Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
CF-Ray
Alt-Svc
X-Xss-Protection
X-Served-By
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-Request-ID
X-Cacheable
P3p
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
Upgrade
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Template
X-Language
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Backend
X-Hacker
X-AH-Environment
X-Cache-Group
X-Dns-Prefetch-Control
X-Server
X-Robots-Tag
X-Amz-Request-Id
X-UA-Device
X-Amz-Id-2
EagleId
X-Buckets
X-Proxy-Cache
X-Turbo-Charged-By
X-Server-Powered-By
Request-Context
Server-Timing
Host-Header
X-Nginx-Cache-Status
Grace
Report-To
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
Cf-Bgj
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Ali-Swift-Global-Savetime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Vhost
X-Amz-Version-Id
X-WebKit-CSP
X-Host
X-Dispatcher
X-Device
X-Backend-Server
X-Node
NEL
Surrogate-Control
X-Ruxit-JS-Agent
X-Cache-Lookup
X-Response-Time
Content-Location
X-Origin-Cache
Request-Id
X-Akam-SW-Version
X-Server-Id
X-Ac
X-ASPNET-VERSION
X-Country
Accept-CH-Lifetime
EagleEye-TraceId
X-Mod-Pagespeed
X-HW
Accept-CH
Rating
X-Readtime
X-ORACLE-DMS-ECID
X-Cloud-Trace-Context
X-Application-Context
X-ORACLE-DMS-RID
Pinterest-Generated-By
Edge-Control
X-Country-Code
X-Url
X-DataDome
X-TtlSet
X-Vname
X-PC
X-EdgeConnect-Origin-MEX-Latency
X-Origin-Upstream-Status
X-EdgeConnect-MidMile-RTT
X-Cnection
X-Varnish-TTL
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Content-Id
Fusion-Source
Fusion-Component-Id
Allow
X-MS-InvokeApp
X-D2id
X-GitHub-Request-Id
X-ESI
X-Content-Type
X-Clacks-Overhead
X-Server-Name
X-Abt-Application-Version
X-Trace
X-Navigation-Version
Pinterest-Version
X-Pinterest-Rid
X-FTR-Request-ID
X-Vcap-Request-Id
Display
Pagespeed
X-Sol
X-Middleton-Response
X-Middleton-Display
Response
X-B3-TraceId
Verso
X-Px
X-Rack-Cache
X-Cached
X-Element-Page-Cache
X-Fastly-Request-ID
Service-Worker-Allowed
X-Webkit-CSP
X-DynaTrace
MS-Author-Via
X-Client-IP
X-Cache-TTL
Accept-Ch
Arr-Disable-Session-Affinity
X-Powered-By-Plesk
X-Server-ID
X-Dw-Request-Base-Id
X-Upstream
X-Version
Content-MD5
X-Forwarded-Proto
AR-CACHE
AR-PoweredBy
X-NF-Request-ID
AR-ATIME
AR-Request-ID
X-T
X-SharePointHealthScore
SPRequestGuid
Ar-Sid
Fastly-Restarts
X-Debug
X-VARITI-CCR
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
X-Cdn-Fetch
X-Kinja
X-Use-Magma
Akamai-Age-Ms
X-Kinja-Server
X-TTL
X-Ttl
X-Jurisdiction
X-Goog-Hash
Access-Control-Request-Method
TP-Cache
TP-L2-Cache
X-Powered-CMS
X-XRDS-Location
X-Content-Digest
X-Release
X-MSEdge-Ref
X-Edge
X-FastCGI-Cache
X-NWS-LOG-UUID
TCN
SPIisLatency
SPRequestDuration
S
RTSS
X-Amz-Rid
X-PressLabs-Stats
X-CST
Accept-Ch-Lifetime
X-Pinterest-Direct
Cache-Tag
X-Request-Processing-Time
X-Request-Received
Fastcgi-Cache
Public-Key-Pins
X-Yandex-Sdch-Disable
X-Ezoic-Cdn
X-Node-Name
X-Mid
X-MCACHE
Server-Node
X-Accel-Expires
X-Ratelimit-Remaining
X-Amzn-Trace-Id
X-Logged-In
Front-End-Https
X-Cache-Key
X-Cache-Hit
ServerID
X-Ser
X-Microsite
X-Request-Handler-Origin-Region
X-Recruiting
X-Kinsta-Cache
X-Origin-Server
X-Page-Id
Alternate-Protocol
Accept-Charset
Host
X-B
X-Ratelimit-Limit
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Hostname
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Mobile-URL
X-ECACHE
X-Varnish-Age
X-Forwarded-For
X-FireWall-Port
X-Content-Security-Policy-Report-Only
Nginx-Cache
X-FTR-DC
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
Filterid
X-DIS-Request-ID
X-FTR-Expires
X-Shield-Request-Id
X-Seen-By
Realpath
X-Load-Cache
X-Content-Options
X-Jobs
X-Id
Edge-Cache-Tag
X-Mg-S
X-Grace
X-Daa-Tunnel
X-Git-Hash
X-LB-Cache
X-F-Cache
X-Amz-Server-Side-Encryption
X-Type
X-Activity-Id
X-App-Environment
X-Varnish-Backend
X-N
X-Az
X-AppVersion
X-Request-Guid
Paypal-Debug-Id
X-Varnish-Grace
X-Rid
Fastcgi-Useragent
X-Zen-Fury
X-Proxy
X-Hits
MicrosoftSharePointTeamServices
DynaTrace
X-FB-Debug
X-Correlation-ID
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-HP-Webp
X-TEC-API-ROOT
Access-Control-Allow-Method
X-Upgrade-Enabled
Cache-Tags
X-App-Server
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Cleartype
X-WebKit-CSP-Report-Only
X-Geo-Country
DC
X-Akamai-Edgescape
X-Content-Powered-By
X-Cached-By
AMP-Access-Control-Allow-Source-Origin
X-Cache-Operation
X-Cache-Rule
Content-Disposition
X-Wix-Request-Id
X-Amz-Meta-S3cmd-Attrs
X-IPLB-Instance
X-User-Agent
X-Host-Name
X-Accel-Buffering
X-B3-Sampled
X-Response-Served-From
X-Original-Request-Id
X-Endurance-Cache-Level
X-VCache
X-HS-Hub-Id
X-HTML-Minification-Powered-By
X-HS-Content-Id
Healthy
X-HS-Cache-Config
X-XRDS-LOCATION
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
Powered-By-ChinaCache
NGB
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-AOL-HN
X-B-Cache
X-Signature
Refresh
MS-CV
X-Whom
X-HS-Combine-CSS
X-Cacheable-TTL
X-Region
Payment
X-UUID
X-Rendered-As
X-Is-Bot
X-Distributor
X-Cache-Time
X-FW-Static
X-FW-Type
X-FW-Hash
X-FW-Dynamic
X-FW-Server
X-FW-Serve
X-Debug-Info
X-Instance
X-Cache-Age
X-Rule
Datacenter
X-Tumblr-Pixel-1
X-Frontend
X-Tumblr-Pixel-2
X-Amzn-RequestId
X-Tumblr-Pixel-0
X-Fastcgi-Cache
X-Amz-Apigw-Id
X-Tumblr-Pixel
X-Tumblr-User
X-Respond-Thread
Countrycode
X-Ua
X-Mobile
Nel
PB-PID
PB-RID
Arc-Version
Surrogate-Key
X-Varnish-Server
S-Cnection
X-App-Version
X-Backend-Name
X-PHP-Backend
X-Protected-By
X-Tec-Api-Root
X-Tec-Api-Version
X-Hp-Webp
X-Tec-Api-Origin
X-Oneagent-Js-Injection
X-Via-JSL
X-Azure-Ref
X-Cache-Server
Viewport
Liferay-Portal
X-Acc-Debug-Context
Powered
X-Hyper-Cache
Cache
Filters
X-NewRelic-App-Data
X-Cache-Expired-At
X-Time
X-DynaTrace-JS-Agent
X-WA-Info
Charset
X-Proxy-Cache-Status
X-Litespeed-Cache
X-Cache-Control
Referer-Policy
Retry-After
Section-Io-Cache
X-EdgeConnect-Cache-Status
X-Sucuri-ID
X-FTR-Cache-Host
X-CSRF-Token
X-Source
X-Amz-Replication-Status
X-RemovedCookies
X-FB-TRIP-ID
X-ProcessESI
X-Cache-Action
X-GeoIP
X-RN-RSRV
X-Debug-Cache
X-Cache-Var-Map
X-Cache-Var
Eomportal-Instance
X-ES-SERVER
X-Mode
Meta-Geo
X-Real-IP
X-Device-Type
X-Framework
X-From
X-Locale
X-Qloud-Router
X-R9-Blue-Green-Version
X-BYPASS-REASON
X-Via-Fastly
X-Cache-Host
X-Ratelimit-Reset
X-ProxyCache-Status
X-ProxyCache-Key
X-Environment-Context
X-AWS-Id
X-Server-W
X-Xfnlog-Site
X-Yottaa-Metrics
X-VWS-Id
X-LJ-Flow-ID
X-Site-Version
X-Yottaa-Optimizations
X-L-Path
X-Time-Microsecs
Mn-Server-Ip
Cache-Tv-Group
X-Cluster
FSS-Cache
X-Loop
TWC-Locale-Group
Cross-Origin-Window-Policy
X-OCL
X-Human
TWC-Device-Class
TWC-Connection-Speed
Property-Id
X-Zipkin-Id
TWC-GeoIP-Country
Ms-Operation-Id
Ec-Rule-Version
TWC-GeoIP-LatLong
Uber-Trace-Id
Webcakes-App-Version
X-Origin-Hint
X-PCL
TWC-Privacy
Selected-Fe
X-RTag
X-Handled-By
X-TNCMS
X-Revision
X-Routing-Service
Version
X-Timing-Wait
Webcakes-App-Name
X-Proxy-Build
X-Proxied
Webcakes-Region
Webserver
X-Hl-Ver
X-FW-Version
DB-Nickname
X-BCube-Filmed-By
X-Be
X-Amzn-Remapped-Content-Length
X-PHP-Host
X-SaId
X-Generated-By
X-NYM-Debug-Backend
X-Status
X-Proto
X-Labrador-Cache-Channel
X-Detected-As
X-JoinUs
X-Hosted-By
X-ServerID
X-Cache-TTL-Remaining
X-Section
X-Access
From-Origin
X-Format
Frame-Options
X-Air-Hostname
X-Redis-Cache
GEO-INFO
X-No-Session
X-Sucuri-Cache
X-Cache-PHP
X-Varnish-Cache-Hits
X-ATG-Version
X-NWS-UUID-VERIFY
X-Drupal-Cache-Contexts
Server-Name
X-Unique-Id
X-Contextid
X-TA-CDN-Provider
X-Drupal-Cache-Tags
X-NCache
X-Origin
X-EIG-Tracking-Id
CF-Cached-On
OT-Force-Account-Verify
X-IPS-LoggedIn
X-EC-Lua
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Correlation-Id
X-Varnish-Ttl
X-Akamai-Transformed
X-Bc-Bl
X-GoCache-CacheStatus
X-IP
X-Cache-Enabled
X-Adobe-Loc
X-Adobe-Content
X-AIR-PT
X-Oss-Object-Type
X-CDN-Forward
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-TT
X-Oss-Server-Time
X-Oss-Request-Id
X-Backend-Host
X-Cache-Backend
X-CACHE-AGE
Azure-Version
Azure-SiteName
X-APP-VERSION
Azure-RegionName
Azure-SlotName
Azure-InstanceId
X-Tumblr-Pixel-3
X-Vgn-Hpd-Variations-Key
X-ECache
X-Vgn-Hpd-Cached
X-NC
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-UA
Access-Control-Request-Headers
X-Ruxit-Js-Agent
Time
SD-X-WS
X-Cache-2
X-CCM
X-Adobe-Source
X-TIME
Now
X-RCS-CacheZone
Node
X-Cdn
X-URL
X-Backend-TTL
X-Aed
X-A-Dgt
X-ApacheServer
X-A-Wwc
X-A-Dcw
X-A-Ccd
X-A-Dam
X-Alternate-Cache-Key
X-Cache-Grace
X-A
Meta-Geo-Continent
Apple-News-Services-Parsed-Url
X-ShopId
Apple-News-Services-Request-Url
X-ShardId
X-Pubstack
Apple-News-Services-Host
Apple-News-Services-Handled
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Soup
X-Storefront-Renderer-Rendered
X-Varnishpool
X-PERF
X-Application
MD5-Digest
Machine
X-Sorting-Hat-ShopId
Mobile-Detection-Method
Rendered-Blocks
Host-ID
X-Forwarded-Host
CloudFront-Viewer-Country
DCR-Decision-By
DCR-Processing-Time-Ms
Fastcgi-X-Cache-Version
Surrogated-Key
X-Accel-Expires-Debug
X-S
X-S-Cookie
X-ScT
X-Transaction
X-Rojux
X-Rewrite-Enabled
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-ARC
X-Request-UUID
X-Trv-Group
X-Twitter-Response-Tags
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Worker
Xc-Version
X-VG-WebServer
X-VG-WebCache
X-Up
X-Vdms-Path
X-Vdms-Version
X-Minions-Version
X-Processor
X-Cache-NE
X-External-Request-Id
X-Date
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Connection-Hash
X-G
X-D
X-Destination
X-B-Cookie
X-Thanos
X-Storage
Wxu-Next-Region
X-Viewer-Country
Wxu-Next-Hostname
X-Servername
X-Skip-Cache
Adler-Geo
X-SN
X-Core-Value
X-Cache-Config
X-Bip
X-Ms-Request-Id
X-Ms-Version
X-Cache-Bucket
X-Cluster-Name
X-Variation
Wxu-Next-Commit
X-VG-TLSProxy
X-CUA
CDN-CachedAt
X-OVcl
Is-Eu
X-OVcl-Cache
X-Owner
Fastly-SIE
Fastly-SWR
X-NGENIX-Cache
Mail-Subject
Platform
X-Hash
NM-Fastcgi-Cache
X-Method
X-Microcachable
X-Envoy-Decorator-Operation
X-Edge-Location
X-Dispatcher-Server
X-Req
Ufe-Result
We-Hiring
X-Generation-Time
X-Rebelmouse-Surrogate-Control
CDN-EdgeStorageId
CDN-Uid
X-Rebelmouse-Cache-Control
CDN-RequestId
CDN-RequestCountryCode
CDN-PullZone
CDN-Cache
X-DPWN-IS-SECURE
Fastly-SSL
Cache-Status
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
Origin
X-Auto-Login
X-Csrf-Jwt
X-HN
X-Backend-State
CacheControlHeader
X-Micro-Cache
X-Reqid
HA-Ipaddr
X-Render-Time
X-Policy
C-Via
X-Cache-Tags
PFcat
X-TX-ID
L
X-Cache-NGX
X-Proxy-Upstream
Gh-Request-Id
Ha-Gx-Prefs
Group
Fastly-Drupal-HTML
L5d-Success-Class
Country-Code
X-Core-Mission
X-Li-Pop
X-Li-Fabric
X-Level-Front-Cache
X-LI-UUID
X-Request-Start
X-VarnishDD-TTL
X-CGP
X-Generated-On
AKAMAI
X-Gamma-Serve
X-WADP-Cache
X-SayCDN-TTL
X-Say-TTL
X-Cms-Context
Decoy-Debug-Status
Decoy-Debug-Key
Country
X-Say-Cacheable
Decoy-Debug-TTL
X-Webstats-RespID
X-Web-Node
X-Fastly-Backend
X-Platform
X-Cache-Date
X-Eu-Site
Rt-Fastcgi-Cache
X-Clara-WADP
X-Varnish-Cacheable
X-Fastly-Cache
X-Fmm-Version
X-Clientip
HostName
Backend
X-Ah-Environment
X-HS-Content-Campaign-Id
X-Request-Host
X-Content-Age
X-Instart-Request-ID
Pagetype
X-Slack-Backend
UCS
Memcached
X-JWT-State
X-Cdn-Srv
Akamai-GRN
X-Cache-Id
X-Esi-Check
X-Wikidot-Static-Cache
X-Cache-URL
X-Wikidot-Backend
X-Irp-Debug
X-Has-Esi
Upgrade-Insecure-Requests
X-Gzip
X-Geo-Header
X-Is-Gdpr
X-Old-Content-Length
X-Location
FSS-Proxy
X-Developers
X-Amz-Meta-Cb-Modifiedtime
Fastly-Backend-Name
X-Agile-Age
X-Agile
X-PF-Uncompressing
X-LAGOON
X-Platform-Server
X-Esi
X-Agile-Id
X-Mvc-Supplant-Cachable
X-Cdn-Forward
X-CS
X-Flags
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Aicache-OS
X-UPSTREAM-Address
X-DefHash
X-DefElseHash
X-Route-Name
X-Refresh
X-Varnish-CookieHashed-On
X-Wa
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Providence-Cookie
X-Dc
X-LB-ID
X-NODE
X-Branch-Name
CACHE
X-Via-Popn
X-Via-Poph
M-TraceId
X-BC
X-ZONE
X-RateLimit-Remaining
X-Cache-Debug
X-Session-Fingerprint
NGX
Arc-Country
X-B3-Spanid
Srv
X-Ua-Device
X-Mvc-Supplant-OutputCached
VivaBuild
Viewtype
X-LI-Proto
X-Servedbyhost
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Request-Time
Xserver
X-Via-Ucdn
Cdn-Request-Time
X-RunCloud-Cache
X-Edge-Server
X-Zone
X-Bc
Cdn-Host
X-Page-View
X-DC
X-GEO
X-SERVER
X-ORACLE-APMCS-REQUEST-ID
X-Varnish-Hostname
Actual-Object-TTL
X-Nginx-Cache
Memory
X-Ftr-Cache-Host
X-Unique-ID
X-LiteSpeed-Cache-Control
X-Cs
Geo-Info
X-HS-Status
X-Srv
X-Pinterest-Sli-Endpoint-Name
X-Pinterest-Sli-Latency-Threshold
X-Pinterest-Sli-Response-Type
X-Vgn-Hpd-Ssi
X-APP
X-NGINX-Cache
X-Action
X-Check-Cacheable
X-FPC
X-MP-GENERATED-AT
WWW-Authenticate
X-RPS
X-RPM
X-DW
X-RSL
X-Via-CDN
X-NU-AKA-ACS-Version
SRV
X-DSS
X-DI
X-B3-Traceid
X-Cluster-Node
X-Via-Popv
Hostname
X-DB
Sid
X-Datadome
X-Akamai-Request-ID2
X-UnsetCookies
Geoip-Latitude
GeoIp-Country-Code
X-VCL-Version
X-Sql-Duration-Ms
X-Oss-Cdn-Auth
X-Sql-Count
X-CF-Powered-By
Server-Info
X-Vcache
X-Geo
Apigw-Requestid
Edge-Copy-Time
Processtime
GeoIP-Country-Code
X-Dynatrace-Js-Agent
X-Via-Edge
X-Via-SSL
NtCoent-Length
X-HITS
ProcessTime
X-Epic-Correlation-Id
GeoIP-Latitude
X-Hit
X-CSRF-TOKEN
User-Agent
WebServer
X-FC-Vary-Parameters
X-SRV
W
X-We-Are-Hiring
On-Server
X-VHOST
X-Svr
X-SERVER-NAME
X-Www-Served-By
X-Mobile-Rewrite
XServer
LB
X-Webkit-CSP-Report-Only
X-Nc
X-FORWARDED-FOR
X-CACHE-KEY
SID
X-Vcl-Version
X-Cache-Remote
X-Fpc
S-Rt
ServedBy
X-S-Maxage
Cache-Hits
X-HOST
Ohc-File-Size
X-Presslabs-Stats
X-Pjax-Url
X-Dynatrace
X-Envoy-Upstream-Healthchecked-Cluster
CF-IPCountry
Esi-Enabled
T-Server
X-Tb
Amp-Access-Control-Allow-Source-Origin
Accept-Language
Origin-Edge-Control
Server-Host
N-Cache
Cdn
X-MSEdge-Features
X-MSEdge-Flight
X-Pass-Why
X-Fastly-Country-Code
Origin-Cache-Control
X-Cache-Hm
X-Key
X-Cache-Hfrom
X-Dispatch
Magicmarker
Cteonnt-Length
A
Proxy-Firewall
CDN
X-Varnish-Hits
X-COUNTRY
Lb
X-Geo-Region
X-VC
WZWS-RAY
X-LLID
X-Oracle-Dms-Rid
X-SB
Pics-Label
HitType
Ohc-Cache-HIT
X-Li-Proto
X-Amzn-Remapped-Connection
X-Info
Powered-By
X-Newrelic-App-Data
X-Instart-Info
X-Amzn-Remapped-Date
Protected
X-ServedByHost
Server-Ttl
X-Generated
BehaviorPad-Version
X-Via-NSCOPI
X-Uri
X-RAMCache
X-B3-SpanId
Fastcgi-Cache-TTL
X-App
X-StackifyID
X-Newrelic-Synthetics
X-Akamai-Pragma-Client-IP
User-Cache-Control
X-TT-LOGID
X-Served-From
Cache-Key
X-TrackingId
X-TH-Server
Tracecode
X-Path-Route
X-Cache-Tag
X-Batcache
X-Erf-Bev-Bev
X-Via-PopH
X-LiteSpeed-Tag
Xet-Cookie
X-ID
X-Via-PopV
X-Via-PopN
X-Lb-Id
X-Erf-Bev-Bev-Is-Generated
Cache-Provider
X-WA
Ssr
Section-Io-Origin-Time-Seconds
X-Men
X-Provided-By
D-Cc-Upstream
X-Tt-Logid
X-Cc-Req-Id
Lfy
Section-Io-Id
X-Cache-Spec
Section-Io-Origin-Status
X-Scheme
X-Cc-Via
DSUID
Odigeo-Trace-Id
Section-Origin-Responded
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
Cf-Alt-Svc
X-Planisys-CDN-Cache
Dnion-Transfer-Encoding
X-Magnolia-Registration
X-Yottaa-OS
X-Agile-Brick-Ok
X-Erf-Stays-Bingo-Pdp-Web
Cache-Name
X-UA-Device-Type
X-Vgn-Hpd-Reason
Tcn
X-GeoIP-City
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Gen-Mode
X-Hnp-Log
X-Generated-In
X-Loc
X-Nyt-Route
X-Origin-CC
X-NodeID
X-Node-Id
X-Matched-Rule
X-Nginx-Cache-Key
X-Gdpr
X-Fetched-On
X-BBXSRF
X-Block-Status
X-BBC-Edge-Cache-Status
X-Azure-Ref-OriginShield
X-API-Version
X-Cache-ASPX
X-Cache-Expires
X-Developer
X-Device-Os
X-Contensis-Viewer-Groups
X-Cdn-Origin
X-Cache-Info
X-ElasticPress-Query
X-Origin-Expires
X-SIPLIST1
X-Var-Ttl
X-Sigma-Backend
X-Sigma
X-Server-IP
X-ServiceProvider
X-Sn-Servicetimems
X-SRCache-Key
X-User
X-Thinkindot-L3
X-Swa-Ws
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-SD-PageType
X-Varnish-Authentication
X-RateLimit-Limit-Second
Web-Mar-Node
X-Parent-Response-Time
X-Origin-TTL
X-Trace-Id
X-Origin-Time
X-RateLimit-Remaining-Second
X-Request-URI
X-VC-Cache
X-Varnish-Url
X-VServer
X-Rocket-Build-Number
X-Response-By
X-Origin-Date
Thinkindot-CacheControl-Type
X-HostName
Mime-Version
X-Pad
X-Tid
Cache-Host
FNAC-ModuleRouting
CDCHOST
X-Origin-Response-Time
Vix-Hermes-Req-Id
Content-Style-Type
Content-Script-Type
Who
X-Pf-Uncompressing
PICS-Label
X-Varnish-Beresp-TTL
Inserted-Into-Cache-At
Instruction
X-RateLimit-Limit
Server-Hostname
Server-Ext
True-Client-Country-4JS
Thinkindot-Control
IsBot
SR-User-Adfree
Thinkindot-CacheControl
Sever-Int
Release
Kp-EeAlive
Locid
V-Age
Pramga
Path
CountryCode
X-Acc-Rdl
X-Selected-Host-Header
X-Selected-Name
X-Selected-Scheme
X-TraceId
Vha6-Origin
Req-Svc-Chain
Server-Id
X-C
X-BBC-Origin-Response-Status
Pragrma
X-Dw-Trace-Id
X-MiniProfiler-Ids
X-Traceid
X-Nananana
X-Snapshot-Date
X-Region-Sid
MIME-Version
Resin-Trace
Server-ID
Source
X-Request-URL
X-Apw-Access-Action
X-Proxy-Cachei7
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Hits
X-PJAX-URL