Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
CF-RAY
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-Served-By
X-Xss-Protection
CF-Ray
X-Timer
X-Varnish
Access-Control-Allow-Methods
X-Download-Options
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
P3p
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Upgrade
X-Template
X-Language
Content-Encoding
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Ws-Request-Id
X-Buckets
X-Age
Feature-Policy
X-Backend
X-AH-Environment
X-UA-Device
X-Hacker
X-Robots-Tag
X-Cache-Group
EagleId
X-Server
X-Amz-Request-Id
X-Amz-Id-2
X-Proxy-Cache
X-Turbo-Charged-By
X-Server-Powered-By
Request-Context
Server-Timing
Host-Header
X-Nginx-Cache-Status
Grace
Xkey
X-Page-Speed
Report-To
X-Dns-Prefetch-Control
X-Rq
X-LiteSpeed-Cache
X-Varnish-Cache
X-OneAgent-JS-Injection
X-Pingback
Cf-Bgj
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Amz-Version-Id
X-Vhost
NEL
X-Dispatcher
X-Host
X-Node
X-Backend-Server
X-Device
Surrogate-Control
X-Cache-Lookup
X-Origin-Cache
X-Response-Time
X-Akam-SW-Version
Content-Location
Akamai-Age-Ms
X-Ruxit-JS-Agent
Request-Id
X-Ac
X-ASPNET-VERSION
X-Country
X-Server-Id
X-Mod-Pagespeed
X-HW
Rating
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-Readtime
X-Cloud-Trace-Context
X-ORACLE-DMS-RID
X-Origin-Upstream-Status
X-Application-Context
X-DataDome
Pinterest-Generated-By
Edge-Control
X-Country-Code
Accept-CH
Accept-CH-Lifetime
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Fusion-Deployment-Id
X-TtlSet
X-Vname
X-PC
X-Varnish-TTL
X-Cnection
X-Url
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-Ch
X-ESI
X-D2id
X-GitHub-Request-Id
X-Server-Name
X-MS-InvokeApp
X-Clacks-Overhead
X-Content-Type
Accept-Ch-Lifetime
X-Navigation-Version
X-FTR-Request-ID
Verso
X-Abt-Application-Version
X-Vcap-Request-Id
X-Px
X-Trace
X-Pinterest-Rid
Pinterest-Version
Allow
Display
X-Middleton-Display
X-Middleton-Response
X-Sol
Pagespeed
Response
X-Rack-Cache
X-Cached
X-Server-ID
X-Element-Page-Cache
Service-Worker-Allowed
X-B3-TraceId
X-Fastly-Request-ID
X-DynaTrace
X-Client-IP
X-TTL
X-Cache-TTL
X-Powered-By-Plesk
MS-Author-Via
X-Version
Arr-Disable-Session-Affinity
X-Forwarded-Proto
X-Upstream
X-T
X-NF-Request-ID
X-Debug
Fastly-Restarts
SPRequestGuid
X-SharePointHealthScore
Content-MD5
X-Dw-Request-Base-Id
X-VARITI-CCR
AR-Request-ID
AR-PoweredBy
Ar-Sid
AR-CACHE
AR-ATIME
X-Use-Magma
X-Jurisdiction
X-Kinja-Server
X-Kinja-Build
X-Exp-Variant
X-Exp-Id
X-Kinja-Revision
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja
X-Goog-Hash
Access-Control-Request-Method
X-Powered-CMS
X-Content-Digest
TP-Cache
TP-L2-Cache
X-Release
X-PressLabs-Stats
X-Edge
X-NWS-LOG-UUID
X-MSEdge-Ref
RTSS
X-XRDS-Location
X-Amz-Rid
Public-Key-Pins
SPIisLatency
SPRequestDuration
Cache-Tag
X-Cdn
X-Webkit-CSP
Fastcgi-Cache
X-Ttl
X-Request-Processing-Time
X-Request-Received
S
X-Yandex-Sdch-Disable
TCN
X-Accel-Expires
X-Cache-Hit
X-MCACHE
X-Mid
X-Ezoic-Cdn
ServerID
Server-Node
X-Logged-In
X-FastCGI-Cache
X-Amzn-Trace-Id
X-Cache-Key
X-ECACHE
X-Node-Name
Alternate-Protocol
Front-End-Https
X-Microsite
X-Request-Handler-Origin-Region
X-Recruiting
X-Ser
X-Pinterest-Direct
X-Origin-Server
X-Kinsta-Cache
X-Page-Id
X-Ratelimit-Remaining
X-B
X-Mobile-URL
Realpath
X-Forwarded-For
Host
Accept-Charset
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-DC
X-FTR-Expires
X-FTR-Realm
X-FTR-Backend
X-Country-Code-Real
X-Content-Security-Policy-Report-Only
X-FireWall-Port
X-Ratelimit-Limit
Nginx-Cache
X-Hostname
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Seen-By
MRF-Tech
X-Load-Cache
X-Jobs
X-Id
Filterid
X-Shield-Request-Id
X-Varnish-Age
X-DIS-Request-ID
X-Content-Options
X-AppVersion
X-Az
X-Activity-Id
X-CST
X-Zen-Fury
X-F-Cache
X-Amz-Server-Side-Encryption
Paypal-Debug-Id
X-LB-Cache
X-Type
X-Rid
X-App-Environment
Edge-Cache-Tag
X-Grace
X-Daa-Tunnel
X-Git-Hash
X-N
X-Varnish-Backend
X-Varnish-Grace
X-Request-Guid
X-Hits
X-FB-Debug
X-App-Server
Fastcgi-Useragent
AMP-Access-Control-Allow-Source-Origin
X-Correlation-ID
X-Akamai-Edgescape
X-Proxy
DC
X-WebKit-CSP-Report-Only
X-Hp-Webp
Content-Disposition
X-Endurance-Cache-Level
Cache-Tags
X-Content-Powered-By
X-Cache-Rule
DynaTrace
X-Cache-Operation
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-XRDS-LOCATION
X-TEC-API-ORIGIN
Access-Control-Allow-Method
X-TEC-API-VERSION
X-TEC-API-ROOT
X-VCache
X-Upgrade-Enabled
X-Fastcgi-Cache
X-Geo-Country
X-Amz-Meta-S3cmd-Attrs
X-Wix-Request-Id
MicrosoftSharePointTeamServices
X-Cached-By
Cleartype
Powered
Refresh
X-Mg-S
X-IPLB-Instance
X-User-Agent
X-Accel-Buffering
X-B3-Sampled
X-Response-Served-From
X-Original-Request-Id
X-AOL-HN
MS-CV
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-Goog-Generation
X-HS-Cache-Config
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
NGB
X-Region
X-Signature
X-Tumblr-Pixel-0
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Tumblr-User
Healthy
X-Tumblr-Pixel
X-B-Cache
X-HTML-Minification-Powered-By
Payment
X-Whom
X-Rule
X-Frontend
X-FW-Static
X-Cache-Time
X-FW-Dynamic
X-FW-Serve
X-UUID
X-Tumblr-Pixel-2
X-Distributor
X-FW-Hash
X-FW-Type
X-Tumblr-Pixel-1
X-FW-Server
X-Is-Bot
X-Host-Name
X-Cacheable-TTL
X-Instance
X-Rendered-As
Datacenter
PB-PID
PB-RID
Arc-Version
Countrycode
Surrogate-Key
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Mobile
X-Varnish-Server
X-Debug-Info
X-Ruxit-Js-Agent
X-DynaTrace-JS-Agent
X-App-Version
X-FTR-Cache-Host
X-PHP-Backend
X-Azure-Ref
X-Cache-Age
X-NewRelic-App-Data
X-Backend-Name
X-Via-JSL
X-HP-Webp
Cache
X-Oneagent-Js-Injection
X-Cache-Server
S-Cnection
Powered-By-ChinaCache
X-WA-Info
Webserver
X-Protected-By
Charset
X-Ua
Filters
Retry-After
X-Hyper-Cache
Referer-Policy
X-Cache-Control
From-Origin
X-Time
Liferay-Portal
X-URL
X-RemovedCookies
X-ProcessESI
X-Revision
X-Cache-Action
X-EdgeConnect-Cache-Status
Section-Io-Cache
Viewport
X-Proxy-Cache-Status
X-Amz-Replication-Status
X-Respond-Thread
Eomportal-Instance
X-GeoIP
X-R9-Blue-Green-Version
X-Framework
X-RTag
Meta-Geo
X-RN-RSRV
X-Mode
X-Cache-Var
X-Cache-Var-Map
X-Cache-Expired-At
Ms-Operation-Id
X-Debug-Cache
X-FB-TRIP-ID
X-Source
X-ES-SERVER
X-L-Path
X-Environment-Context
X-Device-Type
X-From
X-Server-W
X-Qloud-Router
Mn-Server-Ip
TWC-Privacy
Property-Id
DB-Nickname
X-Ratelimit-Reset
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-GeoIP-Country
TWC-Device-Class
X-ProxyCache-Status
TWC-Connection-Speed
X-Site-Version
X-LJ-Flow-ID
X-PCL
X-OCL
X-Sucuri-ID
X-Origin-Hint
X-AWS-Id
X-Via-Fastly
X-Locale
Webcakes-App-Name
X-ProxyCache-Key
X-Time-Microsecs
X-VWS-Id
X-BYPASS-REASON
Webcakes-Region
Webcakes-App-Version
X-CSRF-Token
X-Amzn-Remapped-Content-Length
X-Cache-Host
X-FW-Version
Selected-Fe
Cross-Origin-Window-Policy
X-Yottaa-Optimizations
Cache-Tv-Group
X-Handled-By
X-Hl-Ver
X-Timing-Wait
X-Zipkin-Id
X-Status
X-ServerID
X-Proxied
X-Proxy-Build
X-Yottaa-Metrics
X-Routing-Service
X-Real-IP
X-Human
X-Hosted-By
X-Access
X-Section
X-Proto
X-Labrador-Cache-Channel
X-JoinUs
X-Varnish-Cache-Hits
X-NYM-Debug-Backend
Uber-Trace-Id
X-Redis-Cache
X-Be
X-Cluster
X-SaId
X-PHP-Host
X-Format
Server-Name
X-Xfnlog-Site
Ec-Rule-Version
X-TNCMS
X-Acc-Debug-Context
X-TA-CDN-Provider
X-Loop
X-Generated-By
X-BCube-Filmed-By
Frame-Options
X-Detected-As
X-Origin
CF-Cached-On
X-Instart-Request-ID
X-NWS-UUID-VERIFY
X-ATG-Version
X-Cache-TTL-Remaining
X-NCache
X-Tt-Trace-Host
X-Tt-Trace-Tag
Version
X-No-Session
X-EIG-Tracking-Id
X-Contextid
X-Cache-PHP
X-Sucuri-Cache
X-Vgn-Hpd-Variations-Key
X-CACHE-AGE
X-Drupal-Cache-Tags
X-Air-Hostname
X-IPS-LoggedIn
X-Vgn-Hpd-Cached
FSS-Cache
X-Drupal-Cache-Contexts
X-EC-Lua
X-Cache-Enabled
Now
X-Correlation-Id
X-IP
X-Tumblr-Pixel-3
X-Bc-Bl
X-TT
X-UA
X-Akamai-Transformed
GEO-INFO
Time
X-Unique-Id
X-RateLimit-Remaining
X-Cache-Backend
X-Backend-Host
X-Litespeed-Cache
Node
OT-Force-Account-Verify
X-TIME
X-Adobe-Loc
Access-Control-Request-Headers
X-RCS-CacheZone
X-Adobe-Content
X-Cache-NE
Azure-RegionName
Azure-SlotName
X-GoCache-CacheStatus
VIX-Pulpo-Node
X-NGENIX-Cache
Azure-SiteName
Azure-Version
VIX-Pulpo-Upstream-Status
Azure-InstanceId
X-Dc
X-Pubstack
X-CCM
X-Adobe-Source
Meta-Geo-Continent
X-ShardId
X-Sorting-Hat-PodId
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-External-Request-Id
X-A-Ccd
CloudFront-Viewer-Country
X-A
X-A-Dam
X-A-Dcw
X-A-Wwc
X-A-Dgt
DCR-Decision-By
DCR-Processing-Time-Ms
Machine
MD5-Digest
Mobile-Detection-Method
Host-ID
Rendered-Blocks
Fastcgi-X-Cache-Version
Surrogated-Key
X-Accel-Expires-Debug
Apple-News-Services-Request-Url
X-Date
X-D
X-Connection-Hash
X-Destination
X-G
X-Viewer-Country
X-Generation-Time
X-CF-Lambda-Version
X-CF-Lambda-Fn
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Aed
X-Application
X-B-Cookie
X-ARC
X-Varnishpool
X-ShopId
X-Rewrite-Enabled
X-Rojux
X-S
X-ScT
X-Alternate-Cache-Key
X-ApacheServer
X-OVcl-Cache
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Processor
X-Transaction
X-Trv-Group
Xc-Version
X-Worker
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-VG-WebServer
X-VG-WebCache
X-Twitter-Response-Tags
X-Up
X-Vdms-Path
X-Vdms-Version
X-OVcl
X-S-Cookie
X-Forwarded-Host
X-PERF
X-Minions-Version
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Cache-Grace
X-Cdn-Forward
X-Oss-Server-Time
X-APP-VERSION
X-CDN-Forward
Fastly-SSL
SD-X-WS
X-Varnish-Beresp-Ttl
X-Oss-Storage-Class
HostName
X-TX-ID
X-Varnish-Beresp-Grace
X-Storage
X-Soup
X-Varnish-Beresp-Status
X-Agile
X-Agile-Age
X-Agile-Id
X-Thanos
X-Method
Akamai-GRN
AKAMAI
X-Micro-Cache
Decoy-Debug-Status
Decoy-Debug-TTL
X-Owner
X-Clara-WADP
X-Cache-Bucket
X-Cache-2
Decoy-Debug-Key
CacheControlHeader
X-SN
CDN-CachedAt
We-Hiring
X-VG-TLSProxy
Wxu-Next-Commit
X-Level-Front-Cache
NM-Fastcgi-Cache
X-Webstats-RespID
Mail-Subject
X-WADP-Cache
Wxu-Next-Hostname
Wxu-Next-Region
CDN-PullZone
CDN-EdgeStorageId
X-Cms-Context
CDN-RequestCountryCode
CDN-RequestId
X-Hash
CDN-Uid
CDN-Cache
X-Bip
X-Platform
X-Reqid
X-Req
X-CUA
X-Fmm-Version
X-Generated-On
X-Request-UUID
X-Dispatcher-Server
X-Render-Time
X-Edge-Location
X-Envoy-Decorator-Operation
X-Core-Value
X-Cluster-Name
X-Cache-Config
Country-Code
X-AIR-PT
X-Gamma-Serve
Cache-Status
X-Esi-Check
X-Varnish-Ttl
X-Rebelmouse-Surrogate-Control
X-Fastly-Cache
Country
X-Eu-Site
Ufe-Result
L5d-Success-Class
PFcat
Platform
Pagetype
X-Proxy-Upstream
X-Policy
X-HS-Content-Campaign-Id
M-TraceId
Is-Eu
HA-Ipaddr
Fastly-SWR
Fastly-SIE
Fastly-Drupal-HTML
X-Rebelmouse-Cache-Control
Gh-Request-Id
Ha-Gx-Prefs
Group
X-ORACLE-APMCS-REQUEST-ID
X-VarnishDD-TTL
X-Gzip
X-Cache-URL
X-Csrf-Jwt
X-Auto-Login
X-Varnish-Cacheable
X-Cache-Id
X-Skip-Cache
X-Servername
X-HN
X-Cache-NGX
X-Geo-Header
X-CGP
Adler-Geo
X-DPWN-IS-SECURE
X-Core-Mission
X-Developers
X-Location
Backend
X-Variation
X-Microcachable
X-Web-Node
X-Say-Cacheable
X-SayCDN-TTL
X-Say-TTL
X-Wikidot-Backend
X-Backend-TTL
X-Clientip
X-Li-Pop
X-Content-Age
X-Cache-Tags
X-Has-Esi
X-Request-Start
X-JWT-State
X-Irp-Debug
X-Request-Host
X-Fastly-Backend
X-LI-UUID
X-Is-Gdpr
X-Amz-Meta-Cb-Modifiedtime
X-Wikidot-Static-Cache
X-Slack-Backend
X-Li-Fabric
X-Cache-Date
X-Cdn-Srv
X-Old-Content-Length
X-Backend-State
Rt-Fastcgi-Cache
UCS
C-Via
Actual-Object-TTL
Fastly-Backend-Name
X-VHOST
Memcached
X-NC
X-Refresh
X-Esi
X-PF-Uncompressing
X-Mvc-Supplant-Cachable
Origin
Arc-Country
L
X-CS
X-B3-Spanid
Nel
Srv
X-Aicache-OS
Viewtype
X-ZONE
VivaBuild
X-BC
X-Ms-Version
NGX
X-Ms-Request-Id
X-NODE
Geo-Info
X-Via-Ucdn
X-LB-ID
X-Wa
X-RunCloud-Cache
X-Unique-ID
FSS-Proxy
X-Via-Popn
X-Via-Poph
X-LAGOON
X-Srv
X-Platform-Server
X-B3-Traceid
Upgrade-Insecure-Requests
X-Varnish-CookieINHashed-On
X-Vgn-Hpd-Ssi
X-Mvc-Supplant-OutputCached
X-LI-Proto
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-DefHash
X-Mobile-Rewrite
X-DefElseHash
X-Edge-Server
Sid
Cdn-Request-Time
Memory
X-Servedbyhost
X-Branch-Name
Cdn-Host
X-UPSTREAM-Address
X-SERVER
X-Geo
Server-Info
X-Cluster-Node
X-LiteSpeed-Cache-Control
X-Zone
X-Session-Fingerprint
X-Bc
X-Cache-Debug
X-FC-Vary-Parameters
X-Epic-Correlation-Id
X-NGINX-Cache
X-FPC
X-Request-Time
X-Akamai-Request-ID2
X-Hit
X-Cs
X-Nc
X-Via-Popv
Apigw-Requestid
X-Debug-Cache-Store
X-Varnish-Hostname
X-CF-Powered-By
X-Action
X-Debug-Cache-Fetch
X-APP
Xserver
CACHE
X-DW
WWW-Authenticate
GeoIp-Country-Code
Geoip-Latitude
X-DB
X-DI
X-RPS
X-MP-GENERATED-AT
X-DSS
X-RSL
X-RPM
X-CSRF-TOKEN
X-Nginx-Cache
X-ECache
X-Route-Name
X-Oss-Cdn-Auth
X-Is-Crawler
X-Flags
X-HS-Status
X-Providence-Cookie
X-Vcl-Version
X-Aspnet-Duration-Ms
X-GEO
XServer
Hostname
X-Vcache
Origin-Cache-Control
Processtime
Origin-Edge-Control
NtCoent-Length
CF-IPCountry
User-Agent
X-Tb
Accept-Language
X-VCL-Version
X-Dispatch
X-Check-Cacheable
X-DC
X-SERVER-NAME
X-Key
X-FORWARDED-FOR
X-Page-View
GeoIP-Country-Code
GeoIP-Latitude
X-UnsetCookies
X-Ftr-Cache-Host
X-NU-AKA-ACS-Version
X-Dynatrace-Js-Agent
X-Via-CDN
ProcessTime
X-Dynatrace
X-App
HitType
X-HOST
X-Pass-Why
Esi-Enabled
X-Envoy-Upstream-Healthchecked-Cluster
X-Fastly-Country-Code
SRV
X-Path-Route
X-Webkit-CSP-Report-Only
X-HITS
X-Generated
X-Via-Edge
X-Via-SSL
X-RAMCache
Fastcgi-Cache-TTL
X-Www-Served-By
X-Fpc
Proxy-Firewall
X-Svr
Edge-Copy-Time
BehaviorPad-Version
X-Cache-Hfrom
W
X-Cache-Hm
SID
Cdn
On-Server
CDN
Lb
A
Cteonnt-Length
Cache-Hits
X-TrackingId
X-Sql-Count
X-Sql-Duration-Ms
X-We-Are-Hiring
Tcn
Ohc-File-Size
X-HostName
S-Rt
ServedBy
Xet-Cookie
X-COUNTRY
X-CACHE-KEY
X-Newrelic-Synthetics
Amp-Access-Control-Allow-Source-Origin
X-Geo-Region
X-Oracle-Dms-Rid
WebServer
LB
X-Newrelic-App-Data
X-ServedByHost
X-MSEdge-Features
X-RateLimit-Limit
X-Amzn-Remapped-Date
X-Origin-Response-Time
X-Instart-Info
X-MSEdge-Flight
X-Amzn-Remapped-Connection
T-Server
N-Cache
X-Cache-Remote
Powered-By
X-Pjax-Url
Content-Script-Type
Content-Style-Type
Server-Host
X-S-Maxage
X-Li-Proto
X-SRV
Odigeo-Trace-Id
X-LiteSpeed-Tag
X-Datadome
User-Cache-Control
X-Region-Sid
X-Lb-Id
Ohc-Cache-HIT
Magicmarker
WZWS-RAY
Cache-Key
Pics-Label
X-Batcache
X-Served-From
X-TH-Server
X-Via-PopN
X-Via-PopH
X-Akamai-Pragma-Client-IP
X-TT-LOGID
X-Erf-Bev-Bev-Is-Generated
Load-Balancing
X-Erf-Bev-Bev
Dnion-Transfer-Encoding
X-Via-NSCOPI
X-SB
X-WA
Cache-Provider
X-Via-PopV
X-VC
X-StackifyID
X-Presslabs-Stats
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-B3-SpanId
X-Planisys-CDN-Cache
Cf-Alt-Svc
X-Info
X-Tt-Logid
Section-Origin-Responded
X-Origin-TTL
Section-Io-Id
DSUID
X-Varnish-Hits
X-Origin-CC
AsisCache
Section-Io-Origin-Status
X-UA-Device-Type
X-BACKEND-TTL
Source
X-Agile-Brick-Ok
Section-Io-Origin-Time-Seconds
X-Parent-Response-Time
GEO-REGION-INFO
X-SRCache-Key
X-Developer
Cache-Name
X-DevSite-Last-Modified
X-Magnolia-Registration
X-ID
X-Cache-Tag
X-Vgn-Hpd-Reason
X-ElasticPress-Query
Proxy-Connection
X-Cdn-Request-ID
X-Generated-In
X-Gen-Mode
X-Fetched-On
Release
X-Cdn-Origin
X-Device-Os
Pramga
X-Pf-Uncompressing
X-Contensis-Viewer-Groups
X-Compress-Hint
Server-Hostname
Server-Ttl
Thinkindot-CacheControl
V-Age
Vix-Hermes-Req-Id
FNAC-ModuleRouting
Tracecode
Thinkindot-CacheControl-Type
X-PJAX-URL
Thinkindot-Control
Warning
Web-Mar-Node
Sever-Int
X-Cache-ASPX
X-Cache-Info
X-Block-Status
X-BBXSRF
CDCHOST
X-Akamai-Request-ID
X-Azure-Ref-OriginShield
Server-Ext
X-Logging-Id
X-Varnish-URL
X-GeoIP-City
MIME-Version
Locid
X-Trace-Id
X-Request-URI
X-Thinkindot-L3
X-Yottaa-OS
X-Tid
X-SVT-ORM-RULES
X-SIPLIST1
X-ServiceProvider
X-Var-Ttl
X-Pad
X-Varnish-Authentication
X-SVT-ORM-VERSION
X-RateLimit-Remaining-Second
X-Matched-Rule
X-Nananana
X-Nginx-Cache-Key
IsBot
Who
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hnp-Log
Kp-EeAlive
X-NodeID
Inserted-Into-Cache-At
X-RateLimit-Limit-Second
Path
X-Origin-Expires
X-Swa-Ws
X-Origin-Date
X-Sn-Servicetimems
X-Selected-Host-Header
CountryCode
X-Selected-Name
X-Selected-Scheme
Protected
X-Uri
X-Request-URL
Lfy
PICS-Label
Resin-Trace
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Hits
X-Apw-Access-Token
X-Varnish-Beresp-TTL
Vha6-Origin
Cneonction
X-SD-PageType
X-Scheme
X-Response-By
X-Fastly-Cache-Hits
X-Akamai-ERRuleID
X-VC-Cache
X-User
X-Loc
X-Akamai-ERPolicy
X-Origin-Upstream
X-Node-Id
X-MiniProfiler-Ids
Mime-Version
X-C
D-Cc-Upstream
X-Cc-Req-Id
X-Cc-Via
X-Proxy-Cachei7
X-VServer
X-Dw-Trace-Id
Pragrma