Threat Level: green Handler on Duty: Remco Verhoef

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
Accept-Ranges
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
CF-RAY
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-UA-Compatible
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-Xss-Protection
X-Served-By
CF-Ray
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
P3p
X-Iinfo
X-Content-Security-Policy
X-AspNetMvc-Version
Status
Content-Encoding
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Cache-Group
X-Server
X-Backend
X-Hacker
X-Amz-Request-Id
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
Request-Context
EagleId
X-Proxy-Cache
X-UA-Device
X-Turbo-Charged-By
X-Template
X-Server-Powered-By
Server-Timing
X-Language
X-Nginx-Cache-Status
Grace
Host-Header
Report-To
X-Dns-Prefetch-Control
X-Rq
X-Page-Speed
Xkey
X-Ua-Compatible
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-Buckets
X-Vhost
X-WebKit-CSP
X-Host
X-Backend-Server
NEL
X-Server-Id
X-Dispatcher
X-Device
Surrogate-Control
X-Node
Accept-CH-Lifetime
X-Ruxit-JS-Agent
Request-Id
Content-Location
Accept-CH
X-Response-Time
EagleEye-TraceId
X-Cache-Lookup
X-Akam-SW-Version
X-Origin-Cache
X-Ac
Allow
X-Readtime
Rating
X-HW
X-Mod-Pagespeed
X-Country
X-Cloud-Trace-Context
X-Application-Context
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Edge-Control
Pinterest-Generated-By
X-PC
X-Vname
X-TtlSet
X-MS-InvokeApp
X-Cnection
X-Country-Code
X-DataDome
X-CST
X-Varnish-TTL
X-GitHub-Request-Id
X-Content-Type
X-D2id
X-Server-Name
X-Clacks-Overhead
X-Trace
X-Middleton-Display
Display
Response
X-Middleton-Response
X-Sol
Pagespeed
X-Origin-Upstream-Status
X-Pinterest-Rid
Pinterest-Version
MS-Author-Via
X-FastCGI-Cache
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Component-Id
Fusion-Source
Fusion-Content-Id
X-Vcap-Request-Id
X-Px
X-Navigation-Version
X-Abt-Application-Version
X-Rack-Cache
X-B3-TraceId
X-ESI
Service-Worker-Allowed
X-Url
Verso
X-Fastly-Request-ID
X-TTL
Arr-Disable-Session-Affinity
X-Client-IP
X-Webkit-CSP
X-Element-Page-Cache
X-DynaTrace
X-Cache-TTL
X-Cached
X-FTR-Request-ID
X-Dw-Request-Base-Id
SPRequestGuid
X-SharePointHealthScore
X-VARITI-CCR
X-Kinja-Server
X-Exp-Id
X-Use-Magma
X-Cdn-Fetch
X-Goog-Hash
X-Kinja
X-Kinja-Build
X-Exp-Variant
X-Kinja-Revision
X-GoogleNews-Bot
X-Powered-By-Plesk
X-NF-Request-ID
X-Upstream
Fastly-Restarts
AR-CACHE
AR-PoweredBy
AR-Request-ID
AR-ATIME
Ar-Sid
X-Debug
Content-MD5
X-Pinterest-Direct
X-MSEdge-Ref
SPIisLatency
SPRequestDuration
X-Forwarded-Proto
X-Version
X-Powered-CMS
Access-Control-Request-Method
X-T
X-Release
X-Jurisdiction
X-Amz-Rid
S
X-Content-Digest
X-Edge
X-XRDS-Location
TCN
RTSS
TP-L2-Cache
TP-Cache
Cache-Tag
X-Litespeed-Cache
X-Ezoic-Cdn
Public-Key-Pins
X-Ttl
Front-End-Https
X-Node-Name
X-MCACHE
X-Mid
X-Cache-Key
X-Request-Received
X-Request-Processing-Time
X-Mg-S
Server-Node
Fastcgi-Cache
X-Yandex-Sdch-Disable
X-Recruiting
X-HP-Webp
X-Accel-Expires
X-Amzn-Trace-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ser
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Amz-Server-Side-Encryption
X-Kinsta-Cache
X-PressLabs-Stats
X-Grace
X-NWS-LOG-UUID
Accept-Ch
X-Request-Handler-Origin-Region
X-Microsite
X-ASPNET-VERSION
X-Origin-Server
Accept-Charset
X-Varnish-Age
X-Logged-In
MicrosoftSharePointTeamServices
ServerID
X-DIS-Request-ID
X-Page-Id
Cf-Bgj
Nginx-Cache
X-Shield-Request-Id
Host
X-Cache-Hit
X-Ratelimit-Remaining
Edge-Cache-Tag
X-Content-Security-Policy-Report-Only
X-ECACHE
X-Server-ID
X-Hits
Powered-By-ChinaCache
X-B
X-Hostname
X-Forwarded-For
X-Mobile-URL
X-F-Cache
X-LB-Cache
X-Respond-Thread
Cleartype
Cache-Tags
X-AppVersion
X-Az
Realpath
X-Activity-Id
X-Git-Hash
X-N
X-Ratelimit-Limit
Alternate-Protocol
X-Cached-By
X-Content-Options
X-Upgrade-Enabled
DynaTrace
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Load-Cache
X-Cache-Age
X-Varnish-Backend
X-Rid
X-Jobs
X-Request-Guid
Paypal-Debug-Id
X-App-Environment
X-Type
X-FTR-Realm
X-FTR-DC
X-Country-Code-Real
Fastcgi-Useragent
X-FTR-Backend
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Expires
X-Seen-By
Access-Control-Allow-Method
X-Amz-Meta-S3cmd-Attrs
X-Proxy
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-URL
X-WebKit-CSP-Report-Only
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Correlation-ID
X-HS-Content-Id
X-HS-Cache-Config
X-FireWall-Port
X-HS-Hub-Id
X-HS-Combine-CSS
X-Akamai-Edgescape
X-Zen-Fury
X-FB-Debug
X-VCache
Filterid
X-Daa-Tunnel
X-B3-Sampled
X-Varnish-Grace
X-IPLB-Instance
Charset
Filters
X-B-Cache
X-Mobile
X-AOL-HN
X-Signature
X-Whom
X-Debug-Info
Healthy
MS-CV
X-Host-Name
DC
Viewport
X-Region
X-User-Agent
X-App-Server
X-Geo-Country
AMP-Access-Control-Allow-Source-Origin
X-Cache-Rule
X-Cache-Operation
X-Original-Request-Id
X-Accel-Buffering
X-Response-Served-From
X-XRDS-LOCATION
Payment
Liferay-Portal
X-Frontend
Accept-Ch-Lifetime
X-Distributor
X-UUID
X-HTML-Minification-Powered-By
X-Rule
X-Tumblr-User
X-Cache-Time
X-Cacheable-TTL
X-Instance
X-Tumblr-Pixel
X-Tumblr-Pixel-2
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-FW-Type
X-FW-Static
Refresh
X-Content-Powered-By
X-FW-Serve
X-FW-Dynamic
Surrogate-Key
X-Protected-By
X-Acc-Debug-Context
X-FW-Hash
X-FW-Server
X-Amz-Replication-Status
S-Cnection
X-Via-JSL
X-Id
X-Is-Bot
X-Rendered-As
Content-Disposition
X-Wix-Request-Id
X-Cache-Expired-At
Section-Io-Cache
Version
X-Hyper-Cache
Nel
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cache-Action
X-Sucuri-ID
X-Backend-Name
GEO-INFO
X-Ah-Environment
Datacenter
CACHE
X-Oneagent-Js-Injection
X-Endurance-Cache-Level
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
PB-PID
PB-RID
X-Pinterest-Sli-Response-Type
X-App-Version
X-Pinterest-Sli-Latency-Threshold
Arc-Version
X-Pinterest-Sli-Endpoint-Name
Retry-After
X-Cache-Server
X-Air-Hostname
X-Ua
Server-Name
X-Source
X-EdgeConnect-Cache-Status
Eomportal-Instance
X-Real-IP
X-RemovedCookies
X-Framework
X-L-Path
X-Environment-Context
X-ProcessESI
X-Yottaa-Optimizations
X-Varnish-Server
Referer-Policy
X-Sucuri-Cache
X-Yottaa-Metrics
X-Revision
X-RTag
Ms-Operation-Id
NGB
Frame-Options
X-Drupal-Cache-Contexts
Webserver
X-Unique-Id
Countrycode
Akamai-Age-Ms
X-Cache-Control
X-WA-Info
X-ES-SERVER
X-Proxy-Cache-Status
X-Cache-Var-Map
X-Cache-Var
Meta-Geo
X-RN-RSRV
X-Drupal-Cache-Tags
X-Azure-Ref
X-Cache-Host
X-GeoIP
Cache-Tv-Group
X-DynaTrace-JS-Agent
X-BYPASS-REASON
DB-Nickname
X-R9-Blue-Green-Version
X-Time-Microsecs
X-ProxyCache-Key
X-ProxyCache-Status
X-Hosted-By
Cross-Origin-Window-Policy
X-Xfnlog-Site
X-PHP-Host
X-Qloud-Router
X-Human
X-Labrador-Cache-Channel
X-Loop
X-Handled-By
X-Cache-TTL-Remaining
X-TNCMS
X-Amzn-Remapped-Content-Length
Ec-Rule-Version
X-Redis-Cache
X-Hl-Ver
TWC-GeoIP-Country
Selected-Fe
X-Mode
TWC-Connection-Speed
TWC-Locale-Group
TWC-Device-Class
Property-Id
TWC-GeoIP-LatLong
X-Detected-As
X-Server-W
X-VWS-Id
X-PCL
X-Be
X-FW-Version
X-Proxy-Build
X-Via-Fastly
X-Locale
X-Timing-Wait
X-NYM-Debug-Backend
X-TIME
X-LJ-Flow-ID
X-From
X-No-Session
X-AWS-Id
X-Cluster
X-Status
Webcakes-Region
Webcakes-App-Name
Webcakes-App-Version
X-Origin-Hint
X-Site-Version
X-FB-TRIP-ID
X-Proto
X-ServerID
TWC-Privacy
X-OCL
X-Contextid
X-Flags
X-Is-Crawler
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Route-Name
Mn-Server-Ip
FSS-Cache
X-Zipkin-Id
X-Proxied
X-Section
X-Routing-Service
X-Format
X-Access
X-CDN-Forward
X-Correlation-Id
X-Adobe-Loc
X-Adobe-Content
X-NewRelic-App-Data
X-AIR-PT
X-Debug-Cache
Uber-Trace-Id
X-ATG-Version
X-PHP-Backend
X-TT
X-Generated-By
X-Device-Type
X-Cache-PHP
X-BCube-Filmed-By
X-Ratelimit-Reset
X-Esi
X-Ua-Device
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-NC
Upgrade-Insecure-Requests
X-Cache-Spec
X-CSRF-Token
VIX-Pulpo-Node
Azure-SlotName
Azure-InstanceId
Azure-Version
VIX-Pulpo-Upstream-Status
Azure-SiteName
Azure-RegionName
X-Varnish-Cache-Hits
Access-Control-Request-Headers
OT-Force-Account-Verify
X-LLID
Cache
From-Origin
X-UPSTREAM-Address
X-NCache
X-COUNTRY
X-Origin
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Object-Type
X-GoCache-CacheStatus
X-Akamai-Transformed
X-FTR-Cache-Host
X-Adobe-Source
SD-X-WS
X-Cache-2
CF-Cached-On
X-Backend-TTL
X-JoinUs
Powered
X-Varnish-Ttl
X-SaId
X-CCM
X-Page-View
X-Varnishpool
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-ShopId
X-Shopify-Stage
X-ShardId
X-Backend-Host
X-Soup
X-LAGOON
X-G
Cache-Status
Country
X-ID
X-Time
X-Cache-Grace
X-Forwarded-Host
X-Pubstack
X-Cluster-Name
X-Web-Node
Decoy-Debug-Key
X-Say-TTL
X-SayCDN-TTL
X-Storage
Decoy-Debug-Status
X-ECache
Fastly-SSL
X-Say-Cacheable
Decoy-Debug-TTL
X-Ruxit-Js-Agent
X-ApacheServer
Node
X-PERF
X-IP
X-APP-VERSION
X-Cdn
X-EC-Lua
X-NWS-UUID-VERIFY
X-Cache-Enabled
X-TX-ID
Machine
X-Request-UUID
X-RCS-CacheZone
X-Rewrite-Enabled
X-Rojux
X-S
X-Processor
X-PBS-Appsvrname
X-D
X-Destination
X-External-Request-Id
X-PAYTM-SRV-ID
X-S-Cookie
X-ScT
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Worker
Xc-Version
X-VG-WebServer
X-VG-WebCache
X-Session-Fingerprint
X-Trv-Group
X-Vdms-Path
X-Vdms-Version
X-Connection-Hash
X-CF-Lambda-Fn
Host-ID
MD5-Digest
Meta-Geo-Continent
Mobile-Detection-Method
Fastcgi-X-Cache-Version
DCR-Processing-Time-Ms
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
DCR-Decision-By
Rendered-Blocks
X-A
X-Application
X-ARC
X-B-Cookie
X-Cache-NE
X-Aed
X-A-Wwc
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A-Dgt
Apple-News-Services-Handled
X-CF-Lambda-Version
X-Via-CDN
X-Tumblr-Pixel-3
SRV
X-Cache-Config
X-Viewer-Country
X-GEO
X-Cms-Context
X-Rebelmouse-Surrogate-Control
X-Fastly-Cache
X-Rebelmouse-Cache-Control
CDN-PullZone
X-Servername
CDN-RequestId
CDN-RequestCountryCode
X-Core-Value
X-Auto-Login
X-Platform-Server
X-Ms-Version
X-Ms-Request-Id
X-Microcachable
Fastly-SIE
X-Micro-Cache
Fastly-SWR
CDN-EdgeStorageId
CDN-CachedAt
CDN-Cache
CDN-Uid
X-Varnish-Beresp-Grace
CloudFront-Viewer-Country
X-DefHash
X-DefElseHash
X-Varnish-Remaining-TTL
Platform
X-WADP-Cache
X-DPWN-IS-SECURE
Adler-Geo
Gh-Request-Id
X-Generation-Time
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Fmm-Version
X-Fastcgi-Cache
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
Is-Eu
X-CUA
X-Variation
X-Cache-Bucket
X-Clara-WADP
X-UA
X-Cache-Backend
X-B3-Spanid
X-IPS-LoggedIn
Backend
X-B3-Traceid
X-Bc-Bl
X-Cache-Date
X-Dispatcher-Server
X-Envoy-Decorator-Operation
Fastly-Drupal-HTML
Fastly-Backend-Name
X-Esi-Check
X-Branch-Name
X-Cache-Id
X-Core-Mission
CacheControlHeader
C-Via
X-Fastly-Backend
X-Clientip
X-Cache-Debug
X-Bip
AKAMAI
X-LI-UUID
X-Skip-Cache
X-Slack-Backend
X-Request-Start
X-Request-Host
X-Gamma-Serve
X-Owner
X-SN
X-Thanos
X-Irp-Debug
X-Platform
Rt-Fastcgi-Cache
X-Webstats-RespID
X-Varnish-Cacheable
X-VG-TLSProxy
X-OVcl
X-OVcl-Cache
X-Hash
X-HS-Content-Campaign-Id
X-Has-Esi
X-Gzip
X-Generated-On
X-Geo-Header
X-Is-Gdpr
NM-Fastcgi-Cache
X-JWT-State
X-Li-Pop
X-Li-Fabric
X-Level-Front-Cache
X-Location
X-Old-Content-Length
Origin
PFcat
Wxu-Next-Hostname
X-Backend-State
Wxu-Next-Region
Wxu-Next-Commit
X-HN
Pagetype
X-Wikidot-Static-Cache
X-Cache-Tags
X-Mvc-Supplant-Cachable
X-Reqid
X-PF-Uncompressing
X-Wikidot-Backend
X-VarnishDD-TTL
X-Developers
X-Content-Age
X-Policy
X-Render-Time
X-Twitter-Response-Tags
X-Transaction
X-Cache-NGX
X-Method
L
Akamai-GRN
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-EIG-Tracking-Id
X-Csrf-Jwt
X-CGP
X-CS
X-Eu-Site
L5d-Success-Class
X-DC
X-Minions-Version
FSS-Proxy
X-TA-CDN-Provider
Ha-Gx-Prefs
HA-Ipaddr
X-Cache-Remote
X-Refresh
X-Sql-Duration-Ms
X-Sql-Count
Country-Code
UCS
X-Aicache-OS
X-Wa
X-Amz-Meta-Cb-Modifiedtime
X-NODE
Surrogated-Key
X-Date
X-Via-Popn
X-Via-Poph
X-Accel-Expires-Debug
X-NGENIX-Cache
X-Hp-Webp
XServer
X-Up
X-SRV
X-Edge-Location
NGX
X-Vgn-Hpd-Variations-Key
X-Www-Served-By
X-LB-ID
X-RateLimit-Remaining
X-Vgn-Hpd-Cached
X-NU-AKA-ACS-Version
X-Req
X-Presslabs-Stats
X-Dc
X-Mvc-Supplant-OutputCached
Cache-Hits
X-Debug-Cache-Fetch
X-S-Maxage
Ufe-Result
Mail-Subject
X-Ftr-Cache-Host
X-Debug-Cache-Store
X-Cache-URL
Group
We-Hiring
Hostname
X-Cdn-Srv
HostName
Memcached
X-Check-Cacheable
Protected
Time
X-FPC
X-Via-SSL
X-LI-Proto
X-Servedbyhost
X-Nginx-Cache
X-Via-Edge
X-Proxy-Upstream
Edge-Copy-Time
Now
X-CACHE-AGE
GeoIp-Country-Code
On-Server
X-Svr
Geoip-Latitude
X-Varnish-Hostname
X-BC
X-ZONE
X-Agile-Age
X-Agile
ServedBy
X-Agile-Id
X-Request-Time
X-Cdn-Forward
T-Server
X-FORWARDED-FOR
M-TraceId
X-Acc-Rdl
X-Cluster-Node
X-CSRF-TOKEN
X-NGINX-Cache
X-Cs
X-LiteSpeed-Cache-Control
X-VCL-Version
X-Pass-Why
SID
X-UnsetCookies
X-Datadome
N-Cache
Server-Host
X-MP-GENERATED-AT
X-Via-Popv
X-Uri
X-Zone
Xserver
X-Dynatrace-Js-Agent
X-Bc
WZWS-RAY
X-Varnish-Hits
X-APP
X-Srv
X-CF-Powered-By
Pics-Label
X-VC
X-Erf-Stays-Bingo-Pdp-Web
Arc-Country
X-HS-Status
X-SB
Section-Io-Origin-Status
Section-Origin-Responded
Ohc-File-Size
Section-Io-Origin-Time-Seconds
Section-Io-Id
NtCoent-Length
ProcessTime
X-We-Are-Hiring
X-Edge-Server
VivaBuild
X-Info
Cdn-Host
Cdn-Request-Time
Viewtype
Processtime
Magicmarker
DSUID
X-TT-LOGID
Ohc-Cache-HIT
User-Agent
X-Via-Ucdn
X-Action
Sid
Apigw-Requestid
W
Cache-Name
X-RunCloud-Cache
X-MSEdge-Flight
Memory
X-MSEdge-Features
X-UA-Device-Type
LB
Cteonnt-Length
User-Cache-Control
Odigeo-Trace-Id
Srv
X-CACHE-KEY
X-DB
X-Oss-Cdn-Auth
WWW-Authenticate
CF-IPCountry
X-Origin-Date
Tracecode
X-DI
X-RSL
X-RPS
X-RPM
X-DSS
X-DW
Server-Info
X-Newrelic-App-Data
CountryCode
X-HOST
WebServer
X-Tb
X-Vcl-Version
Ssr
S-Rt
X-Vgn-Hpd-Ssi
CDN
X-Dynatrace
X-HITS
X-Cache-Hm
X-Magnolia-Registration
Geo-Info
Lfy
X-Cache-Hfrom
X-Pjax-Url
Amp-Access-Control-Allow-Source-Origin
X-Unique-ID
X-Webkit-CSP-Report-Only
X-Hit
X-Geo
X-SVT-ORM-VERSION
X-Scheme
X-Cc-Req-Id
X-SVT-ORM-RULES
X-SRCache-Key
D-Cc-Upstream
X-Thinkindot-L3
Instruction
X-Cc-Via
X-Cache-ASPX
X-Loc
X-Matched-Rule
X-Node-Id
X-Hnp-Log
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Gdpr
X-Gen-Mode
X-Nyt-Route
X-Origin-CC
X-Response-By
X-SD-PageType
X-Server-IP
X-Request-URI
X-Origin-TTL
X-Origin-Expires
X-Origin-Time
X-Developer
X-Contensis-Viewer-Groups
Sever-Int
SR-User-Adfree
Thinkindot-CacheControl
Server-Hostname
Server-Ext
Path
X-SIPLIST1
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Block-Status
X-Cache-Expires
X-BBXSRF
X-BBC-Edge-Cache-Status
Web-Mar-Node
X-API-Version
IsBot
A
X-Fastly-Country-Code
X-VServer
X-Varnish-Url
X-Varnish-Authentication
X-Newrelic-Synthetics
MIME-Version
Release
Server-ID
Locid
X-Sn-Servicetimems
Lb
X-Akamai-Request-ID2
Cache-Host
CDCHOST
Vix-Hermes-Req-Id
X-Fetched-On
X-GeoIP-City
X-Nginx-Cache-Key
X-FC-Vary-Parameters
X-Device-Os
X-Cdn-Origin
V-Age
X-Swa-Ws
X-Azure-Ref-OriginShield
X-Cache-Info
True-Client-Country-4JS
Pramga
X-Trace-Id
X-Var-Ttl
X-Traceid
GeoIP-Country-Code
X-User
GeoIP-Latitude
X-Provided-By
X-ServedByHost
X-Envoy-Upstream-Healthchecked-Cluster
Cdn
X-Fpc
X-Li-Proto
X-Via-NSCOPI
X-Epic-Correlation-Id
X-Generated-In
X-Nc
X-NodeID
X-Cache-Tag
FNAC-ModuleRouting
Accept-Language
X-Lb-Id
X-Men
Cf-Device-Type
Source
X-Rocket-Build-Number
X-Served-From
X-Sigma-Backend
X-Origin-Response-Time
X-SERVER-NAME
X-Sigma
Esi-Enabled
X-StackifyID
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Akamai-Pragma-Client-IP
Server-Ttl
Kp-EeAlive
X-Browser-Type
X-TH-Server
Cache-Key
X-ORACLE-APMCS-REQUEST-ID
Actual-Object-TTL
Content-Script-Type
Expiry
X-Parent-Response-Time
X-Via-PopH
X-Via-PopN
X-Via-PopV
X-Key
Cache-Provider
X-Instart-Request-ID
X-WA
Content-Style-Type
X-No-Cache
X-ServiceProvider
X-RateLimit-Remaining-Second
Req-Svc-Chain
X-RateLimit-Limit-Second
X-Batcache
X-B3-SpanId
X-Request-URL
X-MiniProfiler-Ids
Location
X-Agile-Brick-Ok
X-Tt-Logid
X-Yottaa-OS
X-Vgn-Hpd-Reason
X-ElasticPress-Query
X-VC-Cache
X-Mobile-Rewrite
Inserted-Into-Cache-At
X-Vcache
Tcn
Url
X-Akamai-Request-ID
EpKe-Alive
X-B3-Parentspanid
X-BBC-Origin-Response-Status
Xkeyi7
URI
X-Proxy-Cachei7
X-RateLimit-Limit
X-HostName
Mime-Version
X-PJAX-URL
X-Dispatch
Proxy-Firewall
Origin-Cache-Control
Origin-Edge-Control
Who
X-Instart-Info
X-Apw-Access-Object
X-Apw-Access-Token
X-Varnish-Beresp-TTL
X-Apw-Access-Action
X-Apw-Hits
X-Geo-Region
X-Selected-Scheme
X-Selected-Name
X-Selected-Host-Header
X-Snapshot-Date
X-TraceId
HitType
Cf-Alt-Svc
Content-Secure-Policy
Server-Id
BehaviorPad-Version
Xet-Cookie
Resin-Trace
X-C
X-RAMCache
X-Dw-Trace-Id
Pragrma
NnCoection
Powered-By
PICS-Label
Vha6-Origin