Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
Age
CF-RAY
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-Served-By
CF-Ray
X-Xss-Protection
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Request-ID
X-Generator
P3p
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
Upgrade
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Template
X-Language
Keep-Alive
X-Via
X-Ws-Request-Id
X-Dns-Prefetch-Control
Feature-Policy
X-Age
X-Backend
X-Hacker
X-Cache-Group
X-Server
X-Robots-Tag
X-Amz-Request-Id
X-UA-Device
EagleId
X-Amz-Id-2
X-AH-Environment
X-Proxy-Cache
X-Buckets
X-Turbo-Charged-By
Request-Context
X-Server-Powered-By
Server-Timing
Host-Header
X-Nginx-Cache-Status
Grace
Report-To
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Cf-Railgun
Ali-Swift-Global-Savetime
Cf-Bgj
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Vhost
X-Amz-Version-Id
X-Host
X-Dispatcher
X-Device
X-Backend-Server
NEL
X-Node
X-WebKit-CSP
Surrogate-Control
X-Ruxit-JS-Agent
X-Cache-Lookup
X-Response-Time
Content-Location
X-Origin-Cache
Request-Id
X-Akam-SW-Version
X-Server-Id
X-ASPNET-VERSION
X-Ac
Accept-CH-Lifetime
X-Country
EagleEye-TraceId
X-HW
X-Mod-Pagespeed
Rating
Accept-CH
X-Readtime
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Cloud-Trace-Context
X-Application-Context
Pinterest-Generated-By
Edge-Control
X-Country-Code
X-Url
X-Vname
X-PC
X-TtlSet
X-DataDome
X-Varnish-TTL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Origin-Upstream-Status
X-Cnection
Allow
X-MS-InvokeApp
Fusion-Content-Id
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Source
Fusion-Component-Id
X-GitHub-Request-Id
X-D2id
X-Content-Type
X-ESI
X-Webkit-CSP
X-Clacks-Overhead
X-Server-Name
X-Abt-Application-Version
X-Trace
X-FTR-Request-ID
X-Pinterest-Rid
X-Navigation-Version
Pinterest-Version
X-Vcap-Request-Id
Display
Pagespeed
X-Middleton-Display
Response
X-Sol
X-Middleton-Response
X-Px
X-B3-TraceId
Verso
X-Rack-Cache
X-Cached
X-DynaTrace
X-Element-Page-Cache
X-Fastly-Request-ID
Service-Worker-Allowed
Accept-Ch
MS-Author-Via
X-Client-IP
X-Cache-TTL
Arr-Disable-Session-Affinity
X-Powered-By-Plesk
X-Dw-Request-Base-Id
X-Upstream
Content-MD5
X-Version
X-Forwarded-Proto
AR-Request-ID
AR-PoweredBy
AR-ATIME
AR-CACHE
X-SharePointHealthScore
Ar-Sid
SPRequestGuid
Fastly-Restarts
X-NF-Request-ID
X-TTL
X-T
X-Debug
X-Server-ID
X-VARITI-CCR
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Exp-Variant
X-Kinja
X-Exp-Id
X-Cdn-Fetch
X-Jurisdiction
X-XRDS-Location
X-Goog-Hash
Access-Control-Request-Method
X-Powered-CMS
TP-L2-Cache
TP-Cache
X-FastCGI-Cache
X-MSEdge-Ref
X-Ttl
X-Content-Digest
X-Release
X-Edge
X-NWS-LOG-UUID
SPIisLatency
S
SPRequestDuration
X-CST
TCN
X-Amz-Rid
RTSS
Cache-Tag
X-PressLabs-Stats
X-Pinterest-Direct
Public-Key-Pins
X-Ezoic-Cdn
Fastcgi-Cache
X-Request-Received
X-Request-Processing-Time
X-Yandex-Sdch-Disable
X-Node-Name
Server-Node
X-Mid
X-Cache-Key
X-MCACHE
X-Accel-Expires
Accept-Ch-Lifetime
X-Amzn-Trace-Id
Front-End-Https
X-Logged-In
X-Ratelimit-Remaining
X-Cache-Hit
ServerID
X-Ser
X-Microsite
X-Request-Handler-Origin-Region
X-Kinsta-Cache
X-Recruiting
X-Origin-Server
X-Page-Id
Alternate-Protocol
Accept-Charset
Host
X-B
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ratelimit-Limit
X-Mobile-URL
X-Varnish-Age
X-Content-Security-Policy-Report-Only
X-Hostname
Filterid
X-FireWall-Port
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Expires
X-Forwarded-For
Nginx-Cache
X-Shield-Request-Id
X-DIS-Request-ID
X-Mg-S
X-Seen-By
X-Content-Options
X-Load-Cache
X-Grace
X-ECACHE
Edge-Cache-Tag
Realpath
X-Jobs
X-Daa-Tunnel
X-F-Cache
X-LB-Cache
X-N
Akamai-Age-Ms
X-Git-Hash
X-Amz-Server-Side-Encryption
X-App-Environment
X-Hits
X-Activity-Id
X-AppVersion
X-Type
X-Az
X-Varnish-Grace
X-Varnish-Backend
X-Request-Guid
Paypal-Debug-Id
X-Rid
X-HP-Webp
Fastcgi-Useragent
X-Id
X-Zen-Fury
MicrosoftSharePointTeamServices
X-Proxy
DynaTrace
Access-Control-Allow-Method
X-FB-Debug
Cache-Tags
X-Upgrade-Enabled
X-App-Server
Cleartype
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-WebKit-CSP-Report-Only
X-Akamai-Edgescape
X-Cached-By
X-Geo-Country
Content-Disposition
DC
X-Cache-Operation
X-Content-Powered-By
X-Cache-Rule
X-Correlation-ID
X-Amz-Meta-S3cmd-Attrs
X-Wix-Request-Id
X-Host-Name
X-IPLB-Instance
X-User-Agent
X-Response-Served-From
Powered-By-ChinaCache
X-Accel-Buffering
X-Original-Request-Id
AMP-Access-Control-Allow-Source-Origin
X-HS-Cache-Config
X-Endurance-Cache-Level
X-HTML-Minification-Powered-By
X-Cache-Age
X-HS-Content-Id
X-HS-Hub-Id
NGB
X-AOL-HN
X-Signature
X-Goog-Stored-Content-Length
Healthy
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Storage-Class
X-B-Cache
X-B3-Sampled
X-HS-Combine-CSS
X-Ua
X-Goog-Metageneration
X-GUploader-UploadID
X-VCache
MS-CV
X-Rendered-As
X-Whom
X-Is-Bot
Payment
X-FW-Type
X-Respond-Thread
X-UUID
X-Distributor
X-FW-Dynamic
X-FW-Static
X-Cache-Time
X-FW-Serve
X-FW-Hash
X-Debug-Info
X-Cacheable-TTL
X-Region
X-FW-Server
X-Instance
Datacenter
X-Rule
X-Amzn-RequestId
Refresh
X-Amz-Apigw-Id
X-Tumblr-Pixel-2
X-Frontend
Countrycode
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Mobile
Nel
X-XRDS-LOCATION
X-App-Version
PB-PID
X-Fastcgi-Cache
Surrogate-Key
PB-RID
Arc-Version
X-Ah-Environment
X-Varnish-Server
X-Oneagent-Js-Injection
X-Tec-Api-Root
X-Tec-Api-Origin
S-Cnection
X-Tec-Api-Version
X-Backend-Name
X-Protected-By
X-Acc-Debug-Context
X-Via-JSL
X-PHP-Backend
X-NewRelic-App-Data
Liferay-Portal
Viewport
X-Hyper-Cache
X-Azure-Ref
X-Cache-Server
X-Cache-Expired-At
X-Litespeed-Cache
Powered
Filters
X-Hp-Webp
X-Proxy-Cache-Status
X-WA-Info
Charset
Referer-Policy
Retry-After
X-Cache-Control
X-DynaTrace-JS-Agent
Section-Io-Cache
X-Time
X-EdgeConnect-Cache-Status
X-Source
X-Sucuri-ID
X-Cache-Action
X-FB-TRIP-ID
Cache
X-CSRF-Token
X-Cache-Var
Meta-Geo
X-Cache-Var-Map
X-ES-SERVER
Eomportal-Instance
X-RN-RSRV
X-Amz-Replication-Status
X-GeoIP
X-RemovedCookies
X-ProcessESI
X-R9-Blue-Green-Version
X-Qloud-Router
X-Mode
X-From
X-Device-Type
X-Real-IP
X-Debug-Cache
X-BYPASS-REASON
X-Cache-Host
X-Human
X-LJ-Flow-ID
Mn-Server-Ip
X-Yottaa-Optimizations
X-Environment-Context
X-Framework
X-L-Path
X-Yottaa-Metrics
X-ProxyCache-Key
X-AWS-Id
X-ProxyCache-Status
X-VWS-Id
X-Time-Microsecs
X-Xfnlog-Site
X-Server-W
Version
X-Timing-Wait
Ec-Rule-Version
Property-Id
Cross-Origin-Window-Policy
Selected-Fe
TWC-Connection-Speed
X-TNCMS
X-RTag
X-Revision
TWC-Device-Class
Uber-Trace-Id
X-Cache-TTL-Remaining
Cache-Tv-Group
TWC-GeoIP-LatLong
X-Ratelimit-Reset
X-FW-Version
X-Loop
X-OCL
X-PCL
X-Origin-Hint
X-Cluster
Ms-Operation-Id
TWC-Locale-Group
X-Proxy-Build
TWC-Privacy
Webcakes-App-Name
Webcakes-Region
Webcakes-App-Version
TWC-GeoIP-Country
X-Handled-By
X-FTR-Cache-Host
FSS-Cache
GEO-INFO
X-Detected-As
X-Labrador-Cache-Channel
X-Zipkin-Id
DB-Nickname
X-NYM-Debug-Backend
X-PHP-Host
X-Amzn-Remapped-Content-Length
X-BCube-Filmed-By
X-Routing-Service
X-Hosted-By
X-Be
X-Proxied
X-Hl-Ver
X-Status
X-Locale
X-Air-Hostname
X-Site-Version
X-ServerID
X-JoinUs
X-SaId
X-Proto
Frame-Options
X-Access
X-Generated-By
X-Via-Fastly
X-Format
X-Section
X-Redis-Cache
X-Unique-Id
X-Correlation-Id
X-No-Session
X-Cache-PHP
From-Origin
Webserver
X-ATG-Version
X-Varnish-Cache-Hits
X-Drupal-Cache-Contexts
X-Sucuri-Cache
X-NWS-UUID-VERIFY
Server-Name
X-TA-CDN-Provider
X-Contextid
X-Drupal-Cache-Tags
X-Origin
X-NCache
X-EIG-Tracking-Id
X-ECache
X-CDN-Forward
OT-Force-Account-Verify
CF-Cached-On
X-EC-Lua
X-IPS-LoggedIn
X-AIR-PT
X-Oss-Server-Time
X-Oss-Storage-Class
X-Tt-Trace-Host
X-Oss-Hash-Crc64ecma
X-GoCache-CacheStatus
X-Adobe-Loc
X-Tt-Trace-Tag
X-Adobe-Content
X-Oss-Request-Id
X-Oss-Object-Type
X-Cache-Enabled
X-Bc-Bl
X-IP
X-Backend-Host
X-Akamai-Transformed
X-TT
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Variations-Key
X-NC
Azure-RegionName
Azure-InstanceId
X-Ruxit-Js-Agent
Azure-SlotName
Azure-Version
Azure-SiteName
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Tumblr-Pixel-3
X-URL
X-TIME
X-Cache-Backend
X-Cdn
X-Cache-2
Access-Control-Request-Headers
X-Adobe-Source
SD-X-WS
X-CCM
Node
X-CACHE-AGE
X-APP-VERSION
Time
DCR-Processing-Time-Ms
Fastcgi-X-Cache-Version
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
DCR-Decision-By
Host-ID
Apple-News-Services-Host
Apple-News-Services-Request-Url
X-Vtex-Remote-Cache
Meta-Geo-Continent
Xc-Version
Surrogated-Key
X-Soup
X-Storefront-Renderer-Rendered
Rendered-Blocks
X-Worker
MD5-Digest
Mobile-Detection-Method
X-Vtex-Processado-Em
Machine
X-A-Dgt
X-Request-UUID
X-CF-Lambda-Version
X-Connection-Hash
X-ShopId
X-CF-Lambda-Fn
X-Rewrite-Enabled
X-S
X-Cache-NE
X-Rojux
X-VG-WebServer
X-ShardId
X-D
X-PBS-Appsvrname
X-Backend-TTL
X-Alternate-Cache-Key
X-PAYTM-SRV-ID
X-G
X-External-Request-Id
X-Date
X-Destination
X-RCS-CacheZone
X-Processor
X-S-Cookie
Now
X-A-Dcw
X-Trv-Group
X-A-Ccd
X-Transaction
X-A-Dam
X-ScT
X-Twitter-Response-Tags
X-Up
X-Vdms-Version
X-A
X-A-Wwc
X-VG-WebCache
X-B-Cookie
X-Vdms-Path
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Accel-Expires-Debug
X-Aed
X-Application
X-ARC
X-PERF
X-Forwarded-Host
X-ApacheServer
X-Varnishpool
X-Pubstack
X-Cache-Grace
X-UA
X-Cache-Config
X-Cluster-Name
X-Web-Node
X-Storage
X-Viewer-Country
X-SayCDN-TTL
X-Say-TTL
Adler-Geo
X-Say-Cacheable
X-VG-TLSProxy
X-Rebelmouse-Cache-Control
X-Dispatcher-Server
X-DPWN-IS-SECURE
X-CUA
X-Rebelmouse-Surrogate-Control
X-Cache-Bucket
X-Servername
X-Req
X-Edge-Location
X-Envoy-Decorator-Operation
X-NGENIX-Cache
X-OVcl
X-OVcl-Cache
X-Ms-Version
X-Ms-Request-Id
X-Generation-Time
X-Hash
X-Minions-Version
X-SN
X-Variation
CDN-Uid
CloudFront-Viewer-Country
Fastly-SIE
CDN-RequestId
CDN-RequestCountryCode
CDN-CachedAt
CDN-EdgeStorageId
CDN-PullZone
Fastly-SWR
Is-Eu
We-Hiring
Wxu-Next-Hostname
Wxu-Next-Region
Ufe-Result
Platform
Mail-Subject
NM-Fastcgi-Cache
CDN-Cache
Wxu-Next-Commit
X-Varnish-Ttl
Cache-Status
Fastly-SSL
CACHE
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-LI-UUID
Gh-Request-Id
Fastly-Drupal-HTML
X-Li-Pop
Group
X-Li-Fabric
X-Microcachable
X-Reqid
X-Request-Host
X-Request-Start
X-Skip-Cache
X-Render-Time
X-Proxy-Upstream
Ha-Gx-Prefs
X-Owner
Country-Code
X-Policy
X-Method
L5d-Success-Class
X-CGP
X-Clientip
X-Cms-Context
X-Cache-Tags
X-Cache-NGX
X-Auto-Login
X-Backend-State
X-Bip
X-Core-Mission
X-Core-Value
Upgrade-Insecure-Requests
X-Slack-Backend
L
X-Fastly-Backend
Origin
Rt-Fastcgi-Cache
X-Csrf-Jwt
X-Eu-Site
HA-Ipaddr
X-Platform
X-WADP-Cache
Decoy-Debug-TTL
X-Clara-WADP
Decoy-Debug-Status
Decoy-Debug-Key
X-Webstats-RespID
X-Thanos
X-Fastly-Cache
CacheControlHeader
X-Varnish-Cacheable
X-Fmm-Version
C-Via
X-Micro-Cache
X-TX-ID
Backend
Country
X-Cache-Date
X-Platform-Server
X-Old-Content-Length
X-Gamma-Serve
X-Amz-Meta-Cb-Modifiedtime
X-Generated-On
X-LAGOON
UCS
X-Developers
X-Esi
X-Wikidot-Static-Cache
PFcat
X-Content-Age
Pagetype
X-Wikidot-Backend
X-Has-Esi
Fastly-Backend-Name
X-Cache-Id
X-Cache-URL
Memcached
X-Irp-Debug
X-VarnishDD-TTL
FSS-Proxy
Akamai-GRN
X-Cdn-Srv
AKAMAI
X-HS-Content-Campaign-Id
X-Gzip
X-HN
X-Is-Gdpr
X-JWT-State
X-Esi-Check
X-Level-Front-Cache
X-CS
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Location
X-Agile-Id
X-Agile
X-Agile-Age
X-Aspnet-Duration-Ms
X-DefHash
X-Route-Name
X-Mvc-Supplant-Cachable
X-Geo-Header
X-Providence-Cookie
X-DefElseHash
X-Flags
X-Wa
X-Is-Crawler
X-UPSTREAM-Address
HostName
X-NODE
X-Refresh
X-Aicache-OS
X-LB-ID
X-Branch-Name
X-PF-Uncompressing
X-Instart-Request-ID
X-Cache-Debug
X-Session-Fingerprint
X-RateLimit-Remaining
M-TraceId
X-Via-Poph
X-Via-Popn
X-BC
X-ZONE
X-Cdn-Forward
X-DC
X-Dc
X-Datadome
NGX
X-Debug-Cache-Store
X-LI-Proto
Arc-Country
X-Mvc-Supplant-OutputCached
X-Servedbyhost
X-Ua-Device
X-Debug-Cache-Fetch
X-Edge-Server
X-Ftr-Cache-Host
X-B3-Spanid
Cdn-Request-Time
Cdn-Host
X-Page-View
Viewtype
VivaBuild
X-Zone
X-GEO
X-Bc
X-SERVER
X-Via-Ucdn
Xserver
X-Request-Time
X-Nginx-Cache
X-RunCloud-Cache
Srv
SRV
X-Varnish-Hostname
Hostname
X-Check-Cacheable
Actual-Object-TTL
X-Vgn-Hpd-Ssi
Memory
X-ORACLE-APMCS-REQUEST-ID
X-Action
X-APP
X-HS-Status
X-LiteSpeed-Cache-Control
X-Srv
X-RPS
X-RPM
X-B3-Traceid
X-DW
X-DSS
X-FPC
X-DB
X-DI
WWW-Authenticate
X-VCL-Version
X-NU-AKA-ACS-Version
X-Cs
X-Via-CDN
X-RSL
Geo-Info
X-Unique-ID
X-NGINX-Cache
WebServer
X-Via-Popv
X-Cluster-Node
X-Sql-Duration-Ms
X-Oss-Cdn-Auth
X-MP-GENERATED-AT
X-UnsetCookies
X-Sql-Count
X-Geo
X-Vcache
Geoip-Latitude
X-Akamai-Request-ID2
X-Dynatrace-Js-Agent
GeoIp-Country-Code
X-CF-Powered-By
ProcessTime
GeoIP-Latitude
Edge-Copy-Time
GeoIP-Country-Code
Sid
X-Via-Edge
X-Via-SSL
X-Pinterest-Sli-Response-Type
X-Hit
X-CSRF-TOKEN
SID
User-Agent
X-Pinterest-Sli-Latency-Threshold
X-Pinterest-Sli-Endpoint-Name
On-Server
X-SRV
X-We-Are-Hiring
X-Epic-Correlation-Id
X-SERVER-NAME
Apigw-Requestid
X-Svr
XServer
Amp-Access-Control-Allow-Source-Origin
Processtime
W
X-Www-Served-By
LB
Server-Info
X-Webkit-CSP-Report-Only
X-FORWARDED-FOR
NtCoent-Length
X-Cache-Remote
ServedBy
Cache-Hits
X-S-Maxage
X-HOST
X-Mobile-Rewrite
X-FC-Vary-Parameters
X-Nc
X-Envoy-Upstream-Healthchecked-Cluster
X-Presslabs-Stats
X-Fpc
T-Server
Ohc-File-Size
X-HITS
X-Pass-Why
X-Cache-Hm
X-Vcl-Version
Accept-Language
X-Tb
S-Rt
X-Pjax-Url
X-Cache-Hfrom
X-Fastly-Country-Code
Esi-Enabled
N-Cache
CF-IPCountry
X-MSEdge-Flight
Cdn
X-MSEdge-Features
Origin-Cache-Control
Cteonnt-Length
A
X-Key
Server-Host
Pics-Label
Origin-Edge-Control
X-CACHE-KEY
X-COUNTRY
X-Dispatch
CDN
WZWS-RAY
X-SB
X-VC
X-LLID
Magicmarker
Lb
X-Varnish-Hits
Proxy-Firewall
X-ID
Powered-By
X-Amzn-Remapped-Connection
X-Instart-Info
X-Info
X-Geo-Region
X-Amzn-Remapped-Date
Protected
Ohc-Cache-HIT
HitType
X-ServedByHost
X-StackifyID
X-B3-SpanId
X-Newrelic-App-Data
X-Via-NSCOPI
X-RAMCache
X-Li-Proto
X-Uri
X-Dynatrace
Cache-Key
X-Newrelic-Synthetics
X-Akamai-Pragma-Client-IP
User-Cache-Control
X-Generated
Server-Ttl
X-TT-LOGID
BehaviorPad-Version
X-TH-Server
Fastcgi-Cache-TTL
X-Served-From
X-Cache-Tag
X-App
Cache-Provider
X-Lb-Id
X-Via-PopV
X-Via-PopH
X-Erf-Bev-Bev
X-LiteSpeed-Tag
X-Erf-Bev-Bev-Is-Generated
Ssr
X-Via-PopN
Tracecode
X-TrackingId
X-Cc-Via
Lfy
X-Tt-Logid
X-WA
D-Cc-Upstream
X-Cache-Spec
X-Magnolia-Registration
X-Cc-Req-Id
Odigeo-Trace-Id
X-Provided-By
Xet-Cookie
X-Planisys-CDN-Cache
Section-Io-Id
X-UA-Device-Type
X-Planisys-CDN-Rules
X-Erf-Stays-Bingo-Pdp-Web
X-Agile-Brick-Ok
X-Planisys-CDN-TTL
Section-Io-Origin-Status
DSUID
Section-Io-Origin-Time-Seconds
Dnion-Transfer-Encoding
X-Path-Route
X-Batcache
Section-Origin-Responded
Tcn
Cache-Name
X-Node-Id
X-Gdpr
X-Gen-Mode
X-Generated-In
X-Nginx-Cache-Key
X-Loc
X-Fetched-On
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Matched-Rule
X-Hnp-Log
X-GeoIP-City
X-Contensis-Viewer-Groups
X-API-Version
X-BBC-Edge-Cache-Status
Web-Mar-Node
Vix-Hermes-Req-Id
True-Client-Country-4JS
V-Age
X-BBXSRF
X-Block-Status
X-Developer
X-Device-Os
X-Nyt-Route
X-Cache-Info
X-Cache-ASPX
X-Cache-Expires
X-ElasticPress-Query
X-Request-URI
X-Swa-Ws
X-Thinkindot-L3
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-SIPLIST1
X-SRCache-Key
X-Traceid
X-User
X-VC-Cache
X-VServer
X-Varnish-Url
X-Varnish-Authentication
X-Var-Ttl
X-Sigma-Backend
X-Sigma
X-Parent-Response-Time
X-RateLimit-Limit-Second
X-Origin-TTL
X-Origin-Time
X-Origin-Date
X-Origin-Expires
X-RateLimit-Remaining-Second
Thinkindot-Control
X-Server-IP
X-ServiceProvider
X-SD-PageType
X-Rocket-Build-Number
X-Response-By
X-Origin-CC
Server-Hostname
X-Scheme
X-Men
X-Acc-Rdl
Cache-Host
CDCHOST
Instruction
FNAC-ModuleRouting
X-RateLimit-Limit
X-HostName
Cf-Alt-Svc
X-Yottaa-OS
X-Pf-Uncompressing
Who
Thinkindot-CacheControl-Type
Inserted-Into-Cache-At
IsBot
X-Varnish-Beresp-TTL
Thinkindot-CacheControl
Kp-EeAlive
Server-Ext
SR-User-Adfree
Sever-Int
Server-ID
Release
Pramga
MIME-Version
Path
Locid
X-Selected-Scheme
X-No-Cache
CountryCode
X-Selected-Host-Header
X-Selected-Name
X-Sn-Servicetimems
X-Azure-Ref-OriginShield
X-PJAX-URL
X-Dw-Trace-Id
Mime-Version
Req-Svc-Chain
X-BBC-Origin-Response-Status
X-MiniProfiler-Ids
Vha6-Origin
X-Proxy-Cachei7
X-Trace-Id
Pragrma
Content-Style-Type
X-NodeID
X-Request-URL
X-C
Resin-Trace
Source
X-Cdn-Origin
X-Snapshot-Date
X-Origin-Response-Time
X-Apw-Hits
X-Pad
Content-Script-Type
X-Tid
X-Vgn-Hpd-Reason
X-Apw-Access-Action
X-Apw-Access-Token
X-Apw-Access-Object
PICS-Label