Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
CF-RAY
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
X-Xss-Protection
Alt-Svc
X-Served-By
CF-Ray
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
P3p
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
X-CDN
Upgrade
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Template
X-Language
X-Backend
X-Cache-Group
X-Hacker
X-Amz-Request-Id
X-Server
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
X-UA-Device
EagleId
X-Dns-Prefetch-Control
X-Proxy-Cache
Request-Context
X-Turbo-Charged-By
X-Server-Powered-By
X-Nginx-Cache-Status
Server-Timing
Grace
Host-Header
Report-To
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Buckets
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-Vhost
X-Host
X-WebKit-CSP
X-Backend-Server
X-Dispatcher
X-Device
X-Server-Id
NEL
X-Node
Surrogate-Control
X-Ruxit-JS-Agent
Accept-CH-Lifetime
Content-Location
Request-Id
X-Response-Time
X-Cache-Lookup
X-Akam-SW-Version
X-Origin-Cache
EagleEye-TraceId
Accept-CH
X-Ac
Cf-Bgj
X-ASPNET-VERSION
X-Readtime
Rating
X-HW
X-Mod-Pagespeed
Allow
X-Country
X-Cloud-Trace-Context
X-Application-Context
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
Edge-Control
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country-Code
X-PC
X-TtlSet
X-DataDome
X-Vname
X-Cnection
X-Varnish-TTL
X-MS-InvokeApp
X-Origin-Upstream-Status
X-Content-Type
X-GitHub-Request-Id
X-Url
Fusion-Component-Id
X-Clacks-Overhead
Fusion-Content-Id
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Source
Fusion-Template-Id
X-Trace
X-D2id
X-Middleton-Display
X-Middleton-Response
Response
Pagespeed
X-Sol
Display
X-Abt-Application-Version
X-Server-Name
Pinterest-Version
X-Vcap-Request-Id
X-Pinterest-Rid
X-B3-TraceId
X-Px
X-Webkit-CSP
X-CST
X-Rack-Cache
MS-Author-Via
Verso
X-Navigation-Version
Service-Worker-Allowed
X-FTR-Request-ID
X-DynaTrace
X-Cached
X-FastCGI-Cache
X-Fastly-Request-ID
X-Client-IP
X-Element-Page-Cache
X-ESI
Arr-Disable-Session-Affinity
X-Cache-TTL
X-TTL
X-Dw-Request-Base-Id
X-Powered-By-Plesk
X-SharePointHealthScore
SPRequestGuid
X-Upstream
Fastly-Restarts
X-Goog-Hash
X-VARITI-CCR
X-Kinja-Build
X-Kinja
X-Exp-Id
X-Exp-Variant
X-Kinja-Revision
X-Cdn-Fetch
X-Kinja-Server
Content-MD5
AR-PoweredBy
AR-CACHE
X-Use-Magma
X-GoogleNews-Bot
AR-ATIME
AR-Request-ID
Ar-Sid
X-NF-Request-ID
X-Debug
X-Version
X-Forwarded-Proto
X-MSEdge-Ref
X-Powered-CMS
X-T
Access-Control-Request-Method
X-XRDS-Location
X-Jurisdiction
SPIisLatency
SPRequestDuration
X-Release
X-Amz-Rid
X-Pinterest-Direct
S
X-Content-Digest
X-Edge
TP-L2-Cache
TP-Cache
TCN
Accept-Ch
RTSS
Cache-Tag
X-Ttl
Public-Key-Pins
X-Ezoic-Cdn
X-Node-Name
X-Cache-Key
X-Yandex-Sdch-Disable
Fastcgi-Cache
X-Mid
X-MCACHE
Server-Node
X-Request-Processing-Time
X-Request-Received
Front-End-Https
X-NWS-LOG-UUID
X-Amzn-Trace-Id
X-Accel-Expires
X-PressLabs-Stats
X-Ser
X-Recruiting
X-Kinsta-Cache
X-Mg-S
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Microsite
X-Request-Handler-Origin-Region
X-Grace
X-Amz-Server-Side-Encryption
ServerID
X-Logged-In
X-Origin-Server
X-Ratelimit-Remaining
Accept-Charset
X-Cache-Hit
X-Page-Id
X-Litespeed-Cache
X-HP-Webp
X-Varnish-Age
Host
X-Content-Security-Policy-Report-Only
X-ECACHE
X-DIS-Request-ID
X-B
Edge-Cache-Tag
Nginx-Cache
X-Shield-Request-Id
MicrosoftSharePointTeamServices
X-Mobile-URL
X-Hostname
X-Hits
Alternate-Protocol
X-Server-ID
X-F-Cache
X-Ratelimit-Limit
X-LB-Cache
X-Content-Options
X-Git-Hash
Realpath
Cache-Tags
X-Activity-Id
X-AppVersion
X-Az
X-N
X-FTR-Realm
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-DC
X-FTR-Expires
X-Load-Cache
X-Type
X-Seen-By
X-Request-Guid
X-App-Environment
X-Cache-Age
X-Jobs
DynaTrace
Paypal-Debug-Id
X-Rid
Cleartype
Powered-By-ChinaCache
X-Varnish-Backend
X-Cached-By
Fastcgi-Useragent
X-Forwarded-For
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-FireWall-Port
X-Upgrade-Enabled
Filterid
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-WebKit-CSP-Report-Only
Access-Control-Allow-Method
X-Correlation-ID
X-Amz-Meta-S3cmd-Attrs
X-Zen-Fury
X-Proxy
X-Respond-Thread
X-Varnish-Grace
X-Akamai-Edgescape
X-FB-Debug
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Daa-Tunnel
X-HS-Hub-Id
Nel
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-App-Server
X-B3-Sampled
X-IPLB-Instance
X-Signature
X-B-Cache
DC
X-Cache-Operation
X-Host-Name
X-AOL-HN
X-Debug-Info
X-Id
X-Cache-Rule
X-User-Agent
X-Geo-Country
X-Whom
X-Region
Healthy
MS-CV
Charset
X-Accel-Buffering
X-Original-Request-Id
X-Response-Served-From
AMP-Access-Control-Allow-Source-Origin
X-Frontend
Payment
X-Mobile
X-VCache
X-Content-Powered-By
Content-Disposition
X-Instance
Filters
X-HTML-Minification-Powered-By
X-FW-Dynamic
X-FW-Type
X-Rule
X-FW-Server
X-Cache-Time
X-FW-Hash
X-FW-Static
X-FW-Serve
X-Cacheable-TTL
X-Distributor
X-Wix-Request-Id
X-UUID
X-Tumblr-Pixel-0
Liferay-Portal
Surrogate-Key
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-2
Accept-Ch-Lifetime
X-Acc-Debug-Context
X-Rendered-As
X-Protected-By
X-Is-Bot
Refresh
Viewport
X-Amz-Apigw-Id
X-Via-JSL
X-Amzn-RequestId
S-Cnection
X-Ua
Datacenter
Akamai-Age-Ms
X-Endurance-Cache-Level
X-Backend-Name
X-App-Version
X-Hyper-Cache
X-Cache-Expired-At
GEO-INFO
X-Amz-Replication-Status
PB-RID
PB-PID
X-Esi
X-XRDS-LOCATION
Arc-Version
Section-Io-Cache
NGB
X-URL
X-Cache-Action
X-Ah-Environment
X-Cache-Server
Countrycode
Version
X-Tec-Api-Root
X-Tec-Api-Version
X-Oneagent-Js-Injection
X-Tec-Api-Origin
X-Varnish-Server
Retry-After
X-Unique-Id
X-Source
X-Sucuri-ID
X-EdgeConnect-Cache-Status
Referer-Policy
X-Air-Hostname
Eomportal-Instance
Server-Name
X-L-Path
X-Environment-Context
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Revision
Frame-Options
X-Real-IP
X-WA-Info
X-Framework
X-Proxy-Cache-Status
X-Cache-Control
CACHE
Ms-Operation-Id
X-Azure-Ref
X-RTag
X-NewRelic-App-Data
X-Cache-Var
X-Drupal-Cache-Contexts
Meta-Geo
X-Cache-Var-Map
X-GeoIP
X-ProcessESI
X-RemovedCookies
X-RN-RSRV
X-PHP-Backend
X-ES-SERVER
X-From
X-Mode
X-Time-Microsecs
X-Cache-Host
DB-Nickname
Cache-Tv-Group
X-ProxyCache-Status
X-ProxyCache-Key
X-Qloud-Router
X-R9-Blue-Green-Version
X-Xfnlog-Site
X-Cache-TTL-Remaining
X-BYPASS-REASON
X-CDN-Forward
X-DynaTrace-JS-Agent
X-Cluster
X-AWS-Id
X-Amzn-Remapped-Content-Length
Webcakes-Region
X-FW-Version
X-Handled-By
X-Labrador-Cache-Channel
X-Human
X-Sucuri-Cache
Webcakes-App-Version
X-LJ-Flow-ID
Webcakes-App-Name
Property-Id
Mn-Server-Ip
Ec-Rule-Version
Cross-Origin-Window-Policy
TWC-Connection-Speed
TWC-Device-Class
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Loop
X-Hosted-By
X-Server-W
X-VWS-Id
X-TNCMS
X-PHP-Host
X-PCL
X-OCL
X-Status
X-Origin-Hint
X-NYM-Debug-Backend
X-ServerID
X-Drupal-Cache-Tags
X-Access
Selected-Fe
X-Timing-Wait
X-Section
X-Detected-As
X-FB-TRIP-ID
X-Proto
X-Proxy-Build
X-Format
X-Be
X-Routing-Service
X-Hl-Ver
X-Redis-Cache
X-Proxied
X-Zipkin-Id
Uber-Trace-Id
X-Contextid
X-No-Session
X-Device-Type
X-Site-Version
X-Cache-PHP
X-Locale
X-Debug-Cache
X-Via-Fastly
X-BCube-Filmed-By
X-Ratelimit-Reset
FSS-Cache
Powered
X-Generated-By
X-ATG-Version
X-Correlation-Id
X-NC
X-Time
Webserver
From-Origin
X-Adobe-Content
X-Adobe-Loc
X-CSRF-Token
X-Varnish-Cache-Hits
X-AIR-PT
X-Pinterest-Sli-Response-Type
X-Pinterest-Sli-Endpoint-Name
X-Pinterest-Sli-Latency-Threshold
X-FTR-Cache-Host
X-Fastcgi-Cache
X-JoinUs
X-SaId
Azure-InstanceId
VIX-Pulpo-Upstream-Status
X-NCache
Cache
CF-Cached-On
Azure-RegionName
VIX-Pulpo-Node
Azure-SiteName
X-TIME
Azure-SlotName
Azure-Version
X-TT
X-Flags
X-Aspnet-Duration-Ms
OT-Force-Account-Verify
X-Providence-Cookie
X-Route-Name
X-Tt-Trace-Host
X-Is-Crawler
X-Origin
X-Tt-Trace-Tag
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
Upgrade-Insecure-Requests
X-GoCache-CacheStatus
Access-Control-Request-Headers
X-COUNTRY
X-Hp-Webp
X-Cache-2
X-Adobe-Source
X-CCM
X-Akamai-Transformed
X-NWS-UUID-VERIFY
SD-X-WS
X-Backend-Host
X-IP
X-Backend-TTL
X-ShardId
X-Shopify-Stage
X-ShopId
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
X-LAGOON
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-IPS-LoggedIn
X-Cache-Enabled
X-Soup
X-Say-TTL
X-ApacheServer
X-Say-Cacheable
Decoy-Debug-Key
X-SayCDN-TTL
X-Storage
X-Pubstack
X-Web-Node
X-Forwarded-Host
X-UPSTREAM-Address
Cache-Status
X-Cache-Grace
X-PERF
X-TA-CDN-Provider
X-EC-Lua
Decoy-Debug-TTL
X-Cluster-Name
Fastly-SSL
Decoy-Debug-Status
X-APP-VERSION
X-ECache
Node
X-Varnishpool
X-Tumblr-Pixel-3
X-Bc-Bl
X-Ruxit-Js-Agent
X-TX-ID
X-Viewer-Country
X-G
Country
X-A
X-A-Dgt
X-D
X-Destination
X-Connection-Hash
Rendered-Blocks
X-Aed
X-CF-Lambda-Version
X-ARC
X-A-Dam
X-B-Cookie
X-Application
X-Cache-NE
X-A-Dcw
X-CF-Lambda-Fn
X-External-Request-Id
X-A-Ccd
X-Vdms-Version
Xc-Version
Apple-News-Services-Handled
Apple-News-Services-Host
X-RCS-CacheZone
X-PBS-Appsvrname
X-Trv-Group
DCR-Processing-Time-Ms
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Rojux
X-PAYTM-SRV-ID
X-Rewrite-Enabled
Fastcgi-X-Cache-Version
X-S
X-ScT
X-S-Cookie
Host-ID
DCR-Decision-By
X-VG-WebServer
X-VG-WebCache
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Worker
X-Processor
X-Request-UUID
X-A-Wwc
Machine
X-EIG-Tracking-Id
MD5-Digest
Meta-Geo-Continent
X-Vdms-Path
Mobile-Detection-Method
X-Cdn
X-Cache-Config
CDN-Uid
CDN-RequestId
CDN-PullZone
CDN-CachedAt
CDN-EdgeStorageId
Fastly-SIE
Is-Eu
Platform
Gh-Request-Id
Fastly-SWR
Adler-Geo
CDN-Cache
X-Fastly-Cache
X-Varnish-Beresp-Grace
X-VG-TLSProxy
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-DPWN-IS-SECURE
X-Envoy-Decorator-Operation
X-Servername
X-Twitter-Response-Tags
CDN-RequestCountryCode
X-Cache-Backend
X-WADP-Cache
X-Transaction
X-Fmm-Version
X-Generation-Time
X-Page-View
X-Platform-Server
X-Varnish-CookieINHashed-On
X-Clara-WADP
X-Rebelmouse-Surrogate-Control
X-Cache-Bucket
X-Auto-Login
X-Varnish-CookieHashed-On
X-Cms-Context
X-Rebelmouse-Cache-Control
X-Variation
X-Varnish-Remaining-TTL
X-DefElseHash
X-DefHash
X-CUA
Backend
X-Old-Content-Length
L
X-Ms-Version
X-Micro-Cache
X-Ms-Request-Id
X-OVcl-Cache
X-Request-Start
CloudFront-Viewer-Country
X-Policy
X-Request-Host
X-Render-Time
Country-Code
X-Platform
Fastly-Backend-Name
Fastly-Drupal-HTML
X-SN
X-Slack-Backend
X-Varnish-Cacheable
X-OVcl
X-Is-Gdpr
X-Developers
Rt-Fastcgi-Cache
X-Dispatcher-Server
X-Esi-Check
X-Fastly-Backend
Wxu-Next-Commit
Wxu-Next-Hostname
X-Cache-Id
X-Backend-State
X-Cache-NGX
X-Clientip
X-Core-Mission
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Li-Fabric
X-JWT-State
Origin
NM-Fastcgi-Cache
X-Li-Pop
X-Amz-Meta-Cb-Modifiedtime
X-Irp-Debug
X-Webstats-RespID
X-Gzip
X-Has-Esi
X-Hash
X-HS-Content-Campaign-Id
X-LI-UUID
Wxu-Next-Region
X-CS
Akamai-GRN
CacheControlHeader
C-Via
X-DC
X-LLID
X-UA
L5d-Success-Class
X-Bip
X-Eu-Site
X-Reqid
X-Mvc-Supplant-Cachable
X-Generated-On
X-Content-Age
X-Varnish-Ttl
X-Branch-Name
X-Core-Value
X-Level-Front-Cache
X-Cache-Tags
X-Minions-Version
X-Microcachable
X-Thanos
X-Method
X-Csrf-Jwt
X-Skip-Cache
X-Owner
X-Session-Fingerprint
AKAMAI
HA-Ipaddr
SRV
X-CGP
Ha-Gx-Prefs
X-Cache-Debug
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
Surrogated-Key
UCS
X-GEO
X-Date
X-Accel-Expires-Debug
X-Wa
X-Geo-Header
X-Location
X-Gamma-Serve
X-Cache-Date
PFcat
X-VarnishDD-TTL
X-HN
X-NGENIX-Cache
X-Refresh
X-LB-ID
FSS-Proxy
X-Via-CDN
X-Up
X-B3-Spanid
X-Req
X-Edge-Location
Pagetype
Time
Hostname
X-Cdn-Srv
X-Cache-URL
Ufe-Result
X-Via-Poph
Now
We-Hiring
X-Via-Popn
Group
Mail-Subject
Memcached
X-NODE
X-FORWARDED-FOR
X-PF-Uncompressing
X-Proxy-Upstream
X-Aicache-OS
X-Mvc-Supplant-OutputCached
X-ID
X-B3-Traceid
X-LI-Proto
X-Servedbyhost
NGX
X-RateLimit-Remaining
X-Nginx-Cache
X-Presslabs-Stats
X-Ftr-Cache-Host
X-Sql-Count
X-Sql-Duration-Ms
X-ZONE
X-BC
X-Agile-Age
X-Agile-Id
X-Debug-Cache-Store
X-Agile
X-Cache-Remote
X-SRV
X-Debug-Cache-Fetch
X-Datadome
X-Cache-Spec
X-NU-AKA-ACS-Version
X-Ua-Device
X-CACHE-AGE
X-Dc
HostName
X-Check-Cacheable
X-FPC
M-TraceId
X-Request-Time
X-Varnish-Hostname
Xserver
X-SERVER
X-Www-Served-By
X-Via-SSL
X-Via-Edge
Edge-Copy-Time
X-LiteSpeed-Cache-Control
X-VCL-Version
WebServer
XServer
Cache-Hits
SID
X-S-Maxage
On-Server
X-Svr
X-CSRF-TOKEN
X-Erf-Stays-Bingo-Pdp-Web
X-SERVER-NAME
ServedBy
Arc-Country
X-Cluster-Node
GeoIp-Country-Code
VivaBuild
X-MP-GENERATED-AT
X-Edge-Server
X-CF-Powered-By
X-APP
NtCoent-Length
X-Zone
Viewtype
Cdn-Request-Time
Cdn-Host
X-Bc
Geoip-Latitude
X-Via-Popv
X-UnsetCookies
Protected
X-Cs
ProcessTime
X-Action
X-HS-Status
X-Dynatrace-Js-Agent
X-Via-Ucdn
T-Server
X-RunCloud-Cache
X-Cdn-Forward
X-NGINX-Cache
X-Pass-Why
Srv
WWW-Authenticate
X-RPM
X-RSL
X-RPS
X-DI
X-DW
Apigw-Requestid
X-Srv
X-DSS
X-Oss-Cdn-Auth
Memory
X-DB
Ohc-File-Size
X-We-Are-Hiring
Pics-Label
X-Erf-Bev-Bev
X-Vgn-Hpd-Ssi
X-Acc-Rdl
X-Erf-Bev-Bev-Is-Generated
Server-Info
User-Agent
X-VC
Processtime
X-MSEdge-Features
X-SB
Server-Host
X-MSEdge-Flight
N-Cache
W
X-Instart-Request-ID
CF-IPCountry
X-Uri
X-Geo
LB
Amp-Access-Control-Allow-Source-Origin
X-Varnish-Hits
X-Info
Sid
GeoIP-Country-Code
GeoIP-Latitude
WZWS-RAY
X-Tb
Magicmarker
X-HOST
X-Newrelic-App-Data
X-Hit
X-Vcache
CDN
Cteonnt-Length
X-Akamai-Request-ID2
S-Rt
X-TT-LOGID
Ohc-Cache-HIT
Odigeo-Trace-Id
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-Newrelic-Synthetics
DSUID
Section-Io-Origin-Status
Actual-Object-TTL
Section-Origin-Responded
X-ORACLE-APMCS-REQUEST-ID
X-HITS
User-Cache-Control
X-Cache-Hfrom
X-UA-Device-Type
Geo-Info
X-Envoy-Upstream-Healthchecked-Cluster
X-Cache-Hm
X-Epic-Correlation-Id
Tracecode
X-Pjax-Url
X-Unique-ID
X-Vcl-Version
Cache-Name
X-Webkit-CSP-Report-Only
A
Ssr
X-FC-Vary-Parameters
X-Fastly-Country-Code
X-Origin-Date
Accept-Language
X-CACHE-KEY
Esi-Enabled
Cdn
Lb
X-Magnolia-Registration
X-Fpc
Lfy
X-Provided-By
CountryCode
X-Mobile-Rewrite
X-Contensis-Viewer-Groups
MIME-Version
SR-User-Adfree
X-Block-Status
Sever-Int
X-Gdpr
X-Nginx-Cache-Key
X-GeoIP-City
Server-Ext
X-Response-By
X-Node-Id
Release
X-Gen-Mode
X-BBXSRF
Path
X-API-Version
X-Nyt-Route
True-Client-Country-4JS
Vix-Hermes-Req-Id
X-Origin-TTL
CDCHOST
V-Age
X-Origin-CC
X-Cache-Expires
Web-Mar-Node
X-BBC-Edge-Cache-Status
FNAC-ModuleRouting
X-Developer
IsBot
Instruction
X-Cache-ASPX
X-Loc
Server-Hostname
X-Origin-Expires
X-Origin-Time
Locid
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hnp-Log
D-Cc-Upstream
X-Cc-Via
Server-ID
X-Cache-Info
X-Cc-Req-Id
X-Request-URI
X-User
X-SVT-ORM-VERSION
X-Amzn-Remapped-Date
X-SVT-ORM-RULES
X-SRCache-Key
X-Via-NSCOPI
X-Traceid
X-Key
X-Nc
X-VServer
X-Varnish-Url
X-Varnish-Authentication
X-SIPLIST1
X-Amzn-Remapped-Connection
X-SD-PageType
X-Server-IP
Pramga
X-Swa-Ws
Kp-EeAlive
X-StackifyID
X-ServedByHost
X-Thinkindot-L3
Thinkindot-CacheControl-Type
X-Generated-In
X-Matched-Rule
X-Fetched-On
X-Device-Os
Cache-Host
Thinkindot-Control
Thinkindot-CacheControl
X-Var-Ttl
X-Men
X-Li-Proto
X-Scheme
X-Cache-Tag
X-Dynatrace
X-Dispatch
X-Geo-Region
X-Azure-Ref-OriginShield
X-Served-From
X-Akamai-Pragma-Client-IP
X-Cdn-Origin
X-Sigma
Origin-Cache-Control
Origin-Edge-Control
Proxy-Firewall
X-TH-Server
X-B3-SpanId
X-Instart-Info
X-Trace-Id
Cache-Key
X-Sn-Servicetimems
X-Rocket-Build-Number
X-NodeID
Server-Ttl
X-Sigma-Backend
X-Via-PopN
Cf-Device-Type
X-Via-PopV
X-Parent-Response-Time
X-Via-PopH
Source
Powered-By
X-RAMCache
X-Lb-Id
Cache-Provider
X-No-Cache
Fastcgi-Cache-TTL
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Batcache
HitType
X-Tt-Logid
X-LiteSpeed-Tag
X-VC-Cache
X-WA
X-ServiceProvider
X-Agile-Brick-Ok
X-ElasticPress-Query
Tcn
X-MiniProfiler-Ids
X-Generated
BehaviorPad-Version
X-Yottaa-OS
Req-Svc-Chain
Cf-Alt-Svc
X-RateLimit-Limit
X-HostName
Xet-Cookie
X-Pf-Uncompressing
X-TrackingId
Content-Script-Type
X-Apw-Hits
X-Apw-Access-Token
X-Varnish-Beresp-TTL
X-Request-URL
X-Origin-Response-Time
X-PJAX-URL
X-Apw-Access-Object
Content-Style-Type
Who
Expiry
X-Apw-Access-Action
X-Selected-Host-Header
X-Selected-Name
X-Selected-Scheme
X-B3-Parentspanid
X-BBC-Origin-Response-Status
Dnion-Transfer-Encoding
Pragrma
PICS-Label
X-Vgn-Hpd-Reason
X-Snapshot-Date
Inserted-Into-Cache-At
X-C
Resin-Trace
X-Dw-Trace-Id
Mime-Version
Vha6-Origin