Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
CF-RAY
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-UA-Compatible
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-Served-By
X-Xss-Protection
CF-Ray
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
P3p
X-AspNetMvc-Version
Status
Content-Encoding
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Backend
X-Cache-Group
X-Server
X-Hacker
X-Amz-Request-Id
X-Robots-Tag
X-Amz-Id-2
X-UA-Device
X-AH-Environment
EagleId
Request-Context
X-Proxy-Cache
X-Template
X-Turbo-Charged-By
X-Language
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Grace
Host-Header
X-Dns-Prefetch-Control
Report-To
X-Rq
Xkey
X-Page-Speed
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Ua-Compatible
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-Buckets
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-Vhost
X-Host
X-WebKit-CSP
X-Backend-Server
NEL
X-Dispatcher
X-Device
X-Server-Id
Surrogate-Control
X-Node
X-Ruxit-JS-Agent
Request-Id
Content-Location
Accept-CH-Lifetime
X-Response-Time
Accept-CH
EagleEye-TraceId
X-Cache-Lookup
X-Akam-SW-Version
X-Origin-Cache
X-Ac
Allow
X-Readtime
Rating
X-HW
X-Mod-Pagespeed
X-Country
X-Cloud-Trace-Context
X-Application-Context
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
Edge-Control
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Vname
X-TtlSet
X-PC
X-MS-InvokeApp
X-Cnection
X-Country-Code
X-DataDome
X-Varnish-TTL
X-CST
X-GitHub-Request-Id
X-Content-Type
X-D2id
X-Clacks-Overhead
X-ASPNET-VERSION
X-Origin-Upstream-Status
X-Trace
X-Sol
Display
Response
X-Middleton-Display
X-Middleton-Response
Pagespeed
Pinterest-Version
X-Pinterest-Rid
X-Server-Name
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
MS-Author-Via
X-Vcap-Request-Id
X-Abt-Application-Version
X-Webkit-CSP
X-FastCGI-Cache
X-Px
X-Navigation-Version
X-Rack-Cache
X-Url
Service-Worker-Allowed
Verso
X-TTL
X-B3-TraceId
X-ESI
X-DynaTrace
X-Fastly-Request-ID
Arr-Disable-Session-Affinity
X-Client-IP
X-Cached
X-Element-Page-Cache
X-Cache-TTL
X-FTR-Request-ID
Cf-Bgj
X-Dw-Request-Base-Id
X-SharePointHealthScore
X-VARITI-CCR
SPRequestGuid
X-Powered-By-Plesk
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Kinja-Server
X-Use-Magma
X-Kinja
X-Kinja-Revision
X-Kinja-Build
X-Cdn-Fetch
X-Goog-Hash
X-Upstream
X-NF-Request-ID
Fastly-Restarts
AR-Request-ID
AR-ATIME
AR-PoweredBy
AR-CACHE
Ar-Sid
X-Debug
Content-MD5
X-MSEdge-Ref
X-Forwarded-Proto
X-Pinterest-Direct
X-Version
SPIisLatency
X-Powered-CMS
SPRequestDuration
X-XRDS-Location
Access-Control-Request-Method
X-T
X-Release
X-Jurisdiction
X-Amz-Rid
S
X-Content-Digest
X-Edge
TCN
RTSS
TP-L2-Cache
TP-Cache
Cache-Tag
Public-Key-Pins
X-Ezoic-Cdn
Accept-Ch
X-Litespeed-Cache
X-Cache-Key
Front-End-Https
X-Mid
X-MCACHE
X-Yandex-Sdch-Disable
X-Node-Name
Server-Node
X-Request-Received
X-Request-Processing-Time
X-Ttl
Fastcgi-Cache
X-Mg-S
X-Amz-Server-Side-Encryption
X-Recruiting
X-Amzn-Trace-Id
X-Accel-Expires
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ser
X-PressLabs-Stats
X-Kinsta-Cache
X-HP-Webp
X-Server-ID
X-NWS-LOG-UUID
X-Grace
X-Request-Handler-Origin-Region
X-Microsite
X-Origin-Server
Accept-Charset
X-Logged-In
X-Varnish-Age
ServerID
X-DIS-Request-ID
X-Ratelimit-Remaining
MicrosoftSharePointTeamServices
X-Page-Id
X-Cache-Hit
Host
X-Shield-Request-Id
X-ECACHE
Nginx-Cache
Edge-Cache-Tag
X-Content-Security-Policy-Report-Only
X-B
X-Hits
X-Hostname
X-Mobile-URL
X-F-Cache
Cache-Tags
Powered-By-ChinaCache
X-LB-Cache
Realpath
X-Az
X-AppVersion
X-Activity-Id
Cleartype
X-Git-Hash
X-Forwarded-For
X-N
Alternate-Protocol
X-Ratelimit-Limit
X-Content-Options
X-Cached-By
Accept-Ch-Lifetime
X-Cache-Age
X-Type
DynaTrace
X-Upgrade-Enabled
X-Varnish-Backend
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-App-Environment
X-Rid
X-Jobs
X-Respond-Thread
Paypal-Debug-Id
X-Load-Cache
X-Request-Guid
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Balancer
X-Country-Code-Real
X-Amz-Meta-S3cmd-Attrs
X-FTR-Backend-Server
X-Seen-By
X-FTR-Expires
Fastcgi-Useragent
Access-Control-Allow-Method
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Correlation-ID
X-Proxy
X-FireWall-Port
X-Zen-Fury
X-Akamai-Edgescape
X-HS-Hub-Id
X-HS-Cache-Config
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-HS-Content-Id
X-Goog-Metageneration
X-WebKit-CSP-Report-Only
X-URL
X-HS-Combine-CSS
X-FB-Debug
Filterid
X-B3-Sampled
Charset
X-Varnish-Grace
X-Daa-Tunnel
X-IPLB-Instance
X-B-Cache
X-VCache
X-Signature
Filters
DC
X-Mobile
X-AOL-HN
X-Debug-Info
Healthy
MS-CV
X-Host-Name
X-Region
X-Whom
X-App-Server
AMP-Access-Control-Allow-Source-Origin
X-User-Agent
X-Frontend
X-Cache-Operation
Viewport
X-Geo-Country
X-Cache-Rule
Payment
X-Accel-Buffering
X-Response-Served-From
X-Original-Request-Id
Liferay-Portal
X-HTML-Minification-Powered-By
X-Instance
X-UUID
X-Distributor
X-FW-Dynamic
X-FW-Type
X-Cache-Time
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Rule
X-Content-Powered-By
X-Cacheable-TTL
X-Tumblr-Pixel-0
X-Tumblr-Pixel-2
X-FW-Server
X-Tumblr-User
X-FW-Static
X-Acc-Debug-Context
X-FW-Hash
Surrogate-Key
X-FW-Serve
X-Protected-By
Refresh
X-Id
X-Amz-Replication-Status
X-Via-JSL
S-Cnection
X-Is-Bot
X-Rendered-As
X-Wix-Request-Id
Content-Disposition
Section-Io-Cache
X-Cache-Expired-At
X-Hyper-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Backend-Name
Version
GEO-INFO
X-Cache-Action
X-Sucuri-ID
X-Endurance-Cache-Level
Datacenter
Nel
X-Ua
X-XRDS-LOCATION
PB-PID
PB-RID
X-App-Version
Server-Name
Arc-Version
X-Cache-Server
Retry-After
X-Ah-Environment
X-Tec-Api-Version
X-Air-Hostname
X-Tec-Api-Root
X-Tec-Api-Origin
CACHE
X-Pinterest-Sli-Endpoint-Name
X-Oneagent-Js-Injection
X-Source
X-Pinterest-Sli-Response-Type
X-Pinterest-Sli-Latency-Threshold
Akamai-Age-Ms
X-Real-IP
X-EdgeConnect-Cache-Status
Eomportal-Instance
Referer-Policy
X-Varnish-Server
X-L-Path
X-Environment-Context
X-ProcessESI
X-Framework
X-RemovedCookies
Frame-Options
X-Yottaa-Metrics
X-Yottaa-Optimizations
NGB
X-Revision
X-Sucuri-Cache
X-RTag
Ms-Operation-Id
X-Drupal-Cache-Contexts
X-Unique-Id
Countrycode
X-Cache-Control
X-WA-Info
X-Azure-Ref
X-Cache-Var-Map
Webserver
Meta-Geo
X-RN-RSRV
X-Drupal-Cache-Tags
X-ES-SERVER
X-Cache-Var
X-Esi
X-Proxy-Cache-Status
X-Mode
X-GeoIP
X-Cache-Host
X-ProxyCache-Key
X-ProxyCache-Status
X-Qloud-Router
X-R9-Blue-Green-Version
X-Xfnlog-Site
X-DynaTrace-JS-Agent
Cache-Tv-Group
DB-Nickname
X-Time-Microsecs
X-BYPASS-REASON
X-Cache-TTL-Remaining
Property-Id
X-Server-W
Webcakes-App-Name
X-Handled-By
X-Hl-Ver
X-PHP-Host
X-Hosted-By
X-FW-Version
X-Status
X-Cluster
X-VWS-Id
X-TNCMS
X-AWS-Id
Webcakes-Region
X-Amzn-Remapped-Content-Length
X-Labrador-Cache-Channel
X-LJ-Flow-ID
X-OCL
X-NYM-Debug-Backend
TWC-Connection-Speed
X-Origin-Hint
Ec-Rule-Version
Mn-Server-Ip
X-PCL
TWC-Device-Class
TWC-Locale-Group
TWC-Privacy
X-Loop
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Cross-Origin-Window-Policy
Webcakes-App-Version
X-NewRelic-App-Data
X-Contextid
X-Format
X-From
X-Locale
X-No-Session
X-Timing-Wait
X-FB-TRIP-ID
X-Detected-As
Selected-Fe
X-Access
X-Be
X-Zipkin-Id
X-Via-Fastly
X-ServerID
X-Human
X-Proxy-Build
X-Section
X-Redis-Cache
X-Routing-Service
X-Proto
X-Proxied
X-Site-Version
X-CDN-Forward
Uber-Trace-Id
X-TIME
X-Adobe-Loc
X-Cache-PHP
X-Adobe-Content
X-Debug-Cache
X-PHP-Backend
X-Route-Name
X-Device-Type
X-Providence-Cookie
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Flags
X-ATG-Version
FSS-Cache
X-AIR-PT
X-Ratelimit-Reset
X-TT
X-BCube-Filmed-By
X-Correlation-Id
X-Generated-By
X-Tt-Trace-Host
X-Tt-Trace-Tag
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-NC
X-Varnish-Cache-Hits
X-Cache-Spec
Upgrade-Insecure-Requests
Azure-SiteName
Azure-Version
Azure-RegionName
Azure-InstanceId
Azure-SlotName
X-CSRF-Token
From-Origin
OT-Force-Account-Verify
Cache
Access-Control-Request-Headers
X-LLID
X-Oss-Server-Time
X-Origin
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Storage-Class
Powered
X-NCache
X-GoCache-CacheStatus
X-Akamai-Transformed
X-Time
CF-Cached-On
X-JoinUs
X-SaId
SD-X-WS
X-COUNTRY
X-Cache-2
X-CCM
X-Adobe-Source
X-UPSTREAM-Address
X-Alternate-Cache-Key
X-LAGOON
Cache-Status
X-ShardId
X-Varnishpool
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-Sorting-Hat-PodId
X-ShopId
X-Cache-Grace
X-Forwarded-Host
X-Pubstack
X-PERF
X-ApacheServer
X-B3-Traceid
Country
X-Soup
X-Backend-Host
X-Fastcgi-Cache
X-G
X-Web-Node
X-Cluster-Name
X-Storage
Decoy-Debug-Key
X-Page-View
X-Backend-TTL
Fastly-SSL
Decoy-Debug-Status
Decoy-Debug-TTL
Node
X-FTR-Cache-Host
X-ID
X-SayCDN-TTL
X-APP-VERSION
X-Say-Cacheable
X-IP
X-Say-TTL
X-Cache-Enabled
X-NWS-UUID-VERIFY
X-ECache
SRV
X-TA-CDN-Provider
X-Viewer-Country
X-Ruxit-Js-Agent
X-IPS-LoggedIn
X-Tumblr-Pixel-3
X-Connection-Hash
X-D
X-PBS-Appsvrname
X-Varnish-Beresp-Grace
X-External-Request-Id
X-Destination
X-Varnish-Beresp-Status
X-PAYTM-SRV-ID
X-Varnish-Beresp-Ttl
Apple-News-Services-Request-Url
Machine
Host-ID
X-Aed
MD5-Digest
X-Vdms-Version
X-Vdms-Path
X-Application
X-Trv-Group
X-CF-Lambda-Version
X-S-Cookie
X-B-Cookie
Fastcgi-X-Cache-Version
X-ARC
X-A-Wwc
X-A-Dgt
X-A-Ccd
X-A-Dam
X-Worker
Xc-Version
Rendered-Blocks
X-A
X-A-Dcw
Mobile-Detection-Method
X-VG-WebServer
X-VG-WebCache
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Meta-Geo-Continent
X-S
X-ScT
Apple-News-Services-Parsed-Url
DCR-Decision-By
X-Processor
X-RCS-CacheZone
X-Cache-NE
Apple-News-Services-Host
Apple-News-Services-Handled
X-CF-Lambda-Fn
X-Rojux
X-Rewrite-Enabled
X-Request-UUID
DCR-Processing-Time-Ms
X-Cache-Config
X-EC-Lua
X-TX-ID
X-Cdn
CloudFront-Viewer-Country
Gh-Request-Id
X-Clara-WADP
CDN-Uid
Platform
X-Auto-Login
X-DefElseHash
Fastly-SIE
Adler-Geo
Fastly-SWR
CDN-RequestId
Is-Eu
X-Cache-Debug
X-CUA
X-DefHash
CDN-RequestCountryCode
CDN-PullZone
X-Cms-Context
CDN-Cache
CDN-CachedAt
CDN-EdgeStorageId
X-Core-Value
X-Ms-Version
X-Varnish-CookieHashed-On
X-GEO
X-Micro-Cache
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Via-CDN
X-VG-TLSProxy
X-Microcachable
X-Ms-Request-Id
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Platform-Server
X-Cache-Backend
X-Servername
X-Bc-Bl
X-WADP-Cache
X-Variation
X-Envoy-Decorator-Operation
X-Fmm-Version
X-Fastly-Cache
X-Generation-Time
X-Session-Fingerprint
X-DPWN-IS-SECURE
Backend
X-Cache-Bucket
X-Cache-Date
X-Branch-Name
X-Request-Start
X-Bip
C-Via
X-Dispatcher-Server
X-CS
X-Backend-State
Rt-Fastcgi-Cache
Wxu-Next-Commit
X-Cache-Id
Fastly-Backend-Name
PFcat
X-Varnish-Cacheable
L
X-Webstats-RespID
Origin
X-VarnishDD-TTL
X-Cache-NGX
X-Thanos
NM-Fastcgi-Cache
X-Skip-Cache
Fastly-Drupal-HTML
Wxu-Next-Region
X-SN
X-Slack-Backend
Wxu-Next-Hostname
CacheControlHeader
X-Core-Mission
X-Hash
X-HN
X-Has-Esi
X-Gzip
X-Li-Fabric
X-OVcl
X-HS-Content-Campaign-Id
X-Method
X-Level-Front-Cache
X-Li-Pop
X-JWT-State
X-LI-UUID
X-Location
X-Is-Gdpr
X-Geo-Header
X-OVcl-Cache
X-Clientip
AKAMAI
X-Gamma-Serve
X-Fastly-Backend
Akamai-GRN
X-Platform
X-Esi-Check
X-Owner
X-Policy
X-Developers
X-Generated-On
X-UA
X-B3-Spanid
L5d-Success-Class
X-Irp-Debug
X-Wikidot-Backend
Pagetype
X-Wikidot-Static-Cache
X-Eu-Site
X-Twitter-Response-Tags
X-Reqid
X-Request-Host
X-Content-Age
X-CGP
X-Varnish-Ttl
X-Cache-Tags
X-EIG-Tracking-Id
X-Render-Time
X-Mvc-Supplant-Cachable
X-Old-Content-Length
Ha-Gx-Prefs
HA-Ipaddr
X-Csrf-Jwt
X-Transaction
X-Hp-Webp
X-DC
X-PF-Uncompressing
X-Refresh
X-Wa
X-Minions-Version
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
UCS
X-Amz-Meta-Cb-Modifiedtime
X-Aicache-OS
X-Cache-Remote
FSS-Proxy
Country-Code
X-Ftr-Cache-Host
X-Sql-Duration-Ms
X-Sql-Count
Surrogated-Key
X-Via-Popn
X-Date
X-Accel-Expires-Debug
X-Via-Poph
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Variations-Key
X-NODE
X-NGENIX-Cache
X-LB-ID
X-Req
NGX
X-Up
X-Edge-Location
X-Nginx-Cache
Hostname
X-Cdn-Srv
X-LI-Proto
X-Cache-URL
XServer
X-Www-Served-By
X-Presslabs-Stats
X-RateLimit-Remaining
Ufe-Result
Time
We-Hiring
X-Servedbyhost
X-Mvc-Supplant-OutputCached
Group
Mail-Subject
X-NU-AKA-ACS-Version
Memcached
X-Dc
X-Debug-Cache-Fetch
X-Proxy-Upstream
X-Debug-Cache-Store
Now
Cache-Hits
X-S-Maxage
HostName
X-SRV
X-Check-Cacheable
Protected
X-Varnish-Hostname
X-Via-SSL
X-FPC
Edge-Copy-Time
X-BC
X-ZONE
X-FORWARDED-FOR
X-Via-Edge
X-Ua-Device
X-CACHE-AGE
X-Request-Time
ServedBy
X-Agile-Id
X-Agile
X-Svr
On-Server
X-Agile-Age
Geoip-Latitude
X-CSRF-TOKEN
GeoIp-Country-Code
X-LiteSpeed-Cache-Control
X-Pass-Why
X-Cluster-Node
X-Acc-Rdl
X-VCL-Version
X-Cdn-Forward
M-TraceId
T-Server
SID
Xserver
X-MP-GENERATED-AT
X-Via-Popv
X-Srv
X-UnsetCookies
ProcessTime
X-HS-Status
N-Cache
Server-Host
X-Datadome
X-Cs
NtCoent-Length
X-CF-Powered-By
X-APP
Pics-Label
X-Uri
Arc-Country
Ohc-File-Size
X-Bc
X-NGINX-Cache
X-Zone
X-Dynatrace-Js-Agent
WZWS-RAY
X-Varnish-Hits
Section-Io-Id
VivaBuild
Apigw-Requestid
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-Edge-Server
X-Erf-Stays-Bingo-Pdp-Web
Section-Origin-Responded
Cdn-Host
Magicmarker
X-VC
X-SB
Viewtype
Cdn-Request-Time
X-RunCloud-Cache
X-We-Are-Hiring
X-Info
Memory
X-Action
X-Via-Ucdn
Srv
DSUID
X-TT-LOGID
User-Agent
Ohc-Cache-HIT
X-DI
Server-Info
X-DB
X-UA-Device-Type
WWW-Authenticate
X-RPM
X-RSL
X-RPS
W
Sid
X-Oss-Cdn-Auth
WebServer
Cache-Name
Processtime
X-DSS
X-DW
X-MSEdge-Features
X-MSEdge-Flight
X-Webkit-CSP-Report-Only
LB
Odigeo-Trace-Id
Cteonnt-Length
X-Vgn-Hpd-Ssi
CF-IPCountry
X-Unique-ID
User-Cache-Control
X-Tb
Tracecode
X-Origin-Date
S-Rt
X-HOST
X-Newrelic-App-Data
CountryCode
X-SERVER-NAME
CDN
X-Vcl-Version
Ssr
X-Geo
X-Hit
X-HITS
Lfy
Amp-Access-Control-Allow-Source-Origin
X-Cache-Hfrom
X-Magnolia-Registration
Geo-Info
GeoIP-Country-Code
X-Pjax-Url
GeoIP-Latitude
X-Cache-Hm
X-Nginx-Cache-Key
X-Matched-Rule
X-Varnish-Authentication
X-Varnish-Url
X-Loc
X-Goog-Meta-Goog-Reserved-File-Mtime
X-User
Instruction
True-Client-Country-4JS
V-Age
Thinkindot-Control
Thinkindot-CacheControl-Type
SR-User-Adfree
Thinkindot-CacheControl
Vix-Hermes-Req-Id
X-API-Version
X-Contensis-Viewer-Groups
X-Developer
X-Cache-Info
X-Cache-Expires
X-BBC-Edge-Cache-Status
X-Cache-ASPX
Sever-Int
Server-ID
X-Scheme
X-SVT-ORM-RULES
X-Cc-Via
X-Cc-Req-Id
X-SVT-ORM-VERSION
D-Cc-Upstream
CDCHOST
IsBot
Server-Ext
Server-Hostname
X-SRCache-Key
Path
Locid
MIME-Version
X-Thinkindot-L3
X-Nyt-Route
X-Server-IP
X-Newrelic-Synthetics
X-Gdpr
X-SD-PageType
X-Origin-TTL
X-Akamai-Request-ID2
X-Origin-Time
X-Origin-Expires
X-Origin-CC
X-Fastly-Country-Code
X-Request-URI
X-SIPLIST1
X-FC-Vary-Parameters
X-Node-Id
A
X-Response-By
X-VServer
X-CACHE-KEY
X-Nc
X-Swa-Ws
Release
Web-Mar-Node
X-Azure-Ref-OriginShield
X-Traceid
X-Trace-Id
X-Generated-In
X-Sn-Servicetimems
X-Epic-Correlation-Id
X-Block-Status
X-GeoIP-City
X-Envoy-Upstream-Healthchecked-Cluster
X-BBXSRF
Pramga
Cache-Host
X-Cdn-Origin
X-Gen-Mode
X-Hnp-Log
Lb
X-Var-Ttl
X-Fetched-On
X-Device-Os
X-NodeID
Cdn
X-Fpc
X-Provided-By
Accept-Language
X-Via-NSCOPI
X-ORACLE-APMCS-REQUEST-ID
Actual-Object-TTL
X-Cache-Tag
X-ServedByHost
X-Li-Proto
X-StackifyID
FNAC-ModuleRouting
Cf-Device-Type
X-Instart-Request-ID
X-Amzn-Remapped-Connection
Esi-Enabled
Source
X-Men
X-Amzn-Remapped-Date
X-Lb-Id
X-Dynatrace
X-Vcache
X-Rocket-Build-Number
X-Key
Kp-EeAlive
X-Sigma-Backend
X-TH-Server
X-Akamai-Pragma-Client-IP
Cache-Key
X-Sigma
X-Served-From
Server-Ttl
X-Origin-Response-Time
X-B3-SpanId
X-Mobile-Rewrite
Expiry
Cache-Provider
Content-Script-Type
X-Via-PopH
X-Via-PopN
X-Via-PopV
Content-Style-Type
X-Request-URL
X-Parent-Response-Time
X-No-Cache
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-ServiceProvider
Inserted-Into-Cache-At
X-ElasticPress-Query
X-Batcache
X-Instart-Info
Location
Url
X-Agile-Brick-Ok
X-Geo-Region
X-Dispatch
X-MiniProfiler-Ids
Req-Svc-Chain
X-WA
X-Vgn-Hpd-Reason
X-Tt-Logid
Proxy-Firewall
X-VC-Cache
X-Yottaa-OS
Origin-Cache-Control
Origin-Edge-Control
Tcn
X-Akamai-Request-ID
Xkeyi7
URI
X-Proxy-Cachei7
X-B3-Parentspanid
X-BBC-Origin-Response-Status
Content-Secure-Policy
EpKe-Alive
X-PJAX-URL
HitType
Powered-By
X-RateLimit-Limit
Cf-Alt-Svc
X-RAMCache
Who
X-HostName
X-Apw-Hits
X-Varnish-Beresp-TTL
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Access-Action
X-Selected-Name
X-Selected-Scheme
X-Selected-Host-Header
X-BACKEND-TTL
X-Pf-Uncompressing
X-Snapshot-Date
X-LiteSpeed-Tag
BehaviorPad-Version
Vha6-Origin
Cf-Ipcountry
X-TraceId
Dnion-Transfer-Encoding
X-C
Pragrma
Xet-Cookie
Mime-Version
X-Dw-Trace-Id
PICS-Label
Fastcgi-Cache-TTL
Resin-Trace
NnCoection