Threat Level: green Handler on Duty: Remco Verhoef

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
CF-RAY
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-UA-Compatible
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-Served-By
CF-Ray
X-Xss-Protection
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Request-ID
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-Iinfo
P3p
X-Content-Security-Policy
X-AspNetMvc-Version
Status
Content-Encoding
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Cache-Group
X-Server
X-Backend
X-Hacker
X-Amz-Request-Id
X-Robots-Tag
X-Amz-Id-2
X-UA-Device
X-AH-Environment
Request-Context
X-Proxy-Cache
EagleId
X-Turbo-Charged-By
X-Server-Powered-By
X-Template
Server-Timing
X-Language
X-Nginx-Cache-Status
Grace
Host-Header
Report-To
X-Dns-Prefetch-Control
X-Rq
X-Page-Speed
Xkey
X-Ua-Compatible
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
X-Buckets
X-Vhost
X-WebKit-CSP
X-Host
X-Backend-Server
X-Server-Id
X-Dispatcher
X-Device
NEL
Surrogate-Control
X-Node
X-Ruxit-JS-Agent
Request-Id
Content-Location
Accept-CH-Lifetime
X-Response-Time
EagleEye-TraceId
Accept-CH
X-Cache-Lookup
X-Akam-SW-Version
X-Origin-Cache
X-Ac
Allow
X-Readtime
Rating
X-HW
X-Mod-Pagespeed
X-Country
X-Application-Context
X-Cloud-Trace-Context
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Edge-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Pinterest-Generated-By
X-Vname
X-PC
X-TtlSet
X-MS-InvokeApp
X-Cnection
X-DataDome
X-Country-Code
X-Varnish-TTL
X-CST
X-GitHub-Request-Id
X-Content-Type
X-D2id
X-Clacks-Overhead
X-Server-Name
X-Trace
X-Sol
X-Middleton-Display
Pagespeed
Display
X-Middleton-Response
Response
X-Origin-Upstream-Status
Pinterest-Version
X-Pinterest-Rid
MS-Author-Via
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Template-Id
X-Vcap-Request-Id
X-Abt-Application-Version
X-Px
X-Navigation-Version
X-TTL
X-Rack-Cache
X-B3-TraceId
X-ESI
X-FastCGI-Cache
Service-Worker-Allowed
Verso
X-Fastly-Request-ID
X-Client-IP
Arr-Disable-Session-Affinity
X-Url
X-Webkit-CSP
X-Element-Page-Cache
X-Cached
X-DynaTrace
X-Cache-TTL
X-FTR-Request-ID
X-Dw-Request-Base-Id
X-VARITI-CCR
X-SharePointHealthScore
SPRequestGuid
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-GoogleNews-Bot
X-Goog-Hash
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Powered-By-Plesk
X-Upstream
X-NF-Request-ID
Fastly-Restarts
AR-ATIME
AR-CACHE
AR-PoweredBy
X-Debug
AR-Request-ID
Ar-Sid
Content-MD5
X-Pinterest-Direct
X-MSEdge-Ref
X-Forwarded-Proto
SPRequestDuration
SPIisLatency
X-Powered-CMS
X-Version
Access-Control-Request-Method
X-T
X-Release
X-Amz-Rid
X-Jurisdiction
S
X-Content-Digest
X-Edge
X-XRDS-Location
RTSS
Accept-Ch
TCN
TP-Cache
TP-L2-Cache
Cache-Tag
Public-Key-Pins
X-Ezoic-Cdn
X-Litespeed-Cache
X-Cache-Key
Front-End-Https
X-Node-Name
X-Mid
X-MCACHE
X-Yandex-Sdch-Disable
Server-Node
X-Request-Received
X-Request-Processing-Time
X-Mg-S
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-Recruiting
X-Amzn-Trace-Id
X-HP-Webp
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Ttl
X-Ser
X-Accel-Expires
X-Kinsta-Cache
X-Grace
X-PressLabs-Stats
X-NWS-LOG-UUID
X-Microsite
X-Request-Handler-Origin-Region
X-ASPNET-VERSION
X-Origin-Server
Accept-Charset
X-Varnish-Age
X-Logged-In
ServerID
Cf-Bgj
MicrosoftSharePointTeamServices
X-DIS-Request-ID
X-Page-Id
Host
X-Cache-Hit
Nginx-Cache
X-Shield-Request-Id
X-Ratelimit-Remaining
Edge-Cache-Tag
X-Content-Security-Policy-Report-Only
X-ECACHE
X-Server-ID
X-Hits
X-B
Powered-By-ChinaCache
Cache-Tags
X-Mobile-URL
X-Hostname
X-Forwarded-For
X-F-Cache
X-LB-Cache
X-Respond-Thread
Cleartype
X-Activity-Id
Realpath
Accept-Ch-Lifetime
X-AppVersion
X-Az
X-Git-Hash
X-Cached-By
X-URL
X-N
X-Content-Options
Alternate-Protocol
X-Ratelimit-Limit
X-Type
X-Kong-Proxy-Latency
X-Cache-Age
X-Upgrade-Enabled
X-Kong-Upstream-Latency
X-Request-Guid
X-Jobs
X-App-Environment
Paypal-Debug-Id
DynaTrace
X-Load-Cache
X-Amz-Meta-S3cmd-Attrs
X-Rid
X-Varnish-Backend
Fastcgi-Useragent
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-FTR-DC
X-FTR-Realm
X-FTR-Expires
X-Seen-By
Access-Control-Allow-Method
Nel
X-Proxy
X-WebKit-CSP-Report-Only
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Goog-Storage-Class
X-Goog-Generation
X-GUploader-UploadID
X-Zen-Fury
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-FireWall-Port
X-HS-Cache-Config
X-Akamai-Edgescape
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-B3-Sampled
Charset
Filterid
X-FB-Debug
X-VCache
X-Varnish-Grace
X-Correlation-ID
X-Daa-Tunnel
X-IPLB-Instance
X-Signature
X-B-Cache
Filters
X-Host-Name
X-Mobile
MS-CV
Healthy
DC
X-AOL-HN
X-Debug-Info
X-Whom
Viewport
AMP-Access-Control-Allow-Source-Origin
X-Region
X-User-Agent
X-App-Server
Payment
X-Geo-Country
X-Accel-Buffering
Liferay-Portal
X-Original-Request-Id
X-Frontend
X-Response-Served-From
X-XRDS-LOCATION
X-Instance
X-HTML-Minification-Powered-By
X-Distributor
X-Tumblr-User
X-FW-Dynamic
X-Tumblr-Pixel-0
X-Cache-Rule
Surrogate-Key
X-Cache-Operation
X-Acc-Debug-Context
X-FW-Serve
X-FW-Hash
X-FW-Server
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-UUID
X-Tumblr-Pixel
X-FW-Static
X-FW-Type
X-Rule
X-Cache-Time
X-Content-Powered-By
X-Cacheable-TTL
Refresh
X-Protected-By
X-Amz-Replication-Status
X-Id
S-Cnection
X-Is-Bot
X-Rendered-As
X-Via-JSL
X-Cache-Expired-At
X-Wix-Request-Id
Content-Disposition
Section-Io-Cache
Version
X-Hyper-Cache
X-Amz-Apigw-Id
X-Sucuri-ID
X-App-Version
X-Backend-Name
X-Cache-Action
X-Amzn-RequestId
Datacenter
X-Ah-Environment
CACHE
X-Tec-Api-Origin
X-Oneagent-Js-Injection
X-Tec-Api-Root
X-Tec-Api-Version
X-Endurance-Cache-Level
Server-Name
X-Pinterest-Sli-Latency-Threshold
X-Pinterest-Sli-Endpoint-Name
X-Pinterest-Sli-Response-Type
Arc-Version
Retry-After
PB-PID
PB-RID
X-Air-Hostname
X-Cache-Server
GEO-INFO
X-Ua
X-Source
X-EdgeConnect-Cache-Status
X-Real-IP
Eomportal-Instance
X-RemovedCookies
Referer-Policy
X-Environment-Context
X-L-Path
X-ProcessESI
X-Framework
Frame-Options
X-Varnish-Server
X-Revision
X-Sucuri-Cache
X-RTag
NGB
X-Yottaa-Metrics
X-Yottaa-Optimizations
Ms-Operation-Id
X-Drupal-Cache-Contexts
X-Unique-Id
Webserver
Akamai-Age-Ms
Countrycode
X-Cache-Control
X-Correlation-Id
X-WA-Info
X-RN-RSRV
X-ES-SERVER
X-Cache-Var-Map
Meta-Geo
X-Cache-Var
X-Drupal-Cache-Tags
X-Azure-Ref
X-Mode
X-Qloud-Router
X-GeoIP
X-Xfnlog-Site
X-Proxy-Cache-Status
X-Cache-TTL-Remaining
X-DynaTrace-JS-Agent
DB-Nickname
X-R9-Blue-Green-Version
X-TNCMS
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
X-PCL
TWC-GeoIP-LatLong
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-Device-Class
Property-Id
X-Time-Microsecs
X-OCL
X-Origin-Hint
Webcakes-App-Version
X-NYM-Debug-Backend
X-ProxyCache-Status
X-Server-W
Cache-Tv-Group
X-Redis-Cache
X-FW-Version
X-Hosted-By
X-ProxyCache-Key
X-BYPASS-REASON
X-Status
X-Cluster
Cross-Origin-Window-Policy
X-Hl-Ver
X-AWS-Id
X-Amzn-Remapped-Content-Length
X-Cache-Host
Mn-Server-Ip
X-LJ-Flow-ID
X-Loop
Ec-Rule-Version
X-VWS-Id
Webcakes-Region
X-Via-Fastly
X-Access
X-Timing-Wait
X-Detected-As
X-Site-Version
X-TIME
X-Zipkin-Id
X-ServerID
X-Proto
X-No-Session
Selected-Fe
X-FB-TRIP-ID
X-Format
X-PHP-Host
X-Proxied
X-Proxy-Build
X-Routing-Service
X-Locale
X-Labrador-Cache-Channel
X-From
X-Handled-By
X-Human
X-Section
X-Contextid
X-Be
X-Flags
X-NewRelic-App-Data
X-Providence-Cookie
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Route-Name
FSS-Cache
X-CDN-Forward
X-Adobe-Content
X-Adobe-Loc
X-Cache-PHP
X-Debug-Cache
X-AIR-PT
Uber-Trace-Id
X-Device-Type
X-Generated-By
X-PHP-Backend
X-ATG-Version
X-TT
X-BCube-Filmed-By
X-Ratelimit-Reset
X-Cache-Spec
X-Tt-Trace-Tag
X-Esi
X-Tt-Trace-Host
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Upgrade-Insecure-Requests
X-CSRF-Token
Azure-InstanceId
Azure-SlotName
Azure-RegionName
Azure-SiteName
X-Varnish-Cache-Hits
Azure-Version
X-NC
X-LLID
X-Fastcgi-Cache
OT-Force-Account-Verify
From-Origin
Access-Control-Request-Headers
Cache
X-COUNTRY
X-NCache
X-UPSTREAM-Address
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-GoCache-CacheStatus
X-Origin
X-Akamai-Transformed
X-Oss-Request-Id
X-FTR-Cache-Host
X-Adobe-Source
X-CCM
X-Cache-2
SD-X-WS
X-Backend-TTL
X-JoinUs
X-Page-View
X-SaId
Powered
CF-Cached-On
X-Shopify-Stage
X-ShardId
X-LAGOON
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Varnishpool
X-Alternate-Cache-Key
Cache-Status
X-Storefront-Renderer-Rendered
X-ShopId
X-Cache-Grace
X-Forwarded-Host
X-ApacheServer
X-G
X-PERF
Country
X-ID
X-Backend-Host
X-Pubstack
Decoy-Debug-Status
X-Soup
Decoy-Debug-TTL
X-SayCDN-TTL
X-Say-Cacheable
X-Say-TTL
Fastly-SSL
X-Time
Decoy-Debug-Key
X-Storage
X-ECache
X-Cluster-Name
X-Web-Node
Node
SRV
X-Ruxit-Js-Agent
X-IP
X-TX-ID
X-Cdn
X-NWS-UUID-VERIFY
X-Viewer-Country
X-Cache-Enabled
X-EC-Lua
DCR-Decision-By
X-Request-UUID
X-RCS-CacheZone
X-Rewrite-Enabled
X-Rojux
X-S
X-Processor
X-PBS-Appsvrname
X-D
X-Destination
X-External-Request-Id
X-PAYTM-SRV-ID
X-S-Cookie
X-ScT
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Worker
Xc-Version
X-VG-WebServer
X-VG-WebCache
X-Session-Fingerprint
X-Trv-Group
X-Vdms-Path
X-Vdms-Version
X-Connection-Hash
X-CF-Lambda-Version
Machine
MD5-Digest
Meta-Geo-Continent
Mobile-Detection-Method
Host-ID
Fastcgi-X-Cache-Version
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
DCR-Processing-Time-Ms
Rendered-Blocks
X-A
X-ARC
X-B-Cookie
X-Cache-NE
X-CF-Lambda-Fn
X-Aed
X-A-Wwc
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A-Dgt
Apple-News-Services-Handled
X-Application
X-APP-VERSION
X-Via-CDN
X-Tumblr-Pixel-3
X-Cache-Config
CDN-Uid
CDN-RequestId
CloudFront-Viewer-Country
X-Envoy-Decorator-Operation
Fastly-SWR
Fastly-SIE
CDN-RequestCountryCode
CDN-CachedAt
Adler-Geo
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Platform-Server
CDN-Cache
CDN-EdgeStorageId
Gh-Request-Id
CDN-PullZone
X-Ms-Request-Id
X-Fastly-Cache
X-Cms-Context
X-Clara-WADP
X-Core-Value
X-CUA
X-DPWN-IS-SECURE
X-DefHash
X-DefElseHash
X-Fmm-Version
X-Cache-Debug
X-Micro-Cache
X-Microcachable
Is-Eu
Platform
X-Generation-Time
X-Cache-Bucket
X-Auto-Login
X-Variation
X-Ms-Version
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-WADP-Cache
X-VG-TLSProxy
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Varnish-CookieHashed-On
X-Varnish-Beresp-Ttl
Backend
X-GEO
X-B3-Traceid
X-UA
X-Bc-Bl
X-IPS-LoggedIn
X-Fastly-Backend
X-Has-Esi
X-Cache-Id
Fastly-Backend-Name
X-Is-Gdpr
X-Core-Mission
X-Cache-NGX
X-Owner
X-Varnish-Cacheable
X-VarnishDD-TTL
X-OVcl-Cache
Wxu-Next-Region
X-Old-Content-Length
X-OVcl
X-Platform
X-Geo-Header
X-Gamma-Serve
X-Gzip
Rt-Fastcgi-Cache
X-Li-Pop
X-Li-Fabric
Wxu-Next-Hostname
Wxu-Next-Commit
X-Level-Front-Cache
X-Wikidot-Backend
X-LI-UUID
NM-Fastcgi-Cache
X-Clientip
CacheControlHeader
X-Method
PFcat
X-Location
X-Wikidot-Static-Cache
X-JWT-State
X-HS-Content-Campaign-Id
X-Request-Start
X-Esi-Check
X-Developers
AKAMAI
X-Dispatcher-Server
X-Branch-Name
X-Hash
X-Thanos
X-Bip
X-Request-Host
Akamai-GRN
X-Webstats-RespID
X-HN
X-SN
X-Varnish-Ttl
X-Policy
X-Slack-Backend
X-Irp-Debug
X-Servername
X-Generated-On
X-Backend-State
X-Cache-Backend
X-CS
X-B3-Spanid
X-Eu-Site
X-Skip-Cache
X-Csrf-Jwt
X-Mvc-Supplant-Cachable
X-CGP
Origin
X-PF-Uncompressing
X-Content-Age
L5d-Success-Class
L
X-Reqid
X-Cache-Tags
X-Twitter-Response-Tags
Pagetype
X-Transaction
X-Cache-Date
Ha-Gx-Prefs
Fastly-Drupal-HTML
HA-Ipaddr
X-Render-Time
C-Via
X-EIG-Tracking-Id
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Refresh
X-Minions-Version
FSS-Proxy
X-DC
X-TA-CDN-Provider
X-Cache-Remote
X-Sql-Count
X-Sql-Duration-Ms
X-Amz-Meta-Cb-Modifiedtime
Country-Code
X-Aicache-OS
UCS
X-Wa
X-NODE
X-Date
X-Accel-Expires-Debug
Surrogated-Key
X-Via-Popn
X-Via-Poph
X-NGENIX-Cache
X-Hp-Webp
X-Presslabs-Stats
X-Www-Served-By
X-SRV
X-Up
X-Vgn-Hpd-Variations-Key
X-Edge-Location
X-Req
XServer
X-NU-AKA-ACS-Version
X-LB-ID
X-RateLimit-Remaining
X-Vgn-Hpd-Cached
X-Dc
X-Cdn-Srv
Mail-Subject
We-Hiring
X-Cache-URL
Memcached
NGX
HostName
Group
Hostname
X-Ftr-Cache-Host
Cache-Hits
X-Mvc-Supplant-OutputCached
X-Debug-Cache-Fetch
X-Debug-Cache-Store
Ufe-Result
Protected
X-Check-Cacheable
Time
X-S-Maxage
X-Via-SSL
X-Ua-Device
X-Proxy-Upstream
X-Servedbyhost
X-Via-Edge
Edge-Copy-Time
X-FPC
X-LI-Proto
X-Nginx-Cache
Now
X-CACHE-AGE
ServedBy
Geoip-Latitude
On-Server
GeoIp-Country-Code
X-BC
X-ZONE
X-Agile-Id
X-Agile
X-Svr
X-Varnish-Hostname
X-Agile-Age
X-Cdn-Forward
T-Server
X-Request-Time
X-Acc-Rdl
X-FORWARDED-FOR
X-Pass-Why
X-CSRF-TOKEN
X-VCL-Version
M-TraceId
X-Cluster-Node
X-LiteSpeed-Cache-Control
SID
Xserver
X-UnsetCookies
X-NGINX-Cache
Pics-Label
X-MP-GENERATED-AT
Server-Host
X-Datadome
X-Uri
N-Cache
X-Cs
X-Via-Popv
X-Bc
X-Zone
WZWS-RAY
X-Dynatrace-Js-Agent
X-VC
X-APP
X-HS-Status
Magicmarker
X-SB
Arc-Country
X-CF-Powered-By
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-Srv
Section-Origin-Responded
X-Erf-Stays-Bingo-Pdp-Web
Section-Io-Id
X-Varnish-Hits
NtCoent-Length
Ohc-File-Size
X-We-Are-Hiring
Processtime
X-Edge-Server
X-TT-LOGID
Apigw-Requestid
Viewtype
VivaBuild
ProcessTime
Cdn-Host
Cdn-Request-Time
Ohc-Cache-HIT
User-Agent
X-MSEdge-Flight
Sid
X-MSEdge-Features
X-UA-Device-Type
X-Action
X-RunCloud-Cache
X-Via-Ucdn
Cache-Name
W
X-Info
Memory
Odigeo-Trace-Id
User-Cache-Control
Srv
LB
Geo-Info
Tracecode
X-DW
X-Unique-ID
X-DSS
DSUID
X-RPS
X-Origin-Date
X-RPM
CF-IPCountry
X-Oss-Cdn-Auth
X-DB
X-RSL
Cteonnt-Length
X-DI
WWW-Authenticate
Server-Info
X-Newrelic-App-Data
X-HOST
CountryCode
S-Rt
X-Tb
X-Vgn-Hpd-Ssi
WebServer
X-Vcl-Version
X-Geo
X-HITS
Ssr
Amp-Access-Control-Allow-Source-Origin
X-Pjax-Url
X-Cache-Hfrom
X-Magnolia-Registration
X-Cache-Hm
CDN
X-Dynatrace
X-Webkit-CSP-Report-Only
X-Hit
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hnp-Log
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Gdpr
X-Gen-Mode
X-Loc
X-Matched-Rule
Thinkindot-CacheControl
X-Origin-CC
X-Node-Id
X-Nginx-Cache-Key
A
Instruction
X-Contensis-Viewer-Groups
X-API-Version
X-BBC-Edge-Cache-Status
Web-Mar-Node
Vix-Hermes-Req-Id
True-Client-Country-4JS
V-Age
X-BBXSRF
X-Block-Status
X-Newrelic-Synthetics
X-Origin-Expires
X-Cache-Info
X-Cache-Expires
X-Cache-ASPX
X-Developer
X-Nyt-Route
Lfy
D-Cc-Upstream
X-Origin-Time
X-SRCache-Key
X-Thinkindot-L3
MIME-Version
X-Scheme
Locid
X-Cc-Via
X-Cc-Req-Id
IsBot
X-Fastly-Country-Code
SR-User-Adfree
X-VServer
X-Request-URI
X-Origin-TTL
CDCHOST
X-SD-PageType
X-Server-IP
X-SIPLIST1
Server-ID
X-Varnish-Url
X-Varnish-Authentication
X-CACHE-KEY
X-Nc
Cache-Host
Path
Sever-Int
X-CLOUD-TRACE-CONTEXT
Server-Hostname
Server-Ext
Pramga
GeoIP-Latitude
GeoIP-Country-Code
X-Device-Os
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Sn-Servicetimems
Lb
X-Swa-Ws
X-FC-Vary-Parameters
X-Var-Ttl
X-User
X-Traceid
X-Trace-Id
X-Response-By
X-Akamai-Request-ID2
X-Fetched-On
X-Generated-In
X-GeoIP-City
X-Cdn-Origin
X-Azure-Ref-OriginShield
X-NodeID
X-Provided-By
Cdn
X-Epic-Correlation-Id
X-Fpc
Release
X-Li-Proto
X-Envoy-Upstream-Healthchecked-Cluster
X-ServedByHost
X-Via-NSCOPI
X-Cache-Tag
Cf-Device-Type
FNAC-ModuleRouting
X-Lb-Id
Source
X-Men
Accept-Language
Tcn
Esi-Enabled
X-SERVER-NAME
Server-Ttl
X-Origin-Response-Time
X-TH-Server
Cache-Key
X-Browser-Type
X-StackifyID
X-Sigma
X-Sigma-Backend
Kp-EeAlive
X-Amzn-Remapped-Connection
X-Rocket-Build-Number
X-Amzn-Remapped-Date
X-Akamai-Pragma-Client-IP
X-Served-From
Actual-Object-TTL
X-B3-SpanId
X-ORACLE-APMCS-REQUEST-ID
X-Parent-Response-Time
Expiry
X-Instart-Request-ID
X-Via-PopV
Content-Script-Type
X-Via-PopN
X-WA
Content-Style-Type
Cache-Provider
X-Via-PopH
X-Key
X-No-Cache
Url
X-Batcache
X-RateLimit-Limit-Second
X-ServiceProvider
X-MiniProfiler-Ids
X-Request-URL
X-RateLimit-Remaining-Second
X-Yottaa-OS
X-ElasticPress-Query
X-Vgn-Hpd-Reason
Inserted-Into-Cache-At
X-Mobile-Rewrite
Req-Svc-Chain
X-VC-Cache
X-Agile-Brick-Ok
Location
X-Tt-Logid
X-Vcache
EpKe-Alive
X-Akamai-Request-ID
X-BBC-Origin-Response-Status
URI
Content-Secure-Policy
X-B3-Parentspanid
X-Dispatch
X-RateLimit-Limit
X-Instart-Info
Proxy-Firewall
X-Apw-Access-Object
X-Apw-Access-Action
X-Apw-Access-Token
X-Apw-Hits
X-Varnish-Beresp-TTL
X-PJAX-URL
Who
X-HostName
Origin-Edge-Control
Origin-Cache-Control
X-Selected-Scheme
X-Selected-Host-Header
X-Selected-Name
X-Geo-Region
X-TraceId
Vha6-Origin
Resin-Trace
BehaviorPad-Version
X-C
Xkeyi7
X-Proxy-Cachei7
X-Snapshot-Date
Powered-By
Cf-Alt-Svc
HitType
X-RAMCache
Pragrma
Xet-Cookie
X-Dw-Trace-Id
PICS-Label
Mime-Version
NnCoection