Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
CF-Ray
X-Xss-Protection
Alt-Svc
X-Served-By
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
P3p
X-Cacheable
X-Request-ID
X-Kinja-Server-Push
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
Upgrade
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Template
X-Language
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Backend
X-Dns-Prefetch-Control
X-Hacker
X-Cache-Group
X-AH-Environment
X-Server
X-Robots-Tag
X-Amz-Request-Id
X-UA-Device
EagleId
X-Amz-Id-2
X-Proxy-Cache
X-Buckets
X-Turbo-Charged-By
Request-Context
X-Server-Powered-By
Server-Timing
Host-Header
X-Nginx-Cache-Status
Grace
Report-To
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Cf-Bgj
Ali-Swift-Global-Savetime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Vhost
X-Amz-Version-Id
X-Host
X-WebKit-CSP
X-Dispatcher
X-Device
X-Backend-Server
X-Node
NEL
Surrogate-Control
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Response-Time
Content-Location
X-Origin-Cache
Request-Id
X-Server-Id
X-Akam-SW-Version
X-ASPNET-VERSION
X-Ac
Accept-CH-Lifetime
X-Country
EagleEye-TraceId
Accept-CH
X-HW
X-Mod-Pagespeed
Rating
X-Readtime
X-ORACLE-DMS-ECID
X-Cloud-Trace-Context
X-Application-Context
Pinterest-Generated-By
X-ORACLE-DMS-RID
Edge-Control
X-Country-Code
X-DataDome
X-Url
X-TtlSet
X-Vname
X-PC
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Origin-Upstream-Status
X-Cnection
X-Varnish-TTL
Allow
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Content-Id
X-MS-InvokeApp
X-D2id
X-GitHub-Request-Id
X-Content-Type
X-ESI
X-Clacks-Overhead
X-Server-Name
X-Trace
X-Abt-Application-Version
X-Pinterest-Rid
Pinterest-Version
X-Navigation-Version
X-FTR-Request-ID
Display
Pagespeed
X-Middleton-Response
X-Sol
X-Middleton-Display
Response
X-Vcap-Request-Id
X-B3-TraceId
X-Px
Verso
X-Cached
X-Rack-Cache
X-Webkit-CSP
X-Element-Page-Cache
X-Fastly-Request-ID
Service-Worker-Allowed
X-DynaTrace
MS-Author-Via
X-Client-IP
X-Cache-TTL
Arr-Disable-Session-Affinity
X-Powered-By-Plesk
X-Dw-Request-Base-Id
Content-MD5
X-Upstream
X-Version
AR-Request-ID
AR-PoweredBy
AR-ATIME
X-Forwarded-Proto
AR-CACHE
Ar-Sid
X-NF-Request-ID
X-SharePointHealthScore
SPRequestGuid
Accept-Ch
X-T
Fastly-Restarts
X-Debug
X-Ttl
X-VARITI-CCR
X-Server-ID
X-Use-Magma
X-Kinja
X-Kinja-Revision
X-Exp-Variant
X-Kinja-Build
X-Kinja-Server
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Jurisdiction
X-Goog-Hash
X-TTL
Access-Control-Request-Method
TP-Cache
X-Powered-CMS
TP-L2-Cache
X-FastCGI-Cache
X-MSEdge-Ref
X-Content-Digest
X-Release
X-XRDS-Location
X-Edge
X-NWS-LOG-UUID
SPIisLatency
S
TCN
SPRequestDuration
X-CST
RTSS
X-Amz-Rid
X-Pinterest-Direct
X-PressLabs-Stats
Cache-Tag
X-Request-Received
X-Request-Processing-Time
Public-Key-Pins
Fastcgi-Cache
X-Ezoic-Cdn
X-Node-Name
X-Yandex-Sdch-Disable
X-MCACHE
X-Mid
Server-Node
X-Accel-Expires
Accept-Ch-Lifetime
Front-End-Https
X-Amzn-Trace-Id
X-Cache-Key
X-Logged-In
X-Cache-Hit
X-Ratelimit-Remaining
ServerID
X-Ser
X-Microsite
X-Request-Handler-Origin-Region
X-Recruiting
X-Kinsta-Cache
X-Origin-Server
X-Page-Id
Alternate-Protocol
Accept-Charset
Host
X-B
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Ratelimit-Limit
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Mobile-URL
X-Hostname
X-Varnish-Age
X-ECACHE
Nginx-Cache
X-Content-Security-Policy-Report-Only
X-FireWall-Port
Filterid
X-Country-Code-Real
X-DIS-Request-ID
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-Forwarded-For
X-Shield-Request-Id
X-FTR-Expires
X-Mg-S
X-Load-Cache
X-Seen-By
Realpath
X-Content-Options
X-Daa-Tunnel
X-Grace
Edge-Cache-Tag
X-Jobs
X-Id
Akamai-Age-Ms
X-Amz-Server-Side-Encryption
X-F-Cache
X-Git-Hash
X-LB-Cache
X-N
X-App-Environment
X-Activity-Id
X-Type
X-AppVersion
X-Az
X-Varnish-Backend
X-Request-Guid
Paypal-Debug-Id
X-Varnish-Grace
X-Rid
X-HP-Webp
Fastcgi-Useragent
MicrosoftSharePointTeamServices
X-Proxy
X-Zen-Fury
X-Hits
DynaTrace
X-FB-Debug
Access-Control-Allow-Method
Cache-Tags
X-Upgrade-Enabled
X-Correlation-ID
X-App-Server
Cleartype
X-TEC-API-VERSION
X-Kong-Upstream-Latency
X-TEC-API-ORIGIN
X-Kong-Proxy-Latency
X-TEC-API-ROOT
X-WebKit-CSP-Report-Only
X-Akamai-Edgescape
DC
X-Geo-Country
X-Cached-By
Content-Disposition
X-Content-Powered-By
X-Cache-Operation
X-Cache-Rule
AMP-Access-Control-Allow-Source-Origin
X-XRDS-LOCATION
X-Amz-Meta-S3cmd-Attrs
X-Host-Name
X-Wix-Request-Id
X-IPLB-Instance
X-User-Agent
X-Accel-Buffering
X-Response-Served-From
X-Original-Request-Id
X-B3-Sampled
Powered-By-ChinaCache
Healthy
X-HS-Cache-Config
X-Cache-Age
X-HS-Hub-Id
X-HS-Content-Id
X-Endurance-Cache-Level
X-HTML-Minification-Powered-By
X-Signature
X-Goog-Storage-Class
X-Goog-Generation
NGB
X-Goog-Metageneration
X-VCache
X-Goog-Stored-Content-Encoding
X-AOL-HN
X-B-Cache
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-HS-Combine-CSS
X-Region
MS-CV
X-Respond-Thread
X-UUID
X-Distributor
Payment
X-Whom
X-Is-Bot
X-Rendered-As
X-Cacheable-TTL
X-FW-Dynamic
X-FW-Hash
X-Debug-Info
Refresh
X-FW-Type
X-Cache-Time
X-FW-Static
X-FW-Serve
X-FW-Server
Nel
X-Instance
X-Rule
Datacenter
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Tumblr-User
X-Tumblr-Pixel-2
X-Frontend
X-Mobile
Countrycode
X-Ua
PB-PID
PB-RID
Arc-Version
X-Varnish-Server
X-Fastcgi-Cache
Surrogate-Key
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
S-Cnection
X-Oneagent-Js-Injection
X-Protected-By
X-PHP-Backend
X-Backend-Name
X-Acc-Debug-Context
X-App-Version
X-Via-JSL
Viewport
X-Cache-Server
X-Azure-Ref
X-NewRelic-App-Data
Liferay-Portal
X-Hyper-Cache
Cache
X-Cache-Expired-At
Powered
X-Litespeed-Cache
X-Hp-Webp
Filters
X-WA-Info
X-Proxy-Cache-Status
Charset
Retry-After
Referer-Policy
X-Time
X-Sucuri-ID
X-Cache-Control
X-DynaTrace-JS-Agent
X-EdgeConnect-Cache-Status
Section-Io-Cache
X-Source
X-Amz-Replication-Status
X-FB-TRIP-ID
X-CSRF-Token
X-FTR-Cache-Host
X-Cache-Action
X-RemovedCookies
X-ProcessESI
X-Real-IP
Meta-Geo
X-Cache-Var-Map
Eomportal-Instance
X-RN-RSRV
FSS-Cache
X-Cache-Var
X-Debug-Cache
X-Mode
X-ES-SERVER
X-GeoIP
X-Device-Type
X-Qloud-Router
X-R9-Blue-Green-Version
X-Locale
X-From
X-Site-Version
X-Framework
X-L-Path
X-Via-Fastly
X-Cache-Host
X-Xfnlog-Site
X-VWS-Id
X-Server-W
X-Time-Microsecs
X-ProxyCache-Key
X-AWS-Id
X-Yottaa-Optimizations
X-Ratelimit-Reset
X-Human
Mn-Server-Ip
Version
X-Yottaa-Metrics
X-Environment-Context
X-LJ-Flow-ID
X-BYPASS-REASON
X-ProxyCache-Status
Selected-Fe
Property-Id
TWC-Connection-Speed
Cross-Origin-Window-Policy
Uber-Trace-Id
Ms-Operation-Id
X-RTag
X-Revision
Cache-Tv-Group
TWC-GeoIP-Country
TWC-Device-Class
Ec-Rule-Version
X-Cluster
TWC-GeoIP-LatLong
X-Hl-Ver
X-Handled-By
X-FW-Version
X-Loop
X-OCL
X-Proxy-Build
X-Proxied
X-PCL
X-Origin-Hint
X-Routing-Service
X-Timing-Wait
Webcakes-App-Version
Webcakes-Region
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
X-TNCMS
GEO-INFO
X-Cache-TTL-Remaining
X-Zipkin-Id
X-Hosted-By
X-Status
X-SaId
X-ServerID
DB-Nickname
X-JoinUs
X-PHP-Host
X-Be
X-BCube-Filmed-By
X-Generated-By
X-Redis-Cache
X-NYM-Debug-Backend
X-Labrador-Cache-Channel
X-Detected-As
X-Proto
X-Amzn-Remapped-Content-Length
Frame-Options
X-Air-Hostname
Webserver
X-Access
X-Format
X-Section
X-No-Session
X-Unique-Id
X-ATG-Version
X-Sucuri-Cache
From-Origin
X-Cache-PHP
X-NWS-UUID-VERIFY
X-Varnish-Cache-Hits
X-Drupal-Cache-Contexts
Server-Name
X-TA-CDN-Provider
X-Contextid
X-Drupal-Cache-Tags
X-NCache
X-Origin
X-Varnish-Ttl
X-Correlation-Id
X-EIG-Tracking-Id
CF-Cached-On
OT-Force-Account-Verify
X-AIR-PT
X-IPS-LoggedIn
X-EC-Lua
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-CDN-Forward
X-Oss-Storage-Class
X-Adobe-Loc
X-Adobe-Content
X-Oss-Hash-Crc64ecma
X-GoCache-CacheStatus
X-Akamai-Transformed
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Server-Time
X-IP
X-Cache-Enabled
X-Bc-Bl
X-APP-VERSION
X-NC
X-Backend-Host
X-Vgn-Hpd-Variations-Key
X-ECache
X-Vgn-Hpd-Cached
X-TT
Azure-Version
X-UA
Azure-SlotName
Azure-RegionName
X-Ruxit-Js-Agent
Azure-SiteName
Azure-InstanceId
X-Cache-Backend
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-TIME
X-Cdn
X-Tumblr-Pixel-3
X-URL
X-Adobe-Source
X-CCM
X-Cache-2
SD-X-WS
Access-Control-Request-Headers
Time
X-CACHE-AGE
Node
Meta-Geo-Continent
Machine
X-External-Request-Id
X-G
MD5-Digest
X-CF-Lambda-Fn
X-Transaction
X-PBS-Appsvrname
X-Processor
X-RCS-CacheZone
Now
X-Vdms-Path
X-PAYTM-SRV-ID
X-Ms-Version
X-Alternate-Cache-Key
X-Twitter-Response-Tags
X-Ms-Request-Id
X-Trv-Group
X-Up
Mobile-Detection-Method
X-Cache-Grace
X-Date
X-D
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Apple-News-Services-Host
CloudFront-Viewer-Country
DCR-Decision-By
Host-ID
X-CF-Lambda-Version
Fastcgi-X-Cache-Version
X-Connection-Hash
DCR-Processing-Time-Ms
X-Destination
X-Varnishpool
X-PERF
X-Pubstack
X-Forwarded-Host
X-Vdms-Version
X-Backend-TTL
X-ShardId
X-ShopId
X-Soup
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ApacheServer
X-Minions-Version
X-Accel-Expires-Debug
X-Rewrite-Enabled
X-Rojux
X-Worker
X-A-Dcw
X-ARC
X-ScT
X-Cache-NE
X-VG-WebCache
Xc-Version
X-A-Wwc
Rendered-Blocks
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-S-Cookie
X-A-Dgt
X-S
X-VG-WebServer
Surrogated-Key
X-Aed
X-A-Ccd
X-Application
X-B-Cookie
X-Request-UUID
X-A
X-A-Dam
Fastly-SSL
X-Storage
X-Generation-Time
X-Envoy-Decorator-Operation
CDN-Cache
X-Hash
CDN-EdgeStorageId
X-DPWN-IS-SECURE
Cache-Status
CDN-CachedAt
X-Edge-Location
Wxu-Next-Region
X-Cache-Config
X-Say-Cacheable
X-Web-Node
X-Dispatcher-Server
X-Cluster-Name
Adler-Geo
X-Say-TTL
X-SayCDN-TTL
Wxu-Next-Commit
Wxu-Next-Hostname
We-Hiring
X-Bip
X-Rebelmouse-Surrogate-Control
Ufe-Result
X-Cache-Bucket
NM-Fastcgi-Cache
X-Thanos
X-CUA
X-Owner
X-OVcl
X-OVcl-Cache
X-VG-TLSProxy
Fastly-SIE
X-Servername
X-Rebelmouse-Cache-Control
X-Skip-Cache
X-SN
X-Variation
Fastly-SWR
X-NGENIX-Cache
Platform
CDN-RequestId
CDN-RequestCountryCode
CDN-Uid
CDN-PullZone
X-Microcachable
X-Method
X-Req
Is-Eu
X-Viewer-Country
Mail-Subject
X-Core-Value
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-CGP
Ha-Gx-Prefs
HA-Ipaddr
Group
Gh-Request-Id
X-Csrf-Jwt
C-Via
X-Cms-Context
AKAMAI
X-Core-Mission
X-Clientip
X-Ah-Environment
Country-Code
Fastly-Drupal-HTML
L
CacheControlHeader
X-WADP-Cache
X-TX-ID
X-Render-Time
X-Cache-NGX
FSS-Proxy
X-Micro-Cache
X-Reqid
X-LI-UUID
X-Request-Start
X-Request-Host
X-Platform
Upgrade-Insecure-Requests
X-Slack-Backend
X-VarnishDD-TTL
Origin
X-Fastly-Cache
X-Fmm-Version
X-Varnish-Cacheable
PFcat
X-Policy
X-Proxy-Upstream
X-Auto-Login
X-Li-Pop
X-Fastly-Backend
Rt-Fastcgi-Cache
X-Gamma-Serve
X-Clara-WADP
X-Webstats-RespID
X-Eu-Site
L5d-Success-Class
X-Backend-State
X-Li-Fabric
X-Generated-On
X-HN
X-Cache-Date
X-Level-Front-Cache
X-Cache-Tags
Country
Decoy-Debug-Key
Decoy-Debug-TTL
Decoy-Debug-Status
Backend
Pagetype
UCS
X-Amz-Meta-Cb-Modifiedtime
X-Geo-Header
X-Old-Content-Length
Fastly-Backend-Name
X-Esi-Check
X-Irp-Debug
X-HS-Content-Campaign-Id
X-Wikidot-Static-Cache
X-Platform-Server
X-Cache-Id
Akamai-GRN
X-Cache-URL
X-Cdn-Srv
X-Esi
X-Gzip
X-Wikidot-Backend
X-Has-Esi
X-Is-Gdpr
Memcached
X-Developers
X-Content-Age
X-JWT-State
X-LAGOON
X-Location
HostName
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-DefHash
X-Varnish-Remaining-TTL
X-Agile-Age
X-Agile-Id
X-Providence-Cookie
X-Agile
X-Aspnet-Duration-Ms
X-PF-Uncompressing
X-Route-Name
X-Is-Crawler
X-UPSTREAM-Address
X-Flags
X-DefElseHash
X-Mvc-Supplant-Cachable
X-NODE
X-LB-ID
X-Branch-Name
X-Refresh
X-Aicache-OS
X-Wa
X-CS
CACHE
X-Instart-Request-ID
X-Cdn-Forward
X-Dc
X-ZONE
X-BC
X-RateLimit-Remaining
X-Via-Poph
M-TraceId
X-Via-Popn
X-Session-Fingerprint
X-Cache-Debug
X-Debug-Cache-Store
X-B3-Spanid
X-Debug-Cache-Fetch
Arc-Country
NGX
X-Mvc-Supplant-OutputCached
X-Ua-Device
Srv
X-Edge-Server
X-Servedbyhost
Viewtype
Cdn-Request-Time
X-LI-Proto
VivaBuild
X-Page-View
Cdn-Host
X-GEO
X-DC
X-SERVER
X-Via-Ucdn
X-Request-Time
X-RunCloud-Cache
Xserver
X-Bc
X-Zone
X-Ftr-Cache-Host
X-Varnish-Hostname
X-Nginx-Cache
X-Cs
X-HS-Status
X-Action
X-FPC
X-NGINX-Cache
X-Check-Cacheable
X-ORACLE-APMCS-REQUEST-ID
Actual-Object-TTL
Memory
X-APP
X-Pinterest-Sli-Response-Type
X-Pinterest-Sli-Endpoint-Name
X-Vgn-Hpd-Ssi
X-Pinterest-Sli-Latency-Threshold
X-LiteSpeed-Cache-Control
X-RPS
Hostname
X-RSL
X-DI
X-DB
WWW-Authenticate
SRV
X-B3-Traceid
X-RPM
X-DSS
X-Srv
X-DW
X-Via-CDN
X-NU-AKA-ACS-Version
X-Unique-ID
Geo-Info
X-Datadome
X-Oss-Cdn-Auth
X-Sql-Duration-Ms
X-Cluster-Node
X-VCL-Version
Sid
X-Sql-Count
X-MP-GENERATED-AT
Geoip-Latitude
X-Via-Popv
GeoIp-Country-Code
X-UnsetCookies
X-Vcache
X-Geo
Edge-Copy-Time
Processtime
X-CF-Powered-By
X-Akamai-Request-ID2
X-HITS
X-Via-SSL
X-Dynatrace-Js-Agent
X-Via-Edge
User-Agent
WebServer
X-CSRF-TOKEN
X-We-Are-Hiring
X-Svr
W
X-SRV
X-Epic-Correlation-Id
On-Server
GeoIP-Country-Code
X-Www-Served-By
ProcessTime
GeoIP-Latitude
XServer
Apigw-Requestid
X-SERVER-NAME
X-FORWARDED-FOR
X-Hit
Server-Info
NtCoent-Length
SID
X-Webkit-CSP-Report-Only
X-CACHE-KEY
LB
ServedBy
X-S-Maxage
X-Cache-Remote
Cache-Hits
X-FC-Vary-Parameters
X-Mobile-Rewrite
X-HOST
Ohc-File-Size
X-Presslabs-Stats
X-Nc
S-Rt
X-Pjax-Url
X-Dynatrace
X-Vcl-Version
X-Envoy-Upstream-Healthchecked-Cluster
T-Server
X-Fpc
Amp-Access-Control-Allow-Source-Origin
X-MSEdge-Flight
X-MSEdge-Features
Accept-Language
N-Cache
Esi-Enabled
X-Cache-Hfrom
X-Cache-Hm
Server-Host
X-Pass-Why
X-Fastly-Country-Code
X-Tb
CF-IPCountry
Cteonnt-Length
Origin-Edge-Control
Origin-Cache-Control
Cdn
CDN
A
X-Key
Magicmarker
X-COUNTRY
X-Varnish-Hits
X-Dispatch
X-VC
X-Oracle-Dms-Rid
WZWS-RAY
Lb
Proxy-Firewall
X-SB
Pics-Label
X-LLID
Ohc-Cache-HIT
X-Instart-Info
Protected
Powered-By
X-Geo-Region
X-Amzn-Remapped-Date
X-Info
X-ServedByHost
X-Amzn-Remapped-Connection
X-Li-Proto
Server-Ttl
X-Via-NSCOPI
HitType
X-B3-SpanId
X-Newrelic-App-Data
X-StackifyID
X-Uri
X-RAMCache
BehaviorPad-Version
X-TH-Server
User-Cache-Control
X-Newrelic-Synthetics
X-TT-LOGID
X-Akamai-Pragma-Client-IP
Cache-Key
Fastcgi-Cache-TTL
X-Served-From
X-Generated
X-Cache-Tag
Tracecode
X-App
X-TrackingId
X-Via-PopN
X-Erf-Bev-Bev
X-LiteSpeed-Tag
Cache-Provider
X-Via-PopV
X-Via-PopH
X-Lb-Id
X-ID
Ssr
X-Erf-Bev-Bev-Is-Generated
X-WA
X-Scheme
Lfy
DSUID
D-Cc-Upstream
X-Provided-By
X-Tt-Logid
Odigeo-Trace-Id
Section-Io-Origin-Time-Seconds
X-Cc-Via
Section-Io-Origin-Status
X-Erf-Stays-Bingo-Pdp-Web
X-Cc-Req-Id
Section-Io-Id
Section-Origin-Responded
X-Cache-Spec
X-Men
Cache-Name
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
Xet-Cookie
X-Path-Route
X-Batcache
Dnion-Transfer-Encoding
X-UA-Device-Type
X-Agile-Brick-Ok
X-Magnolia-Registration
Tcn
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hnp-Log
X-GeoIP-City
X-Generated-In
X-Gdpr
X-Gen-Mode
X-Loc
X-Matched-Rule
X-Varnish-Url
X-SD-PageType
X-VC-Cache
X-VServer
X-Nginx-Cache-Key
X-Fetched-On
X-ElasticPress-Query
X-BBXSRF
X-Block-Status
X-BBC-Edge-Cache-Status
X-Azure-Ref-OriginShield
X-API-Version
X-Cache-ASPX
X-Cache-Expires
X-Developer
X-Device-Os
X-Contensis-Viewer-Groups
X-Cdn-Origin
X-Cache-Info
X-Varnish-Authentication
X-Var-Ttl
X-SRCache-Key
X-Origin-TTL
X-RateLimit-Remaining-Second
X-Response-By
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Server-IP
X-Sn-Servicetimems
X-Parent-Response-Time
X-ServiceProvider
X-Sigma
X-Sigma-Backend
X-SIPLIST1
Web-Mar-Node
X-Swa-Ws
X-NodeID
X-Trace-Id
X-User
X-Rocket-Build-Number
X-RateLimit-Limit-Second
X-Request-URI
X-Nyt-Route
X-Origin-Time
X-Thinkindot-L3
X-Origin-Expires
X-Origin-Date
X-Origin-CC
X-Node-Id
X-Varnish-Beresp-TTL
CDCHOST
X-RateLimit-Limit
X-HostName
FNAC-ModuleRouting
Instruction
Kp-EeAlive
IsBot
Vix-Hermes-Req-Id
PICS-Label
X-Pf-Uncompressing
Cf-Alt-Svc
Mime-Version
X-Yottaa-OS
Who
Inserted-Into-Cache-At
Locid
Cache-Host
Thinkindot-CacheControl
SR-User-Adfree
Sever-Int
Server-Ext
Server-Hostname
True-Client-Country-4JS
Thinkindot-CacheControl-Type
Path
Pramga
Release
V-Age
Thinkindot-Control
X-Acc-Rdl
X-Selected-Host-Header
CountryCode
X-Selected-Name
X-Selected-Scheme
Vha6-Origin
X-TraceId
Req-Svc-Chain
X-Pad
X-BBC-Origin-Response-Status
X-Tid
X-Proxy-Cachei7
X-Traceid
Server-Id
Content-Script-Type
Content-Style-Type
X-Vgn-Hpd-Reason
Source
X-Request-URL
X-Apw-Hits
X-Snapshot-Date
MIME-Version
Server-ID
Resin-Trace
X-Apw-Access-Token
X-Apw-Access-Object
X-MiniProfiler-Ids
X-Origin-Response-Time
X-C
Pragrma
X-Apw-Access-Action
X-PJAX-URL
X-Dw-Trace-Id