Threat Level: green Handler on Duty: Remco Verhoef

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
CF-RAY
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-UA-Compatible
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-Served-By
CF-Ray
X-Xss-Protection
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Request-ID
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-Iinfo
P3p
X-Content-Security-Policy
X-AspNetMvc-Version
Status
Content-Encoding
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Cache-Group
X-Server
X-Backend
X-Amz-Request-Id
X-Hacker
X-Robots-Tag
X-Amz-Id-2
X-UA-Device
X-AH-Environment
Request-Context
X-Proxy-Cache
EagleId
X-Turbo-Charged-By
X-Server-Powered-By
X-Template
Server-Timing
X-Language
X-Nginx-Cache-Status
Grace
Host-Header
Report-To
X-Dns-Prefetch-Control
X-Rq
X-Page-Speed
Xkey
X-Ua-Compatible
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-Buckets
X-Vhost
X-WebKit-CSP
X-Host
X-Backend-Server
X-Server-Id
X-Dispatcher
X-Device
NEL
Surrogate-Control
X-Node
Accept-CH-Lifetime
X-Ruxit-JS-Agent
Request-Id
Content-Location
Accept-CH
X-Response-Time
EagleEye-TraceId
X-Cache-Lookup
X-Akam-SW-Version
X-Origin-Cache
X-Ac
Allow
X-Readtime
Rating
X-Mod-Pagespeed
X-HW
X-Country
X-Cloud-Trace-Context
X-Application-Context
X-ORACLE-DMS-ECID
Edge-Control
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Pinterest-Generated-By
X-ORACLE-DMS-RID
X-Vname
X-TtlSet
X-PC
X-MS-InvokeApp
X-Cnection
X-Country-Code
X-DataDome
X-CST
X-Varnish-TTL
X-GitHub-Request-Id
X-Content-Type
X-D2id
X-Clacks-Overhead
X-Server-Name
X-Trace
X-Middleton-Display
X-Middleton-Response
Display
Response
X-Sol
Pagespeed
X-Origin-Upstream-Status
Pinterest-Version
X-Pinterest-Rid
X-FastCGI-Cache
MS-Author-Via
Fusion-Content-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Source
Fusion-Content-Id
X-Vcap-Request-Id
X-Px
X-Abt-Application-Version
X-B3-TraceId
X-Navigation-Version
X-Rack-Cache
X-ESI
Service-Worker-Allowed
X-Url
Verso
X-Fastly-Request-ID
X-TTL
Arr-Disable-Session-Affinity
X-Client-IP
X-Element-Page-Cache
X-Webkit-CSP
X-Cache-TTL
X-Cached
X-DynaTrace
X-FTR-Request-ID
X-Dw-Request-Base-Id
X-VARITI-CCR
SPRequestGuid
X-SharePointHealthScore
X-Exp-Id
X-GoogleNews-Bot
X-Goog-Hash
X-Exp-Variant
X-Use-Magma
X-Kinja
X-Powered-By-Plesk
X-Kinja-Server
X-Cdn-Fetch
X-Kinja-Build
X-Kinja-Revision
X-Upstream
Fastly-Restarts
X-NF-Request-ID
AR-CACHE
AR-ATIME
AR-PoweredBy
AR-Request-ID
Ar-Sid
X-Debug
Content-MD5
X-MSEdge-Ref
X-Pinterest-Direct
X-Forwarded-Proto
SPRequestDuration
SPIisLatency
X-Version
X-Powered-CMS
Access-Control-Request-Method
X-Release
X-T
X-Amz-Rid
X-Jurisdiction
S
X-Edge
X-Content-Digest
X-XRDS-Location
TCN
RTSS
TP-L2-Cache
TP-Cache
X-Ezoic-Cdn
Public-Key-Pins
Cache-Tag
X-Litespeed-Cache
X-Ttl
Front-End-Https
X-MCACHE
X-Node-Name
X-Mid
X-Yandex-Sdch-Disable
Server-Node
X-Request-Processing-Time
X-Request-Received
X-Cache-Key
X-Mg-S
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-Recruiting
X-Accel-Expires
MRF-Tech
X-B3-TraceId-Primal
X-HP-Webp
X-Amzn-Trace-Id
Mrf-Cache-Status
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ser
X-Kinsta-Cache
X-PressLabs-Stats
X-Grace
Accept-Ch
X-NWS-LOG-UUID
X-Request-Handler-Origin-Region
X-Microsite
X-ASPNET-VERSION
X-Origin-Server
Accept-Charset
X-Varnish-Age
X-Logged-In
ServerID
Cf-Bgj
X-DIS-Request-ID
MicrosoftSharePointTeamServices
X-Page-Id
Host
Nginx-Cache
X-Shield-Request-Id
X-Ratelimit-Remaining
X-Cache-Hit
Edge-Cache-Tag
X-Content-Security-Policy-Report-Only
X-ECACHE
X-Server-ID
Powered-By-ChinaCache
X-B
X-Hostname
Cache-Tags
X-F-Cache
X-Mobile-URL
X-LB-Cache
X-Forwarded-For
X-Respond-Thread
Cleartype
X-Hits
X-Az
X-AppVersion
X-Activity-Id
X-Git-Hash
Realpath
X-N
X-Cached-By
X-Ratelimit-Limit
X-Content-Options
Alternate-Protocol
X-Upgrade-Enabled
DynaTrace
X-Cache-Age
X-Type
X-App-Environment
X-Jobs
X-Request-Guid
Paypal-Debug-Id
X-Load-Cache
X-Rid
X-Varnish-Backend
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Amz-Meta-S3cmd-Attrs
Nel
Fastcgi-Useragent
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Realm
Access-Control-Allow-Method
X-FTR-Expires
X-Seen-By
X-Proxy
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-WebKit-CSP-Report-Only
X-Correlation-ID
X-URL
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Zen-Fury
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Generation
X-FireWall-Port
X-Akamai-Edgescape
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
Charset
X-B3-Sampled
Filterid
X-VCache
X-FB-Debug
X-Daa-Tunnel
X-Varnish-Grace
Filters
X-B-Cache
X-Signature
X-IPLB-Instance
X-AOL-HN
X-Mobile
X-Debug-Info
Healthy
X-Host-Name
DC
X-Whom
MS-CV
Viewport
X-Region
X-Geo-Country
X-User-Agent
AMP-Access-Control-Allow-Source-Origin
X-App-Server
X-Frontend
Payment
X-Original-Request-Id
X-Cache-Operation
X-Cache-Rule
X-Response-Served-From
Liferay-Portal
X-Accel-Buffering
X-XRDS-LOCATION
Accept-Ch-Lifetime
X-Distributor
X-Instance
X-UUID
X-Cache-Time
X-Cacheable-TTL
X-Tumblr-Pixel
Surrogate-Key
X-Tumblr-User
X-FW-Dynamic
X-HTML-Minification-Powered-By
X-Tumblr-Pixel-0
X-FW-Hash
X-FW-Static
X-Rule
X-FW-Type
X-FW-Server
X-FW-Serve
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Refresh
X-Protected-By
X-Acc-Debug-Context
X-Content-Powered-By
X-Id
X-Amz-Replication-Status
S-Cnection
X-Via-JSL
X-Cache-Expired-At
X-Is-Bot
X-Rendered-As
Content-Disposition
Section-Io-Cache
X-Wix-Request-Id
X-Hyper-Cache
Version
GEO-INFO
X-Amzn-RequestId
X-Sucuri-ID
X-Backend-Name
X-Amz-Apigw-Id
X-Cache-Action
Datacenter
X-Ah-Environment
X-Tec-Api-Origin
CACHE
X-Endurance-Cache-Level
X-Oneagent-Js-Injection
X-Tec-Api-Root
X-Tec-Api-Version
Server-Name
Retry-After
PB-PID
Arc-Version
PB-RID
X-App-Version
X-Pinterest-Sli-Response-Type
X-Pinterest-Sli-Endpoint-Name
X-Pinterest-Sli-Latency-Threshold
X-Air-Hostname
X-Ua
X-Cache-Server
X-Source
Eomportal-Instance
X-Real-IP
X-Unique-Id
X-EdgeConnect-Cache-Status
X-Environment-Context
X-Framework
X-ProcessESI
X-RemovedCookies
X-L-Path
Referer-Policy
X-Sucuri-Cache
X-Revision
Frame-Options
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Varnish-Server
Ms-Operation-Id
X-Drupal-Cache-Contexts
NGB
X-RTag
Webserver
Countrycode
Akamai-Age-Ms
X-Cache-Control
X-ES-SERVER
X-Cache-Var-Map
X-Proxy-Cache-Status
X-Cache-Var
Meta-Geo
X-WA-Info
X-RN-RSRV
X-Drupal-Cache-Tags
X-Mode
X-Azure-Ref
Cache-Tv-Group
X-Xfnlog-Site
X-Time-Microsecs
X-Qloud-Router
DB-Nickname
X-DynaTrace-JS-Agent
X-GeoIP
X-ProxyCache-Key
X-Cache-Host
X-BYPASS-REASON
X-ProxyCache-Status
X-R9-Blue-Green-Version
X-Cache-TTL-Remaining
X-Handled-By
Webcakes-App-Version
X-Status
X-TNCMS
X-Server-W
X-Redis-Cache
TWC-Privacy
Webcakes-App-Name
X-Amzn-Remapped-Content-Length
X-AWS-Id
X-Hl-Ver
X-PHP-Host
X-PCL
X-Origin-Hint
X-VWS-Id
X-OCL
X-NYM-Debug-Backend
X-Loop
TWC-Device-Class
TWC-GeoIP-Country
TWC-Connection-Speed
Property-Id
Ec-Rule-Version
Mn-Server-Ip
X-Hosted-By
X-Human
X-FW-Version
TWC-Locale-Group
X-LJ-Flow-ID
TWC-GeoIP-LatLong
X-Cluster
X-Labrador-Cache-Channel
Cross-Origin-Window-Policy
Webcakes-Region
X-Contextid
X-Locale
X-Proxied
X-Proxy-Build
X-Format
X-FB-TRIP-ID
Selected-Fe
X-Access
X-TIME
X-Detected-As
X-Routing-Service
X-From
X-ServerID
X-Section
X-Zipkin-Id
X-Be
X-Via-Fastly
X-Timing-Wait
X-Proto
X-No-Session
X-Site-Version
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Route-Name
X-Providence-Cookie
X-Flags
X-NewRelic-App-Data
FSS-Cache
X-Adobe-Loc
X-Adobe-Content
Uber-Trace-Id
X-CDN-Forward
X-Correlation-Id
X-Cache-PHP
X-AIR-PT
X-Debug-Cache
X-ATG-Version
X-PHP-Backend
X-Device-Type
X-TT
X-Generated-By
X-Ratelimit-Reset
X-BCube-Filmed-By
X-Esi
X-Tt-Trace-Host
X-Cache-Spec
X-Tt-Trace-Tag
X-NC
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Upgrade-Insecure-Requests
X-CSRF-Token
Azure-RegionName
Azure-SlotName
Azure-SiteName
X-Varnish-Cache-Hits
Azure-InstanceId
Azure-Version
X-LLID
OT-Force-Account-Verify
Access-Control-Request-Headers
Cache
From-Origin
X-COUNTRY
X-UPSTREAM-Address
X-NCache
X-Oss-Server-Time
X-Akamai-Transformed
X-Oss-Request-Id
X-GoCache-CacheStatus
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Varnish-Ttl
X-Origin
X-Oss-Storage-Class
X-Adobe-Source
X-Cache-2
X-FTR-Cache-Host
X-CCM
SD-X-WS
CF-Cached-On
X-SaId
X-Page-View
Powered
X-JoinUs
X-Backend-TTL
X-Shopify-Stage
X-Varnishpool
Cache-Status
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-ShopId
X-Sorting-Hat-ShopId
X-LAGOON
X-ShardId
X-Sorting-Hat-PodId
X-ID
X-Soup
X-Pubstack
X-ApacheServer
X-Backend-Host
X-G
Country
X-Cache-Grace
X-Time
X-Forwarded-Host
X-PERF
X-Storage
Decoy-Debug-Status
Decoy-Debug-Key
X-Say-TTL
X-Say-Cacheable
Decoy-Debug-TTL
X-Web-Node
Fastly-SSL
X-Cluster-Name
X-SayCDN-TTL
X-ECache
X-APP-VERSION
Node
X-Ruxit-Js-Agent
X-IP
X-NWS-UUID-VERIFY
X-Cdn
X-EC-Lua
X-Viewer-Country
X-Cache-Enabled
X-TX-ID
X-Rojux
X-S
X-Aed
X-A-Dgt
X-A-Dam
X-S-Cookie
X-A-Dcw
X-A-Wwc
X-ARC
X-PAYTM-SRV-ID
X-External-Request-Id
X-PBS-Appsvrname
X-Processor
X-Rewrite-Enabled
X-RCS-CacheZone
X-Destination
X-D
X-Cache-NE
X-A-Ccd
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Connection-Hash
X-Application
X-Vtex-Remote-Cache
X-Trv-Group
X-Vdms-Path
DCR-Decision-By
DCR-Processing-Time-Ms
X-VG-WebCache
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Request-UUID
X-Vdms-Version
Apple-News-Services-Handled
Apple-News-Services-Host
Fastcgi-X-Cache-Version
Host-ID
Mobile-Detection-Method
X-ScT
Rendered-Blocks
X-A
X-Worker
Meta-Geo-Continent
X-Vtex-Processado-Em
X-Session-Fingerprint
Machine
X-VG-WebServer
MD5-Digest
Xc-Version
X-B-Cookie
SRV
X-Tumblr-Pixel-3
X-Via-CDN
X-GEO
X-Cache-Config
X-IPS-LoggedIn
CloudFront-Viewer-Country
CDN-Uid
Fastly-SWR
CDN-RequestId
X-WADP-Cache
X-Fastcgi-Cache
Is-Eu
CDN-RequestCountryCode
Gh-Request-Id
CDN-PullZone
X-VG-TLSProxy
X-Varnish-CookieHashed-On
Adler-Geo
X-Varnish-CookieINHashed-On
X-Variation
CDN-Cache
CDN-EdgeStorageId
CDN-CachedAt
X-Servername
X-Varnish-Remaining-TTL
X-Rebelmouse-Surrogate-Control
X-DefElseHash
X-CUA
X-Core-Value
X-Cms-Context
X-DefHash
X-DPWN-IS-SECURE
X-Generation-Time
X-Fmm-Version
X-Fastly-Cache
X-Envoy-Decorator-Operation
X-Clara-WADP
X-Micro-Cache
X-Ms-Version
X-B3-Spanid
X-Platform-Server
X-Rebelmouse-Cache-Control
X-Ms-Request-Id
X-Auto-Login
X-Microcachable
X-Cache-Debug
X-Cache-Bucket
Platform
Fastly-SIE
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-Cache-Backend
X-B3-Traceid
X-UA
Backend
X-Bc-Bl
PFcat
X-SN
X-HN
X-Request-Start
X-Request-Host
Rt-Fastcgi-Cache
X-Dispatcher-Server
NM-Fastcgi-Cache
X-Slack-Backend
X-HS-Content-Campaign-Id
X-Geo-Header
Fastly-Drupal-HTML
X-Skip-Cache
X-Is-Gdpr
Fastly-Backend-Name
Wxu-Next-Commit
X-JWT-State
Origin
Wxu-Next-Region
X-Core-Mission
X-Cache-Date
X-Branch-Name
X-Bip
X-Cache-Id
X-Cache-NGX
X-LI-UUID
X-Location
X-Clientip
X-Method
X-Backend-State
X-Old-Content-Length
X-Platform
X-Level-Front-Cache
X-Policy
X-Irp-Debug
X-Developers
X-Li-Fabric
X-OVcl
X-OVcl-Cache
X-Owner
X-Li-Pop
Wxu-Next-Hostname
L
X-Fastly-Backend
X-Gzip
X-Gamma-Serve
X-Generated-On
X-VarnishDD-TTL
X-Thanos
X-Varnish-Cacheable
CacheControlHeader
Akamai-GRN
AKAMAI
C-Via
X-Webstats-RespID
X-Has-Esi
X-Hash
X-Wikidot-Backend
X-Esi-Check
X-Wikidot-Static-Cache
X-Reqid
Pagetype
X-Cache-Tags
X-Render-Time
L5d-Success-Class
X-PF-Uncompressing
HA-Ipaddr
Ha-Gx-Prefs
X-CGP
X-Csrf-Jwt
X-Eu-Site
X-Mvc-Supplant-Cachable
X-Twitter-Response-Tags
X-Content-Age
X-Transaction
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-EIG-Tracking-Id
X-Refresh
FSS-Proxy
X-Cache-Remote
X-TA-CDN-Provider
X-DC
X-Minions-Version
X-CS
X-Sql-Count
X-Sql-Duration-Ms
X-Amz-Meta-Cb-Modifiedtime
Country-Code
X-Wa
UCS
X-Aicache-OS
X-NODE
X-Via-Popn
X-Date
X-Via-Poph
Surrogated-Key
X-Accel-Expires-Debug
X-NGENIX-Cache
X-Hp-Webp
X-LB-ID
X-Vgn-Hpd-Cached
X-Up
X-RateLimit-Remaining
X-Presslabs-Stats
X-SRV
NGX
X-Req
X-Edge-Location
X-NU-AKA-ACS-Version
X-Www-Served-By
XServer
X-Vgn-Hpd-Variations-Key
X-Dc
Mail-Subject
Cache-Hits
Hostname
We-Hiring
X-Ftr-Cache-Host
X-Mvc-Supplant-OutputCached
Group
X-S-Maxage
HostName
X-Debug-Cache-Fetch
Ufe-Result
X-Debug-Cache-Store
X-Cache-URL
Memcached
X-Cdn-Srv
Protected
Time
X-Check-Cacheable
X-Via-Edge
X-FPC
X-Nginx-Cache
X-Via-SSL
X-Proxy-Upstream
X-Ua-Device
X-Servedbyhost
Edge-Copy-Time
X-LI-Proto
X-CACHE-AGE
Now
X-Varnish-Hostname
On-Server
GeoIp-Country-Code
ServedBy
Geoip-Latitude
X-Svr
X-ZONE
X-BC
X-Agile-Age
X-Agile-Id
X-Agile
X-Request-Time
X-Cdn-Forward
T-Server
X-FORWARDED-FOR
X-Cs
X-Pass-Why
X-VCL-Version
X-CSRF-TOKEN
X-Acc-Rdl
X-LiteSpeed-Cache-Control
M-TraceId
X-NGINX-Cache
X-Cluster-Node
Xserver
X-UnsetCookies
SID
X-Via-Popv
X-Datadome
X-MP-GENERATED-AT
N-Cache
Server-Host
X-Dynatrace-Js-Agent
WZWS-RAY
X-Uri
X-Bc
X-Varnish-Hits
X-Zone
Arc-Country
Magicmarker
Pics-Label
X-Erf-Stays-Bingo-Pdp-Web
Section-Io-Origin-Status
X-CF-Powered-By
Section-Io-Origin-Time-Seconds
X-SB
X-Srv
X-VC
X-APP
Section-Origin-Responded
Section-Io-Id
X-HS-Status
NtCoent-Length
Srv
Ohc-File-Size
X-HITS
X-Edge-Server
Cdn-Host
Processtime
X-TT-LOGID
X-We-Are-Hiring
Apigw-Requestid
Cdn-Request-Time
X-Info
Viewtype
ProcessTime
VivaBuild
DSUID
User-Agent
Ohc-Cache-HIT
Cache-Name
X-Via-Ucdn
X-RunCloud-Cache
X-Action
Sid
W
X-MSEdge-Features
Memory
X-MSEdge-Flight
LB
X-UA-Device-Type
Odigeo-Trace-Id
X-CACHE-KEY
Cteonnt-Length
CF-IPCountry
X-DI
X-Origin-Date
X-RPS
X-RSL
Tracecode
X-RPM
X-DW
X-DSS
User-Cache-Control
WWW-Authenticate
X-Oss-Cdn-Auth
X-DB
X-HOST
X-Newrelic-App-Data
CountryCode
Server-Info
X-Vcl-Version
CDN
S-Rt
Ssr
X-Tb
X-Vgn-Hpd-Ssi
WebServer
X-Magnolia-Registration
X-Dynatrace
Lfy
X-Unique-ID
Amp-Access-Control-Allow-Source-Origin
X-Cache-Hfrom
X-Pjax-Url
X-Cache-Hm
Geo-Info
X-Hit
X-Geo
X-Webkit-CSP-Report-Only
X-BBC-Edge-Cache-Status
X-SVT-ORM-VERSION
X-API-Version
X-Thinkindot-L3
V-Age
Vix-Hermes-Req-Id
X-SVT-ORM-RULES
X-BBXSRF
X-SIPLIST1
X-Server-IP
X-Developer
X-Contensis-Viewer-Groups
X-Cache-Info
X-SRCache-Key
X-Cache-ASPX
True-Client-Country-4JS
Thinkindot-CacheControl-Type
Instruction
Server-Hostname
X-Scheme
IsBot
Server-Ext
Path
Locid
X-Cc-Via
X-Cc-Req-Id
Thinkindot-CacheControl
X-Gdpr
SR-User-Adfree
Sever-Int
D-Cc-Upstream
X-User
Thinkindot-Control
X-Cache-Expires
X-VServer
A
X-Response-By
X-Nyt-Route
X-Newrelic-Synthetics
X-Origin-CC
X-Loc
X-Origin-Time
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Origin-Expires
X-Origin-TTL
X-Varnish-Authentication
X-Request-URI
X-SD-PageType
X-Nginx-Cache-Key
X-Fastly-Country-Code
X-Node-Id
X-Matched-Rule
X-Varnish-Url
GeoIP-Latitude
X-Trace-Id
X-Traceid
Lb
X-Var-Ttl
MIME-Version
Pramga
X-Oracle-Dms-Rid
CDCHOST
X-NodeID
Cache-Host
Server-ID
GeoIP-Country-Code
X-Cdn-Origin
Release
X-Block-Status
X-GeoIP-City
X-Sn-Servicetimems
X-FC-Vary-Parameters
X-Fetched-On
X-Device-Os
X-Gen-Mode
X-Hnp-Log
X-Generated-In
X-Akamai-Request-ID2
Web-Mar-Node
X-Swa-Ws
X-Azure-Ref-OriginShield
X-Provided-By
X-Fpc
X-Nc
X-ServedByHost
X-Li-Proto
X-Envoy-Upstream-Healthchecked-Cluster
Cdn
X-Via-NSCOPI
X-Epic-Correlation-Id
X-Cache-Tag
FNAC-ModuleRouting
X-Lb-Id
Source
Accept-Language
X-Men
Cf-Device-Type
X-Rocket-Build-Number
X-Sigma-Backend
X-Sigma
Server-Ttl
Esi-Enabled
X-Browser-Type
X-SERVER-NAME
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-StackifyID
X-Served-From
Kp-EeAlive
X-Akamai-Pragma-Client-IP
Cache-Key
X-Origin-Response-Time
X-TH-Server
X-ORACLE-APMCS-REQUEST-ID
Actual-Object-TTL
X-Parent-Response-Time
Content-Style-Type
Expiry
X-Via-PopN
X-Via-PopH
X-WA
Content-Script-Type
X-Instart-Request-ID
X-Key
Cache-Provider
X-Via-PopV
X-No-Cache
X-Mobile-Rewrite
X-ServiceProvider
Location
Url
Req-Svc-Chain
X-VC-Cache
X-Batcache
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-MiniProfiler-Ids
X-Agile-Brick-Ok
X-Tt-Logid
X-Request-URL
X-B3-SpanId
X-ElasticPress-Query
X-Vgn-Hpd-Reason
X-Yottaa-OS
Inserted-Into-Cache-At
X-Vcache
Tcn
X-Instart-Info
X-Apw-Hits
X-Apw-Access-Token
X-RateLimit-Limit
X-Apw-Access-Action
X-BBC-Origin-Response-Status
X-Apw-Access-Object
X-Varnish-Beresp-TTL
X-Akamai-Request-ID
X-Proxy-Cachei7
Xkeyi7
URI
EpKe-Alive
X-HostName
Mime-Version
Content-Secure-Policy
X-B3-Parentspanid
X-Dispatch
Origin-Cache-Control
PICS-Label
Who
Origin-Edge-Control
X-PJAX-URL
Proxy-Firewall
X-Selected-Host-Header
X-Selected-Scheme
X-Selected-Name
X-Geo-Region
Resin-Trace
Pragrma
Server-Id
X-TraceId
X-ND-Cache
Cf-Alt-Svc
BehaviorPad-Version
Vha6-Origin
HitType
X-C
X-Dw-Trace-Id
X-RAMCache
NnCoection
Powered-By
X-Snapshot-Date
Xet-Cookie