-TLSProxy
X-Agile
Wxu-Next-Region
Wxu-Next-Commit
Wxu-Next-Hostname
X-Bip
X-Cache-2
X-Core-Value
X-CUA
X-Dispatcher-Server
X-Cms-Context
AKAMAI
X-Cache-Bucket
X-Cache-Grace
We-Hiring
CDN-RequestCountryCode
X-Correlation-Id
X-AIR-PT
X-Request-UUID
X-Varnish-Ttl
X-TX-ID
HostName
Akamai-GRN
X-Cdn-Forward
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
X-Esi-Check
Country
Country-Code
Platform
X-Gzip
X-HN
X-Varnish-Beresp-Ttl
X-Servername
X-Varnish-Beresp-Grace
HA-Ipaddr
Ha-Gx-Prefs
X-Geo-Header
Fastly-SWR
Fastly-SIE
L5d-Success-Class
PFcat
Gh-Request-Id
Pagetype
X-Eu-Site
Adler-Geo
X-Skip-Cache
Is-Eu
X-Varnish-Beresp-Status
X-Developers
X-Cache-URL
X-Cache-NGX
X-VarnishDD-TTL
X-Owner
X-DPWN-IS-SECURE
X-Varnish-Cacheable
X-Cache-Id
X-Proxy-Upstream
X-Policy
X-Amz-Meta-Cb-Modifiedtime
X-Auto-Login
X-VHOST
X-Cache-Config
X-Cdn-Srv
Ufe-Result
X-Core-Mission
X-Variation
X-Csrf-Jwt
Backend
M-TraceId
Cache-Status
X-Rebelmouse-Surrogate-Control
X-CGP
X-Fastly-Cache
X-Cluster-Name
X-Backend-TTL
X-Rebelmouse-Cache-Control
X-Location
X-NC
X-RateLimit-Remaining
X-Wikidot-Static-Cache
UCS
X-Content-Age
X-Web-Node
X-Wikidot-Backend
C-Via
Fastly-Drupal-HTML
X-Clientip
X-Request-Host
X-Cache-Tags
X-Old-Content-Length
Fastly-Backend-Name
X-Fastly-Backend
X-Has-Esi
X-Li-Pop
X-LI-UUID
X-Li-Fabric
X-JWT-State
X-Is-Gdpr
X-Request-Start
X-Cache-Date
X-Say-Cacheable
Memcached
Group
X-Esi
X-Gamma-Serve
X-Irp-Debug
L
X-Say-TTL
X-Backend-State
Rt-Fastcgi-Cache
X-SayCDN-TTL
Nel
X-ORACLE-APMCS-REQUEST-ID
X-Refresh
X-Mvc-Supplant-Cachable
X-PF-Uncompressing
X-Ms-Version
X-B3-Spanid
Actual-Object-TTL
X-Slack-Backend
X-Ms-Request-Id
Origin
Arc-Country
X-CS
X-NODE
X-Wa
VivaBuild
Viewtype
X-Aicache-OS
X-ZONE
X-BC
Srv
NGX
X-RunCloud-Cache
X-LB-ID
X-Via-Ucdn
FSS-Proxy
X-Platform-Server
X-B3-Traceid
X-Via-Poph
X-LAGOON
X-Via-Popn
Geo-Info
X-Unique-ID
X-DefElseHash
X-Varnish-CookieINHashed-On
X-DefHash
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-Srv
Upgrade-Insecure-Requests
X-LI-Proto
X-Edge-Server
X-Servedbyhost
X-Branch-Name
X-Mvc-Supplant-OutputCached
Memory
Cdn-Request-Time
Cdn-Host
X-Vgn-Hpd-Ssi
X-UPSTREAM-Address
X-SERVER
X-Session-Fingerprint
X-Bc
X-Cache-Debug
Sid
X-Zone
X-Mobile-Rewrite
X-Geo
X-LiteSpeed-Cache-Control
X-Request-Time
Server-Info
X-Cluster-Node
X-Cs
X-FC-Vary-Parameters
X-Action
X-FPC
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Akamai-Request-ID2
X-APP
X-NGINX-Cache
X-Epic-Correlation-Id
CACHE
X-Hit
X-Via-Popv
X-DW
X-DB
X-RPM
X-RSL
X-RPS
X-CF-Powered-By
X-Varnish-Hostname
X-DI
WWW-Authenticate
X-DSS
X-Nc
X-Nginx-Cache
Apigw-Requestid
X-ECache
X-CSRF-TOKEN
X-Oss-Cdn-Auth
X-Aspnet-Duration-Ms
Geoip-Latitude
X-Providence-Cookie
X-MP-GENERATED-AT
Xserver
X-Route-Name
X-Flags
GeoIp-Country-Code
X-Is-Crawler
X-Vcache
XServer
X-GEO
Hostname
User-Agent
X-HS-Status
NtCoent-Length
X-Vcl-Version
Origin-Edge-Control
X-VCL-Version
X-SERVER-NAME
Processtime
X-DC
Origin-Cache-Control
X-FORWARDED-FOR
CF-IPCountry
ProcessTime
X-Tb
GeoIP-Latitude
GeoIP-Country-Code
X-NU-AKA-ACS-Version
X-Dispatch
X-Ftr-Cache-Host
X-Dynatrace-Js-Agent
X-Check-Cacheable
Accept-Language
X-Key
X-Page-View
X-HOST
X-Dynatrace
X-Via-CDN
X-Envoy-Upstream-Healthchecked-Cluster
Esi-Enabled
X-HITS
X-Webkit-CSP-Report-Only
HitType
SRV
X-Fastly-Country-Code
Edge-Copy-Time
X-Fpc
X-UnsetCookies
X-App
X-Cache-Hfrom
X-Cache-Hm
X-Svr
X-Via-SSL
X-Pass-Why
Proxy-Firewall
W
X-Via-Edge
SID
X-Sql-Count
X-RAMCache
BehaviorPad-Version
Cdn
Lb
X-Sql-Duration-Ms
X-Www-Served-By
X-Path-Route
Fastcgi-Cache-TTL
CDN
X-Generated
A
On-Server
X-We-Are-Hiring
X-CACHE-KEY
X-COUNTRY
X-Geo-Region
ServedBy
S-Rt
Cache-Hits
Amp-Access-Control-Allow-Source-Origin
Ohc-File-Size
X-TrackingId
Cteonnt-Length
X-Oracle-Dms-Rid
Xet-Cookie
LB
WebServer
Powered-By
N-Cache
X-MSEdge-Features
X-Amzn-Remapped-Date
X-MSEdge-Flight
X-Instart-Info
X-Newrelic-App-Data
X-Amzn-Remapped-Connection
T-Server
Server-Host
X-Newrelic-Synthetics
X-Pjax-Url
X-SRV
X-Li-Proto
X-S-Maxage
X-ServedByHost
X-Datadome
X-Cache-Remote
X-Origin-Response-Time
Content-Style-Type
X-TH-Server
Content-Script-Type
Pics-Label
X-Batcache
Magicmarker
X-Via-PopN
X-Via-PopH
X-Lb-Id
X-Akamai-Pragma-Client-IP
WZWS-RAY
X-HostName
X-Served-From
X-LiteSpeed-Tag
Tcn
Cache-Key
X-Fastly-Request-Id
X-RateLimit-Limit
X-Via-NSCOPI
X-Via-PopV
Cache-Provider
X-StackifyID
Odigeo-Trace-Id
X-VC
X-SB
Ohc-Cache-HIT
Dnion-Transfer-Encoding
User-Cache-Control
X-TT-LOGID
X-Region-Sid
X-Presslabs-Stats
X-Planisys-CDN-Cache
Cf-Alt-Svc
X-Planisys-CDN-Rules
X-B3-SpanId
X-Info
Load-Balancing
X-ID
X-Tt-Logid
X-Planisys-CDN-TTL
X-WA
X-Varnish-Hits
X-Agile-Brick-Ok
X-Erf-Bev-Bev
X-Cache-Tag
X-Erf-Bev-Bev-Is-Generated
X-Vgn-Hpd-Reason
X-Origin-CC
Inserted-Into-Cache-At
X-DevSite-Last-Modified
X-PJAX-URL
X-Developer
X-SRCache-Key
X-Pf-Uncompressing
Server-Ttl
X-Magnolia-Registration
Who
X-Tid
AsisCache
X-Parent-Response-Time
GEO-REGION-INFO
X-Origin-TTL
X-Yottaa-OS
X-Pad
Section-Io-Id
Proxy-Connection
Cache-Name
DataCenter
X-Selected-Scheme
Section-Origin-Responded
X-Selected-Host-Header
X-Selected-Name
X-BACKEND-TTL
X-ElasticPress-Query
Source
Section-Io-Origin-Time-Seconds
X-UA-Device-Type
Section-Io-Origin-Status
DSUID
CountryCode
PICS-Label
X-Apw-Access-Token
X-Request-URI
X-Generated-In
X-C
Warning
X-SVT-ORM-RULES
Protected
X-Swa-Ws
X-Gen-Mode
X-Origin-Expires
X-Origin-Date
X-Sn-Servicetimems
X-SVT-ORM-VERSION
X-Apw-Hits
X-NodeID
X-Varnish-Beresp-TTL
X-Apw-Access-Action
X-Apw-Access-Object
X-RateLimit-Limit-Second
X-Hnp-Log
X-Logging-Id
X-Loc
Pragrma
X-ServiceProvider
X-RateLimit-Remaining-Second
X-Nginx-Cache-Key
X-Matched-Rule
X-GeoIP-City
X-SIPLIST1
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Request-URL
X-Cdn-Request-ID
Release
Pramga
Path
MIME-Version
Server-Ext
Server-Hostname
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Sever-Int
X-Nananana
Locid
X-Akamai-ERRuleID
Cneonction
X-Compress-Hint
X-Fastly-Cache-Hits
X-Akamai-ERPolicy
CDCHOST
Kp-EeAlive
IsBot
FNAC-ModuleRouting
Tracecode
X-Proxy-Cachei7
X-Var-Ttl
X-Dw-Trace-Id
X-Varnish-Authentication
X-Varnish-URL
X-Contensis-Viewer-Groups
X-MiniProfiler-Ids
X-Fetched-On
X-Thinkindot-L3
X-Trace-Id
X-Device-Os
X-Cdn-Origin
X-Cache-Info
X-Akamai-Request-ID
Web-Mar-Node
Vix-Hermes-Req-Id
V-Age
X-Azure-Ref-OriginShield
X-BBXSRF
Vha6-Origin
X-Cache-ASPX
X-Block-Status
Mime-Version