Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
CF-RAY
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-UA-Compatible
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
X-Xss-Protection
Alt-Svc
X-Served-By
CF-Ray
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
P3p
X-Iinfo
X-Content-Security-Policy
X-AspNetMvc-Version
Status
Content-Encoding
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Backend
X-Cache-Group
X-Server
X-Hacker
X-Amz-Request-Id
X-Dns-Prefetch-Control
X-Robots-Tag
X-Amz-Id-2
X-UA-Device
X-Template
X-AH-Environment
EagleId
Request-Context
X-Proxy-Cache
X-Language
X-Turbo-Charged-By
X-Server-Powered-By
X-Nginx-Cache-Status
Server-Timing
Grace
Host-Header
Report-To
X-Rq
X-Page-Speed
Xkey
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
X-Ua-Compatible
Ali-Swift-Global-Savetime
Cf-Railgun
X-Buckets
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-Vhost
X-Host
X-WebKit-CSP
X-Backend-Server
X-Dispatcher
X-Server-Id
X-Device
NEL
X-Node
Surrogate-Control
Content-Location
Request-Id
X-Ruxit-JS-Agent
Accept-CH-Lifetime
X-Response-Time
X-Cache-Lookup
Accept-CH
EagleEye-TraceId
X-Akam-SW-Version
X-Origin-Cache
X-Ac
Allow
X-Readtime
Rating
X-Mod-Pagespeed
X-HW
X-Country
X-Cloud-Trace-Context
X-Application-Context
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
Pinterest-Generated-By
Edge-Control
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-TtlSet
X-Vname
X-PC
X-DataDome
X-Cnection
X-Country-Code
X-MS-InvokeApp
X-Varnish-TTL
X-GitHub-Request-Id
X-Content-Type
X-ASPNET-VERSION
X-D2id
X-CST
X-Origin-Upstream-Status
X-Clacks-Overhead
X-Trace
Response
X-Sol
X-Middleton-Response
X-Middleton-Display
Pagespeed
Display
X-Pinterest-Rid
Pinterest-Version
Fusion-Deployment-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
X-Server-Name
Fusion-Content-Id
Fusion-Component-Id
X-Url
MS-Author-Via
X-Navigation-Version
X-B3-TraceId
X-Vcap-Request-Id
X-Px
X-Abt-Application-Version
X-Rack-Cache
Service-Worker-Allowed
Verso
X-DynaTrace
X-ESI
X-Fastly-Request-ID
X-FastCGI-Cache
Cf-Bgj
X-Client-IP
Arr-Disable-Session-Affinity
X-Webkit-CSP
X-Cached
X-Element-Page-Cache
X-Cache-TTL
X-FTR-Request-ID
X-TTL
X-Dw-Request-Base-Id
X-SharePointHealthScore
X-Powered-By-Plesk
X-VARITI-CCR
SPRequestGuid
X-Goog-Hash
X-NF-Request-ID
X-Upstream
Fastly-Restarts
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Kinja-Server
X-Debug
AR-ATIME
AR-Request-ID
AR-PoweredBy
AR-CACHE
Ar-Sid
Content-MD5
X-Forwarded-Proto
X-MSEdge-Ref
X-Powered-CMS
X-Version
X-Pinterest-Direct
X-T
SPRequestDuration
SPIisLatency
Access-Control-Request-Method
X-Jurisdiction
X-Release
X-Amz-Rid
X-Edge
X-Content-Digest
S
X-XRDS-Location
X-Ttl
TP-Cache
TP-L2-Cache
RTSS
TCN
X-Litespeed-Cache
Cache-Tag
X-Ezoic-Cdn
Public-Key-Pins
Accept-Ch
X-Cache-Key
X-Node-Name
X-MCACHE
X-Mid
X-Yandex-Sdch-Disable
Front-End-Https
X-Request-Processing-Time
Server-Node
X-Request-Received
Fastcgi-Cache
X-Recruiting
X-Amzn-Trace-Id
X-Accel-Expires
X-Mg-S
X-Ser
X-NWS-LOG-UUID
X-Kinsta-Cache
X-Amz-Server-Side-Encryption
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-SRCache-Store-Status
X-PressLabs-Stats
X-SRCache-Fetch-Status
X-HP-Webp
X-Grace
X-Request-Handler-Origin-Region
X-Microsite
X-Origin-Server
X-Logged-In
ServerID
Accept-Charset
X-Varnish-Age
X-Cache-Hit
X-Page-Id
X-DIS-Request-ID
Host
Nginx-Cache
MicrosoftSharePointTeamServices
Edge-Cache-Tag
X-Shield-Request-Id
X-ECACHE
X-Ratelimit-Remaining
X-Content-Security-Policy-Report-Only
X-Server-ID
X-B
X-Hits
X-Mobile-URL
X-Hostname
X-F-Cache
Cache-Tags
Realpath
Powered-By-ChinaCache
X-Activity-Id
X-Az
X-AppVersion
X-LB-Cache
Alternate-Protocol
Cleartype
X-Content-Options
X-N
X-Git-Hash
X-Upgrade-Enabled
X-Cached-By
X-Type
DynaTrace
X-Forwarded-For
X-Respond-Thread
X-Ratelimit-Limit
X-Load-Cache
X-Varnish-Backend
X-Jobs
X-Rid
Paypal-Debug-Id
X-Cache-Age
X-App-Environment
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend
X-Kong-Upstream-Latency
X-Country-Code-Real
X-Kong-Proxy-Latency
X-FTR-Backend-Server
Accept-Ch-Lifetime
X-FTR-Realm
X-FTR-DC
X-Request-Guid
X-FTR-Expires
X-Amz-Meta-S3cmd-Attrs
Access-Control-Allow-Method
X-Seen-By
X-Proxy
Fastcgi-Useragent
X-FireWall-Port
X-Zen-Fury
Filterid
X-Correlation-ID
X-WebKit-CSP-Report-Only
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Generation
X-HS-Cache-Config
X-Akamai-Edgescape
X-Daa-Tunnel
X-HS-Hub-Id
X-HS-Content-Id
Nel
X-HS-Combine-CSS
X-FB-Debug
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Varnish-Grace
X-B3-Sampled
Charset
DC
X-IPLB-Instance
X-Host-Name
X-Signature
MS-CV
X-VCache
X-Mobile
X-B-Cache
X-Debug-Info
X-AOL-HN
X-Whom
X-Region
Healthy
X-App-Server
Filters
AMP-Access-Control-Allow-Source-Origin
X-Geo-Country
X-User-Agent
X-URL
X-Response-Served-From
X-Cache-Operation
X-Frontend
X-Cache-Rule
X-Accel-Buffering
X-Original-Request-Id
Viewport
Liferay-Portal
X-Id
Payment
X-Content-Powered-By
X-Tumblr-Pixel-2
X-Tumblr-User
X-Tumblr-Pixel
X-Rule
X-Tumblr-Pixel-0
X-Distributor
X-UUID
X-Instance
X-Tumblr-Pixel-1
X-HTML-Minification-Powered-By
X-Protected-By
X-Acc-Debug-Context
Refresh
X-FW-Server
X-FW-Type
X-FW-Hash
X-FW-Serve
X-FW-Static
X-Cache-Time
X-XRDS-LOCATION
X-FW-Dynamic
Surrogate-Key
X-Cacheable-TTL
Content-Disposition
X-Wix-Request-Id
S-Cnection
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Amz-Replication-Status
X-Cache-Expired-At
X-Is-Bot
X-Rendered-As
X-Via-JSL
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Hyper-Cache
X-Backend-Name
Datacenter
Section-Io-Cache
X-App-Version
Version
X-Sucuri-ID
X-Endurance-Cache-Level
X-Ah-Environment
X-Cache-Action
X-Oneagent-Js-Injection
PB-PID
Arc-Version
X-Cache-Server
PB-RID
X-Ua
GEO-INFO
X-Pinterest-Sli-Response-Type
X-Pinterest-Sli-Latency-Threshold
X-Pinterest-Sli-Endpoint-Name
Retry-After
Server-Name
Akamai-Age-Ms
NGB
X-Source
X-Varnish-Server
X-EdgeConnect-Cache-Status
X-Air-Hostname
Eomportal-Instance
Referer-Policy
Countrycode
X-Real-IP
CACHE
X-L-Path
X-Environment-Context
X-Framework
X-Sucuri-Cache
X-RemovedCookies
X-ProcessESI
X-Revision
Ms-Operation-Id
X-RTag
Frame-Options
X-Yottaa-Optimizations
X-Esi
X-Yottaa-Metrics
X-Unique-Id
X-Drupal-Cache-Contexts
X-Cache-Control
X-RN-RSRV
Meta-Geo
X-DynaTrace-JS-Agent
X-NewRelic-App-Data
X-ES-SERVER
X-Cache-Var
X-WA-Info
X-Cache-Var-Map
Webserver
X-Azure-Ref
X-Proxy-Cache-Status
X-Mode
Cache-Tv-Group
X-ProxyCache-Key
X-ProxyCache-Status
X-R9-Blue-Green-Version
DB-Nickname
X-Cache-TTL-Remaining
X-Xfnlog-Site
X-BYPASS-REASON
X-Qloud-Router
X-Server-W
TWC-GeoIP-LatLong
Webcakes-Region
Webcakes-App-Version
TWC-Privacy
TWC-Locale-Group
X-Redis-Cache
X-PCL
X-Origin-Hint
Mn-Server-Ip
X-VWS-Id
Property-Id
X-GeoIP
X-OCL
X-Drupal-Cache-Tags
Cross-Origin-Window-Policy
X-Status
X-AWS-Id
TWC-Connection-Speed
TWC-Device-Class
X-Hl-Ver
X-PHP-Host
X-Handled-By
X-From
X-Human
X-Labrador-Cache-Channel
X-LJ-Flow-ID
X-Time-Microsecs
X-Cache-Host
TWC-GeoIP-Country
Webcakes-App-Name
X-Proxied
X-FW-Version
X-Routing-Service
X-Section
X-Site-Version
X-ServerID
X-Format
Selected-Fe
X-NYM-Debug-Backend
X-No-Session
X-Amzn-Remapped-Content-Length
X-Access
X-Cluster
X-Timing-Wait
X-Proxy-Build
X-Hosted-By
X-Zipkin-Id
X-Via-Fastly
X-FB-TRIP-ID
X-Locale
X-Proto
X-PHP-Backend
X-Be
FSS-Cache
X-Ruxit-Js-Agent
X-TNCMS
X-Contextid
Ec-Rule-Version
X-Loop
X-Cache-PHP
X-CDN-Forward
X-Debug-Cache
X-Detected-As
X-Device-Type
Uber-Trace-Id
X-Generated-By
X-ATG-Version
X-Fastcgi-Cache
X-TIME
X-Ratelimit-Reset
X-BCube-Filmed-By
X-Correlation-Id
X-Adobe-Content
X-Adobe-Loc
X-AIR-PT
X-Aspnet-Duration-Ms
X-CSRF-Token
X-Is-Crawler
X-Route-Name
X-Varnish-Cache-Hits
X-Flags
X-TT
X-Providence-Cookie
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-NC
Azure-SiteName
Azure-Version
Azure-RegionName
X-Tt-Trace-Host
X-Tt-Trace-Tag
Azure-InstanceId
Azure-SlotName
Cache
Upgrade-Insecure-Requests
From-Origin
Powered
Access-Control-Request-Headers
X-NCache
X-COUNTRY
X-SaId
X-Time
X-Origin
CF-Cached-On
X-JoinUs
OT-Force-Account-Verify
X-Akamai-Transformed
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Cache-2
X-GoCache-CacheStatus
X-UPSTREAM-Address
X-CCM
X-FTR-Cache-Host
X-Adobe-Source
X-Alternate-Cache-Key
X-Varnishpool
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Backend-Host
X-Backend-TTL
X-ShopId
X-ShardId
X-LAGOON
X-ApacheServer
X-LLID
Country
SD-X-WS
X-Pubstack
X-PERF
X-ECache
X-Soup
X-Forwarded-Host
Decoy-Debug-Key
X-NWS-UUID-VERIFY
Decoy-Debug-TTL
Decoy-Debug-Status
Cache-Status
X-TA-CDN-Provider
X-Cluster-Name
X-Say-TTL
X-SayCDN-TTL
X-Storage
X-Web-Node
X-Say-Cacheable
Node
Fastly-SSL
X-G
X-Page-View
X-IP
X-APP-VERSION
X-Cache-Grace
X-Cache-Enabled
X-TX-ID
X-IPS-LoggedIn
X-Viewer-Country
X-Cdn
X-Tumblr-Pixel-3
X-Aed
X-External-Request-Id
Mobile-Detection-Method
X-A
Rendered-Blocks
X-Rojux
X-A-Dcw
X-A-Dgt
X-A-Wwc
Meta-Geo-Continent
X-Rewrite-Enabled
X-Request-UUID
X-A-Dam
X-A-Ccd
Apple-News-Services-Request-Url
Apple-News-Services-Handled
X-ARC
X-B-Cookie
X-Destination
X-Processor
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Application
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-D
Host-ID
Machine
Fastcgi-X-Cache-Version
DCR-Processing-Time-Ms
X-RCS-CacheZone
DCR-Decision-By
MD5-Digest
X-S
X-S-Cookie
X-Worker
X-Vtex-Remote-Cache
SRV
X-VG-WebCache
X-Cache-Spec
X-Vtex-Processado-Em
X-VG-WebServer
X-Vdms-Version
X-CF-Lambda-Version
X-Trv-Group
X-ScT
X-Bc-Bl
X-Cache-NE
X-Connection-Hash
X-CF-Lambda-Fn
X-Vdms-Path
Xc-Version
X-EC-Lua
X-Microcachable
X-VG-TLSProxy
X-Clara-WADP
X-Ms-Version
X-Ms-Request-Id
CDN-PullZone
X-Fmm-Version
X-Cms-Context
X-Generation-Time
X-Fastly-Cache
X-Session-Fingerprint
X-CUA
X-Core-Value
Gh-Request-Id
X-WADP-Cache
CDN-EdgeStorageId
CDN-CachedAt
CDN-RequestCountryCode
CDN-RequestId
CloudFront-Viewer-Country
CDN-Uid
CDN-Cache
X-Micro-Cache
X-Cache-Bucket
X-Cache-Debug
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Envoy-Decorator-Operation
X-Auto-Login
X-UA
X-ID
X-Cache-Config
Backend
X-HN
X-Webstats-RespID
Fastly-SWR
X-Request-Host
X-Dispatcher-Server
CacheControlHeader
X-Wikidot-Static-Cache
X-Developers
Akamai-GRN
X-Method
X-Gzip
X-Location
X-Hash
AKAMAI
Adler-Geo
X-Geo-Header
X-Owner
Is-Eu
X-Irp-Debug
Fastly-SIE
L
Platform
X-Varnish-Cacheable
X-EIG-Tracking-Id
X-Servername
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Core-Mission
X-Level-Front-Cache
X-Variation
X-Render-Time
PFcat
NM-Fastcgi-Cache
X-Varnish-Remaining-TTL
Wxu-Next-Hostname
X-OVcl
X-Transaction
X-VarnishDD-TTL
X-DefElseHash
X-Thanos
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Cache-Id
X-OVcl-Cache
Wxu-Next-Region
X-Cache-Backend
X-Cache-NGX
X-Twitter-Response-Tags
X-Platform
X-Gamma-Serve
Wxu-Next-Commit
Origin
X-Bip
X-Esi-Check
Fastly-Drupal-HTML
X-DPWN-IS-SECURE
X-HS-Content-Campaign-Id
X-Branch-Name
X-Varnish-Ttl
X-SN
X-Platform-Server
X-Policy
X-Old-Content-Length
X-Generated-On
X-DefHash
X-Wikidot-Backend
X-Hp-Webp
X-Via-CDN
X-CS
HA-Ipaddr
X-Cache-Date
Ha-Gx-Prefs
X-GEO
X-Request-Start
Rt-Fastcgi-Cache
L5d-Success-Class
X-Skip-Cache
X-Slack-Backend
X-Backend-State
X-LI-UUID
Pagetype
X-Minions-Version
X-B3-Spanid
X-CGP
X-Mvc-Supplant-Cachable
X-Clientip
X-Eu-Site
X-Li-Pop
Fastly-Backend-Name
X-Has-Esi
X-Reqid
X-Csrf-Jwt
X-Is-Gdpr
C-Via
X-Li-Fabric
X-JWT-State
X-Fastly-Backend
X-Content-Age
X-PF-Uncompressing
FSS-Proxy
UCS
X-Refresh
X-Amz-Meta-Cb-Modifiedtime
Country-Code
X-Cache-Tags
X-B3-Traceid
X-RateLimit-Remaining
X-DC
X-Wa
X-Date
X-Accel-Expires-Debug
X-Aicache-OS
Surrogated-Key
X-NODE
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Variations-Key
X-NGENIX-Cache
X-LB-ID
X-Up
X-Via-Poph
X-Via-Popn
X-Req
X-Edge-Location
X-Sql-Count
X-Cache-Remote
X-Sql-Duration-Ms
X-Presslabs-Stats
X-Mvc-Supplant-OutputCached
We-Hiring
Time
X-Ftr-Cache-Host
Group
Ufe-Result
X-Cdn-Srv
X-Cache-URL
Mail-Subject
Memcached
X-Dc
X-Nginx-Cache
HostName
Hostname
X-Debug-Cache-Fetch
X-Proxy-Upstream
NGX
Now
X-Debug-Cache-Store
X-Www-Served-By
X-SRV
X-NU-AKA-ACS-Version
XServer
X-Ua-Device
X-Servedbyhost
X-LI-Proto
X-ZONE
X-FORWARDED-FOR
X-BC
Cache-Hits
X-S-Maxage
X-CACHE-AGE
X-Check-Cacheable
X-Via-SSL
X-Via-Edge
X-FPC
Edge-Copy-Time
X-Agile
X-Agile-Age
X-Agile-Id
X-Varnish-Hostname
X-Request-Time
ServedBy
On-Server
X-Svr
Protected
GeoIp-Country-Code
X-Cdn-Forward
M-TraceId
Geoip-Latitude
X-LiteSpeed-Cache-Control
Xserver
X-CSRF-TOKEN
X-Webkit-Csp
X-VCL-Version
T-Server
X-Pass-Why
X-Erf-Bev-Bev-Is-Generated
SID
X-Erf-Bev-Bev
X-UnsetCookies
NtCoent-Length
Arc-Country
X-Cs
X-HS-Status
X-Via-Popv
X-Datadome
X-MP-GENERATED-AT
X-Cluster-Node
X-CF-Powered-By
X-APP
X-Zone
X-Bc
X-NGINX-Cache
Cdn-Request-Time
Cdn-Host
X-Srv
N-Cache
Pics-Label
X-Edge-Server
X-Erf-Stays-Bingo-Pdp-Web
VivaBuild
Viewtype
X-Acc-Rdl
Server-Host
X-Varnish-Hits
Ohc-File-Size
X-Uri
Magicmarker
Memory
X-RunCloud-Cache
ProcessTime
X-Via-Ucdn
X-We-Are-Hiring
Apigw-Requestid
X-Action
X-SB
X-VC
WZWS-RAY
Srv
X-Dynatrace-Js-Agent
User-Agent
X-DI
Sid
X-DB
X-RPM
X-MSEdge-Features
X-RSL
X-DSS
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-DW
WWW-Authenticate
Section-Io-Origin-Status
Section-Origin-Responded
X-RPS
X-MSEdge-Flight
X-Info
Processtime
WebServer
W
X-Oss-Cdn-Auth
Ohc-Cache-HIT
LB
X-TT-LOGID
X-Vgn-Hpd-Ssi
X-Unique-ID
Odigeo-Trace-Id
Geo-Info
X-Newrelic-App-Data
X-Geo
X-SERVER-NAME
Cteonnt-Length
X-HOST
Server-Info
X-Vcl-Version
User-Cache-Control
CF-IPCountry
X-UA-Device-Type
Tracecode
Cache-Name
X-Tb
DSUID
X-HITS
X-Hit
X-Pjax-Url
Ssr
Amp-Access-Control-Allow-Source-Origin
X-Cache-Hm
X-Cache-Hfrom
X-Origin-Date
S-Rt
CDN
X-Webkit-CSP-Report-Only
CountryCode
A
X-Akamai-Request-ID2
X-Fastly-Country-Code
GeoIP-Latitude
GeoIP-Country-Code
X-CACHE-KEY
Web-Mar-Node
X-BBC-Edge-Cache-Status
X-BBXSRF
X-Cache-Expires
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hnp-Log
X-Magnolia-Registration
X-Developer
Vix-Hermes-Req-Id
X-Cache-Info
X-Block-Status
X-Epic-Correlation-Id
Instruction
Lfy
X-Cc-Req-Id
X-Cc-Via
CDCHOST
X-Scheme
D-Cc-Upstream
MIME-Version
X-Envoy-Upstream-Healthchecked-Cluster
True-Client-Country-4JS
Cdn
SR-User-Adfree
Path
Server-ID
V-Age
X-Gen-Mode
X-Request-URI
Lb
X-Newrelic-Synthetics
X-Response-By
X-SRCache-Key
X-VServer
X-Varnish-Url
X-Nc
X-Origin-TTL
X-Server-IP
X-Origin-CC
X-Node-Id
X-Provided-By
X-SVT-ORM-VERSION
Server-Ext
Server-Hostname
Sever-Int
X-SVT-ORM-RULES
Cache-Host
X-Loc
Release
X-Fpc
X-Swa-Ws
X-User
X-Varnish-Authentication
X-Nginx-Cache-Key
Accept-Language
X-Traceid
X-Trace-Id
X-Thinkindot-L3
Locid
IsBot
X-FC-Vary-Parameters
Thinkindot-CacheControl
X-Generated-In
X-Cache-ASPX
Thinkindot-CacheControl-Type
X-Nyt-Route
X-Origin-Time
X-Origin-Expires
X-Gdpr
X-Via-NSCOPI
X-Contensis-Viewer-Groups
X-NodeID
X-GeoIP-City
X-SD-PageType
X-SIPLIST1
Thinkindot-Control
X-API-Version
X-Matched-Rule
X-ORACLE-APMCS-REQUEST-ID
Actual-Object-TTL
FNAC-ModuleRouting
X-Sn-Servicetimems
X-Device-Os
X-Fetched-On
X-Cdn-Origin
Pramga
X-Azure-Ref-OriginShield
X-Var-Ttl
X-Men
Esi-Enabled
X-StackifyID
X-Amzn-Remapped-Connection
X-Instart-Request-ID
X-ServedByHost
X-Amzn-Remapped-Date
X-Li-Proto
X-Cache-Tag
X-Vcache
X-Dynatrace
Server-Ttl
X-Rocket-Build-Number
X-Akamai-Pragma-Client-IP
X-Sigma-Backend
Cache-Key
X-Key
X-Lb-Id
X-Sigma
X-TH-Server
X-Served-From
Kp-EeAlive
Source
X-B3-SpanId
Tcn
X-Mobile-Rewrite
X-Via-PopV
Cf-Device-Type
Req-Svc-Chain
X-Via-PopN
X-Via-PopH
X-Parent-Response-Time
Cache-Provider
X-No-Cache
X-RateLimit-Limit
X-Origin-Response-Time
X-RateLimit-Remaining-Second
Content-Style-Type
X-MiniProfiler-Ids
X-RateLimit-Limit-Second
X-BBC-Origin-Response-Status
Expiry
X-Tt-Logid
X-Agile-Brick-Ok
Proxy-Firewall
Content-Script-Type
X-Batcache
Origin-Edge-Control
Origin-Cache-Control
X-Yottaa-OS
X-Dispatch
X-Geo-Region
X-WA
X-Instart-Info
X-VC-Cache
X-ServiceProvider
X-ElasticPress-Query
X-RAMCache
X-B3-Parentspanid
Inserted-Into-Cache-At
Powered-By
X-Apw-Access-Token
X-HostName
X-Apw-Hits
X-Apw-Access-Object
X-Apw-Access-Action
HitType
Who
X-PJAX-URL
Cf-Alt-Svc
NnCoection
X-Request-URL
X-Varnish-Beresp-TTL
Location
X-Selected-Scheme
X-Selected-Name
X-Selected-Host-Header
EpKe-Alive
Url
Vha6-Origin
X-Miniprofiler-Ids
X-TraceId
Mime-Version
Xet-Cookie
Pragrma
PICS-Label
X-Vgn-Hpd-Reason
Resin-Trace
Fastcgi-Cache-TTL
Dnion-Transfer-Encoding
X-Dw-Trace-Id
X-Snapshot-Date
X-LiteSpeed-Tag
X-C
X-Pf-Uncompressing