Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
Age
CF-RAY
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-Served-By
CF-Ray
X-Xss-Protection
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Methods
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
P3p
X-Cacheable
X-Request-ID
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
Upgrade
X-CDN
X-Template
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Language
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Backend
X-AH-Environment
X-Hacker
X-Cache-Group
X-Server
X-Robots-Tag
X-Amz-Request-Id
X-Buckets
X-UA-Device
EagleId
X-Amz-Id-2
X-Proxy-Cache
X-Turbo-Charged-By
X-Dns-Prefetch-Control
X-Server-Powered-By
Request-Context
Server-Timing
Host-Header
X-Nginx-Cache-Status
Grace
Report-To
Xkey
X-Page-Speed
X-Rq
Cf-Bgj
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Ali-Swift-Global-Savetime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Vhost
X-Amz-Version-Id
X-WebKit-CSP
NEL
X-Host
X-Dispatcher
X-Device
X-Backend-Server
X-Node
Surrogate-Control
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Response-Time
Content-Location
X-Origin-Cache
Request-Id
X-Akam-SW-Version
X-ASPNET-VERSION
X-Ac
X-Server-Id
X-Country
Accept-CH
EagleEye-TraceId
Accept-CH-Lifetime
X-Mod-Pagespeed
X-HW
Rating
X-Readtime
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Cloud-Trace-Context
Pinterest-Generated-By
X-Application-Context
X-DataDome
Edge-Control
X-Country-Code
X-Vname
X-TtlSet
X-PC
X-Origin-Upstream-Status
X-Url
X-Varnish-TTL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cnection
Fusion-Template-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Source
Fusion-Content-Id
Fusion-Deployment-Id
X-D2id
X-MS-InvokeApp
X-GitHub-Request-Id
X-ESI
Allow
X-Content-Type
X-Clacks-Overhead
X-Server-Name
X-Abt-Application-Version
X-Navigation-Version
X-FTR-Request-ID
X-Pinterest-Rid
Pinterest-Version
X-Vcap-Request-Id
X-Trace
X-Sol
X-Middleton-Response
Display
Response
Pagespeed
X-Middleton-Display
Verso
X-Px
X-DynaTrace
X-Rack-Cache
X-Cached
X-Element-Page-Cache
X-Fastly-Request-ID
X-B3-TraceId
Service-Worker-Allowed
X-Client-IP
X-Server-ID
MS-Author-Via
X-Cache-TTL
Arr-Disable-Session-Affinity
X-Powered-By-Plesk
X-Upstream
X-Dw-Request-Base-Id
X-Version
Content-MD5
X-Forwarded-Proto
X-T
AR-Request-ID
AR-PoweredBy
AR-CACHE
AR-ATIME
X-NF-Request-ID
Ar-Sid
X-Webkit-CSP
X-SharePointHealthScore
SPRequestGuid
Fastly-Restarts
X-TTL
Akamai-Age-Ms
X-Debug
X-VARITI-CCR
Accept-Ch
X-Kinja-Revision
X-Kinja-Build
X-Kinja-Server
X-Kinja
X-Use-Magma
X-Jurisdiction
X-GoogleNews-Bot
X-Cdn-Fetch
X-XRDS-Location
X-Exp-Id
X-Exp-Variant
TP-L2-Cache
TP-Cache
Access-Control-Request-Method
X-Goog-Hash
X-Powered-CMS
X-Content-Digest
X-Ttl
X-Release
X-MSEdge-Ref
X-Edge
X-NWS-LOG-UUID
TCN
Accept-Ch-Lifetime
S
SPRequestDuration
SPIisLatency
X-FastCGI-Cache
RTSS
X-PressLabs-Stats
X-Amz-Rid
Cache-Tag
X-Pinterest-Direct
X-Request-Processing-Time
Fastcgi-Cache
X-Request-Received
Public-Key-Pins
X-Yandex-Sdch-Disable
X-Ezoic-Cdn
X-CST
X-Node-Name
X-MCACHE
X-Mid
Server-Node
X-Cache-Key
X-Accel-Expires
X-Ratelimit-Remaining
X-Amzn-Trace-Id
X-Logged-In
X-Cache-Hit
Front-End-Https
ServerID
X-Ser
X-Request-Handler-Origin-Region
X-Microsite
Alternate-Protocol
X-Recruiting
X-Kinsta-Cache
X-Origin-Server
X-Page-Id
Host
Accept-Charset
X-B
X-ECACHE
X-Ratelimit-Limit
X-Hostname
X-Mobile-URL
X-FireWall-Port
MRF-Tech
Mrf-Cache-Status
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-B3-TraceId-Primal
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Realm
X-FTR-Balancer
X-Varnish-Age
X-FTR-Cache-Status
X-Country-Code-Real
Nginx-Cache
X-FTR-Backend
X-FTR-Expires
X-Content-Security-Policy-Report-Only
Filterid
X-Forwarded-For
X-DIS-Request-ID
X-Seen-By
X-Load-Cache
X-Shield-Request-Id
Realpath
X-Daa-Tunnel
X-Content-Options
X-Jobs
Edge-Cache-Tag
X-Id
X-LB-Cache
X-F-Cache
X-Git-Hash
X-Mg-S
X-Type
X-App-Environment
X-Varnish-Backend
X-Az
X-Request-Guid
X-Grace
X-Varnish-Grace
Paypal-Debug-Id
X-N
X-Activity-Id
X-AppVersion
X-Hits
X-Rid
X-Correlation-ID
X-Zen-Fury
Fastcgi-Useragent
X-Amz-Server-Side-Encryption
X-Proxy
X-FB-Debug
DynaTrace
Access-Control-Allow-Method
X-Upgrade-Enabled
X-App-Server
Cache-Tags
X-HP-Webp
MicrosoftSharePointTeamServices
DC
X-TEC-API-ORIGIN
X-WebKit-CSP-Report-Only
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Kong-Upstream-Latency
Cleartype
X-Kong-Proxy-Latency
X-Geo-Country
X-Akamai-Edgescape
X-Content-Powered-By
Content-Disposition
X-Cache-Rule
X-Cache-Operation
X-Cached-By
AMP-Access-Control-Allow-Source-Origin
X-Wix-Request-Id
X-Endurance-Cache-Level
X-Accel-Buffering
X-Original-Request-Id
X-Response-Served-From
X-Host-Name
X-VCache
X-User-Agent
X-IPLB-Instance
X-B3-Sampled
X-Amz-Meta-S3cmd-Attrs
NGB
X-HTML-Minification-Powered-By
Healthy
X-Fastcgi-Cache
X-HS-Content-Id
Payment
X-HS-Hub-Id
X-Rendered-As
X-B-Cache
X-Signature
X-AOL-HN
X-Is-Bot
X-HS-Cache-Config
X-UUID
Refresh
X-Distributor
X-Cacheable-TTL
X-FW-Type
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-GUploader-UploadID
X-Cache-Time
X-Whom
X-Region
X-FW-Serve
X-FW-Static
X-Goog-Generation
X-Goog-Stored-Content-Length
X-FW-Hash
X-HS-Combine-CSS
MS-CV
X-FW-Server
X-FW-Dynamic
X-Amzn-RequestId
X-Rule
X-Amz-Apigw-Id
X-Instance
Datacenter
X-Tumblr-User
Powered-By-ChinaCache
X-Tumblr-Pixel-2
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Debug-Info
X-Tumblr-Pixel-1
X-Mobile
X-XRDS-LOCATION
Arc-Version
X-Respond-Thread
PB-RID
X-Cache-Age
PB-PID
X-Frontend
X-Ua
X-App-Version
X-Varnish-Server
Countrycode
X-Tec-Api-Root
X-Tec-Api-Version
X-Oneagent-Js-Injection
X-Tec-Api-Origin
X-Hp-Webp
Surrogate-Key
S-Cnection
X-PHP-Backend
X-Backend-Name
Powered
X-Protected-By
X-Via-JSL
X-Cache-Server
X-Azure-Ref
X-Acc-Debug-Context
Viewport
Liferay-Portal
X-Litespeed-Cache
X-Hyper-Cache
X-NewRelic-App-Data
X-Cache-Expired-At
X-WA-Info
X-DynaTrace-JS-Agent
X-FTR-Cache-Host
X-Proxy-Cache-Status
X-Cache-Control
Referer-Policy
Cache
Filters
Retry-After
X-Sucuri-ID
X-EdgeConnect-Cache-Status
Charset
X-FB-TRIP-ID
X-Source
Section-Io-Cache
Meta-Geo
X-RemovedCookies
X-ES-SERVER
X-Mode
X-Debug-Cache
Webserver
X-Cache-Var
X-Cache-Var-Map
X-RN-RSRV
X-Time
X-ProcessESI
X-Locale
X-Amz-Replication-Status
X-GeoIP
X-Cache-Action
X-Qloud-Router
X-R9-Blue-Green-Version
X-From
X-Device-Type
X-Real-IP
Eomportal-Instance
X-Site-Version
X-AWS-Id
Mn-Server-Ip
X-Framework
X-Via-Fastly
X-ProxyCache-Status
X-ProxyCache-Key
X-LJ-Flow-ID
X-Ratelimit-Reset
X-Server-W
X-VWS-Id
X-Time-Microsecs
X-BYPASS-REASON
X-Xfnlog-Site
X-Cache-Host
TWC-Device-Class
TWC-Connection-Speed
Selected-Fe
TWC-GeoIP-Country
TWC-Locale-Group
Webcakes-App-Name
TWC-Privacy
Property-Id
X-CSRF-Token
X-Yottaa-Metrics
X-L-Path
X-Yottaa-Optimizations
Cache-Tv-Group
Ec-Rule-Version
Cross-Origin-Window-Policy
Webcakes-App-Version
Webcakes-Region
X-Routing-Service
X-Proxy-Build
X-Proxied
X-Timing-Wait
X-TNCMS
X-Human
X-Zipkin-Id
X-PCL
X-Origin-Hint
X-FW-Version
X-Cluster
X-Handled-By
X-Hl-Ver
X-OCL
X-Loop
X-Environment-Context
TWC-GeoIP-LatLong
FSS-Cache
X-Detected-As
DB-Nickname
X-RTag
X-Revision
X-JoinUs
X-Hosted-By
X-Status
X-SaId
X-PHP-Host
X-Proto
X-Be
X-BCube-Filmed-By
X-Labrador-Cache-Channel
X-Amzn-Remapped-Content-Length
X-ServerID
X-Generated-By
Ms-Operation-Id
Uber-Trace-Id
X-Cache-TTL-Remaining
X-NYM-Debug-Backend
X-Redis-Cache
Version
X-Access
X-Format
X-Section
From-Origin
X-Air-Hostname
Frame-Options
X-No-Session
X-Varnish-Cache-Hits
X-Cache-PHP
GEO-INFO
X-ATG-Version
X-NWS-UUID-VERIFY
X-Sucuri-Cache
X-Drupal-Cache-Contexts
X-Unique-Id
X-Contextid
X-TA-CDN-Provider
X-URL
Server-Name
X-Origin
X-EC-Lua
X-NCache
X-Drupal-Cache-Tags
X-EIG-Tracking-Id
CF-Cached-On
X-IPS-LoggedIn
OT-Force-Account-Verify
X-Tt-Trace-Tag
X-Akamai-Transformed
X-Tt-Trace-Host
X-CDN-Forward
X-Bc-Bl
X-Cache-Enabled
X-IP
X-GoCache-CacheStatus
X-TIME
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Server-Time
X-Adobe-Loc
X-CACHE-AGE
X-Adobe-Content
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-AIR-PT
X-Backend-Host
X-Vgn-Hpd-Variations-Key
X-Cache-Backend
X-Vgn-Hpd-Cached
X-UA
X-Ruxit-Js-Agent
X-TT
Azure-SiteName
Azure-InstanceId
Time
Azure-SlotName
X-Correlation-Id
X-Tumblr-Pixel-3
Azure-RegionName
Azure-Version
Now
X-Cdn
X-NC
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Access-Control-Request-Headers
Node
X-Cache-2
X-RCS-CacheZone
X-APP-VERSION
SD-X-WS
X-Adobe-Source
X-CCM
X-VG-WebCache
X-VG-WebServer
X-Vtex-Remote-Cache
X-Worker
X-Vtex-Processado-Em
Xc-Version
Machine
X-Application
X-Aed
X-Processor
X-ARC
X-B-Cookie
X-Accel-Expires-Debug
X-A-Wwc
X-A-Ccd
X-A-Dcw
X-Request-UUID
X-A-Dgt
X-Cache-NE
X-CF-Lambda-Fn
X-G
X-Minions-Version
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-External-Request-Id
X-Destination
X-CF-Lambda-Version
X-Connection-Hash
X-D
X-Date
X-A
Surrogated-Key
DCR-Processing-Time-Ms
DCR-Decision-By
Fastcgi-X-Cache-Version
X-Up
Host-ID
CloudFront-Viewer-Country
Apple-News-Services-Request-Url
Apple-News-Services-Handled
Apple-News-Services-Host
X-Vdms-Path
Apple-News-Services-Parsed-Url
MD5-Digest
Meta-Geo-Continent
X-S-Cookie
X-S
X-Rojux
X-Rewrite-Enabled
X-ScT
X-Transaction
Mobile-Detection-Method
Rendered-Blocks
X-Twitter-Response-Tags
X-Trv-Group
X-Vdms-Version
X-A-Dam
X-Shopify-Stage
X-ShopId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Soup
X-ShardId
X-Pubstack
X-Backend-TTL
X-ApacheServer
X-Cache-Grace
X-Forwarded-Host
X-PERF
X-Varnishpool
X-Storefront-Renderer-Rendered
X-Edge-Location
X-Envoy-Decorator-Operation
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-CUA
CDN-PullZone
X-Varnish-Ttl
X-Variation
CDN-EdgeStorageId
Ufe-Result
We-Hiring
Wxu-Next-Commit
X-VG-TLSProxy
X-Cache-Bucket
X-Bip
X-Ms-Request-Id
X-Ms-Version
CDN-RequestId
CDN-Uid
X-Core-Value
Wxu-Next-Hostname
Wxu-Next-Region
CDN-RequestCountryCode
X-Skip-Cache
CDN-CachedAt
X-Rebelmouse-Cache-Control
NM-Fastcgi-Cache
X-SN
X-Generation-Time
X-Rebelmouse-Surrogate-Control
Adler-Geo
X-Servername
Is-Eu
Mail-Subject
X-Req
X-OVcl-Cache
X-Owner
X-Thanos
X-OVcl
CDN-Cache
Fastly-SIE
X-Method
Platform
X-NGENIX-Cache
X-Microcachable
X-Hash
Fastly-SWR
X-Cluster-Name
X-Viewer-Country
X-ECache
X-Storage
X-Cache-Config
Fastly-SSL
X-Varnish-Beresp-Ttl
Cache-Status
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Platform
L5d-Success-Class
L
X-Request-Start
X-Policy
X-Reqid
X-Proxy-Upstream
HA-Ipaddr
X-Render-Time
X-Instart-Request-ID
Gh-Request-Id
X-Varnish-Cacheable
X-VarnishDD-TTL
X-WADP-Cache
X-Webstats-RespID
Country-Code
Fastly-Drupal-HTML
Group
Origin
X-TX-ID
Ha-Gx-Prefs
PFcat
X-Cms-Context
X-Core-Mission
X-Csrf-Jwt
X-Eu-Site
X-Clientip
X-CGP
X-Backend-State
X-Cache-Date
X-Cache-NGX
X-Cache-Tags
X-Fastly-Backend
X-Fastly-Cache
X-Li-Fabric
X-Li-Pop
X-LI-UUID
X-Micro-Cache
X-Level-Front-Cache
X-HN
Rt-Fastcgi-Cache
X-Fmm-Version
X-Gamma-Serve
X-Generated-On
X-Auto-Login
X-Clara-WADP
CacheControlHeader
AKAMAI
C-Via
X-Say-TTL
X-Say-Cacheable
Backend
Country
Decoy-Debug-TTL
Decoy-Debug-Key
X-Web-Node
X-SayCDN-TTL
Decoy-Debug-Status
X-Has-Esi
X-Gzip
X-Geo-Header
HostName
X-JWT-State
UCS
X-Is-Gdpr
X-Irp-Debug
X-Esi-Check
X-Cache-URL
X-Cache-Id
X-Cdn-Srv
X-Content-Age
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Developers
X-Request-Host
X-Agile-Id
X-Agile-Age
Pagetype
X-Amz-Meta-Cb-Modifiedtime
X-Slack-Backend
X-Agile
X-HS-Content-Campaign-Id
X-Location
Fastly-Backend-Name
Akamai-GRN
X-Esi
Memcached
X-Old-Content-Length
FSS-Proxy
X-CS
Nel
X-Wa
X-Mvc-Supplant-Cachable
X-PF-Uncompressing
Upgrade-Insecure-Requests
X-Platform-Server
X-NODE
X-LAGOON
CACHE
X-Aicache-OS
X-Varnish-Remaining-TTL
X-DefElseHash
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Refresh
X-DefHash
X-B3-Traceid
M-TraceId
X-UPSTREAM-Address
X-Cdn-Forward
X-Via-Popn
X-LB-ID
X-Branch-Name
X-RateLimit-Remaining
X-Via-Poph
X-Dc
X-Is-Crawler
X-Providence-Cookie
X-Route-Name
X-Flags
X-Aspnet-Duration-Ms
X-BC
X-Session-Fingerprint
X-ZONE
X-B3-Spanid
Arc-Country
X-Cache-Debug
X-Servedbyhost
X-Ua-Device
X-LI-Proto
NGX
Viewtype
VivaBuild
X-RunCloud-Cache
X-Zone
X-Via-Ucdn
Cdn-Request-Time
X-Mvc-Supplant-OutputCached
X-Debug-Cache-Store
X-Bc
X-Edge-Server
X-Debug-Cache-Fetch
Cdn-Host
Srv
X-DC
X-SERVER
X-ORACLE-APMCS-REQUEST-ID
Actual-Object-TTL
X-Request-Time
X-GEO
Memory
X-Page-View
X-Varnish-Hostname
X-Unique-ID
Geo-Info
X-Nginx-Cache
X-APP
X-Action
X-Vgn-Hpd-Ssi
X-Srv
X-NGINX-Cache
X-FPC
X-Cs
X-RPS
X-RSL
Hostname
X-Ftr-Cache-Host
X-DW
X-RPM
X-DI
Xserver
X-HS-Status
X-Check-Cacheable
X-DSS
SRV
WWW-Authenticate
X-LiteSpeed-Cache-Control
X-DB
X-CSRF-TOKEN
X-VCL-Version
Geoip-Latitude
X-Akamai-Request-ID2
GeoIp-Country-Code
X-MP-GENERATED-AT
XServer
Sid
X-NU-AKA-ACS-Version
X-Oss-Cdn-Auth
X-Cluster-Node
X-Via-Popv
X-CF-Powered-By
X-Geo
X-Vcache
X-Dynatrace-Js-Agent
X-Epic-Correlation-Id
ProcessTime
X-Via-CDN
NtCoent-Length
Server-Info
X-Sql-Duration-Ms
User-Agent
X-Sql-Count
X-UnsetCookies
X-Hit
Edge-Copy-Time
X-Via-SSL
Processtime
W
X-VHOST
X-SERVER-NAME
GeoIP-Latitude
Apigw-Requestid
X-Mobile-Rewrite
X-Via-Edge
GeoIP-Country-Code
X-FC-Vary-Parameters
X-FORWARDED-FOR
X-Webkit-CSP-Report-Only
SID
X-Nc
X-Svr
X-We-Are-Hiring
On-Server
X-Www-Served-By
WebServer
X-HOST
X-Fastly-Country-Code
X-Pinterest-Sli-Latency-Threshold
X-Vcl-Version
X-Presslabs-Stats
X-SRV
S-Rt
X-Pinterest-Sli-Endpoint-Name
X-Envoy-Upstream-Healthchecked-Cluster
X-Fpc
X-Pinterest-Sli-Response-Type
Esi-Enabled
ServedBy
Ohc-File-Size
X-HITS
X-S-Maxage
LB
Amp-Access-Control-Allow-Source-Origin
Cache-Hits
X-Tb
X-Cache-Remote
Accept-Language
Origin-Edge-Control
X-Cache-Hm
X-Cache-Hfrom
T-Server
X-Key
Origin-Cache-Control
CF-IPCountry
Cdn
X-Pjax-Url
A
Cteonnt-Length
Lb
X-Pass-Why
Proxy-Firewall
Server-Host
X-Dispatch
N-Cache
X-MSEdge-Flight
X-MSEdge-Features
X-COUNTRY
X-CACHE-KEY
Pics-Label
CDN
X-Newrelic-App-Data
X-Geo-Region
Magicmarker
HitType
X-SB
X-Amzn-Remapped-Date
X-VC
Powered-By
WZWS-RAY
X-Amzn-Remapped-Connection
X-Varnish-Hits
X-Instart-Info
Ohc-Cache-HIT
X-Info
X-App
BehaviorPad-Version
X-ServedByHost
X-Generated
X-Li-Proto
Fastcgi-Cache-TTL
X-RAMCache
X-StackifyID
X-Dynatrace
Protected
X-Datadome
X-B3-SpanId
Cache-Key
X-Served-From
X-TrackingId
X-Via-NSCOPI
X-Lb-Id
X-Akamai-Pragma-Client-IP
X-Newrelic-Synthetics
Server-Ttl
X-TH-Server
X-Cache-Tag
X-Uri
X-Path-Route
User-Cache-Control
X-Batcache
X-Via-PopH
X-TT-LOGID
X-Via-PopV
Cache-Provider
Xet-Cookie
X-LiteSpeed-Tag
X-Via-PopN
X-ID
CountryCode
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Agile-Brick-Ok
Tracecode
X-Planisys-CDN-Cache
X-Tt-Logid
Cf-Alt-Svc
Dnion-Transfer-Encoding
Ssr
X-WA
X-Vgn-Hpd-Reason
Tcn
X-Scheme
X-Men
X-Cc-Via
X-PJAX-URL
D-Cc-Upstream
X-Varnish-Beresp-TTL
Who
Lfy
X-Cache-Spec
X-Cc-Req-Id
X-Pad
X-HostName
X-Origin-Response-Time
X-Yottaa-OS
X-RateLimit-Limit
X-Erf-Bev-Bev
Content-Script-Type
Content-Style-Type
X-Erf-Bev-Bev-Is-Generated
Inserted-Into-Cache-At
X-Tid
X-Pf-Uncompressing
X-Magnolia-Registration
Vha6-Origin
X-Selected-Name
Section-Origin-Responded
X-Selected-Host-Header
X-Selected-Scheme
Section-Io-Origin-Time-Seconds
X-LLID
Section-Io-Id
Section-Io-Origin-Status
Odigeo-Trace-Id
Cache-Name
DSUID
X-UA-Device-Type
X-Provided-By
X-Nyt-Route
X-NodeID
X-Node-Id
X-Nginx-Cache-Key
X-Origin-CC
X-Origin-Expires
X-Parent-Response-Time
X-Origin-TTL
X-Origin-Time
X-VServer
X-Origin-Date
X-Loc
X-Fetched-On
X-Gdpr
X-ElasticPress-Query
X-Device-Os
X-Developer
X-Gen-Mode
X-Generated-In
X-RateLimit-Limit-Second
X-Hnp-Log
X-Goog-Meta-Goog-Reserved-File-Mtime
X-GeoIP-City
X-Matched-Rule
X-Request-URI
X-Trace-Id
X-Traceid
X-User
X-SIPLIST1
X-Sn-Servicetimems
X-Thinkindot-L3
X-Swa-Ws
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-SRCache-Key
X-Contensis-Viewer-Groups
X-Var-Ttl
X-Server-IP
X-SD-PageType
X-Rocket-Build-Number
X-Response-By
X-ServiceProvider
X-Sigma
X-Varnish-Authentication
X-Varnish-Url
X-VC-Cache
X-Sigma-Backend
X-RateLimit-Remaining-Second
Thinkindot-Control
X-Snapshot-Date
Cache-Host
Source
X-Request-URL
X-Apw-Hits
CDCHOST
FNAC-ModuleRouting
Locid
Kp-EeAlive
IsBot
Instruction
X-Apw-Access-Token
X-Apw-Access-Object
X-MiniProfiler-Ids
Mime-Version
Pragrma
X-C
X-Dw-Trace-Id
X-Proxy-Cachei7
X-Apw-Access-Action
PICS-Label
X-Nananana
X-Region-Sid
MIME-Version
Path
X-Azure-Ref-OriginShield
X-API-Version
Web-Mar-Node
Vix-Hermes-Req-Id
X-BBC-Edge-Cache-Status
X-BBXSRF
X-Cache-Info
X-Cache-Expires
X-Cache-ASPX
X-Block-Status
V-Age
True-Client-Country-4JS
Server-Ext
Resin-Trace
Release
Pramga
Server-Hostname
Server-ID
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
SR-User-Adfree
Sever-Int
X-Cdn-Origin