Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
Age
CF-RAY
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-Served-By
CF-Ray
X-Xss-Protection
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
P3p
X-Cacheable
X-Request-ID
X-Kinja-Server-Push
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
Upgrade
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Template
X-Language
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Backend
X-Dns-Prefetch-Control
X-Hacker
X-Cache-Group
X-AH-Environment
X-Server
X-Robots-Tag
X-Amz-Request-Id
X-UA-Device
X-Amz-Id-2
EagleId
X-Proxy-Cache
X-Buckets
X-Turbo-Charged-By
Request-Context
X-Server-Powered-By
Server-Timing
Host-Header
X-Nginx-Cache-Status
Grace
Report-To
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Bgj
Cf-Railgun
Ali-Swift-Global-Savetime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Vhost
X-Amz-Version-Id
X-Host
X-WebKit-CSP
NEL
X-Dispatcher
X-Device
X-Backend-Server
X-Node
Surrogate-Control
X-Ruxit-JS-Agent
X-Cache-Lookup
X-Response-Time
Content-Location
X-Origin-Cache
Request-Id
X-Akam-SW-Version
X-Server-Id
X-ASPNET-VERSION
X-Ac
Accept-CH-Lifetime
X-Country
EagleEye-TraceId
Accept-CH
X-HW
X-Mod-Pagespeed
Rating
X-Readtime
X-ORACLE-DMS-ECID
X-Cloud-Trace-Context
X-Application-Context
Pinterest-Generated-By
X-ORACLE-DMS-RID
Edge-Control
X-Country-Code
X-Url
X-DataDome
X-PC
X-Vname
X-TtlSet
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Varnish-TTL
X-Origin-Upstream-Status
X-Cnection
Allow
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Source
X-D2id
X-MS-InvokeApp
X-GitHub-Request-Id
X-Content-Type
X-ESI
X-Clacks-Overhead
X-Server-Name
X-Abt-Application-Version
Pinterest-Version
X-Trace
X-Pinterest-Rid
X-Navigation-Version
X-FTR-Request-ID
Display
Pagespeed
X-Middleton-Response
X-Sol
X-Middleton-Display
Response
X-Vcap-Request-Id
X-B3-TraceId
X-Px
Verso
X-Cached
X-Rack-Cache
X-Webkit-CSP
X-Element-Page-Cache
X-Fastly-Request-ID
X-DynaTrace
Service-Worker-Allowed
MS-Author-Via
X-Client-IP
X-Cache-TTL
Arr-Disable-Session-Affinity
X-Dw-Request-Base-Id
X-Powered-By-Plesk
Content-MD5
X-Upstream
X-Version
X-Forwarded-Proto
AR-PoweredBy
AR-ATIME
AR-CACHE
AR-Request-ID
X-TTL
Ar-Sid
X-T
Accept-Ch
Fastly-Restarts
X-NF-Request-ID
SPRequestGuid
X-SharePointHealthScore
X-Debug
X-VARITI-CCR
X-Server-ID
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Use-Magma
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-Cdn-Fetch
X-Exp-Id
X-Jurisdiction
X-Goog-Hash
X-Powered-CMS
Access-Control-Request-Method
X-FastCGI-Cache
TP-L2-Cache
TP-Cache
X-MSEdge-Ref
X-Content-Digest
X-Release
X-Ttl
X-Edge
X-XRDS-Location
X-NWS-LOG-UUID
TCN
S
SPRequestDuration
SPIisLatency
RTSS
X-CST
X-Amz-Rid
X-Pinterest-Direct
X-PressLabs-Stats
Cache-Tag
X-Request-Processing-Time
X-Request-Received
Public-Key-Pins
Fastcgi-Cache
X-Ezoic-Cdn
X-Yandex-Sdch-Disable
X-Node-Name
X-MCACHE
X-Mid
X-Cache-Key
Server-Node
Accept-Ch-Lifetime
X-Accel-Expires
X-Amzn-Trace-Id
Front-End-Https
X-Logged-In
X-Ratelimit-Remaining
X-Cache-Hit
ServerID
X-Ser
X-Request-Handler-Origin-Region
X-Microsite
X-Recruiting
X-Kinsta-Cache
X-Origin-Server
X-Page-Id
Alternate-Protocol
Host
Accept-Charset
X-B
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Ratelimit-Limit
X-Mobile-URL
X-Hostname
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Varnish-Age
X-Content-Security-Policy-Report-Only
X-ECACHE
X-FireWall-Port
Filterid
Nginx-Cache
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-DC
X-Country-Code-Real
X-FTR-Realm
X-DIS-Request-ID
X-FTR-Expires
X-Shield-Request-Id
X-Forwarded-For
X-Mg-S
X-Load-Cache
X-Seen-By
Realpath
X-Content-Options
X-Daa-Tunnel
X-Grace
X-Id
X-Jobs
Edge-Cache-Tag
X-Amz-Server-Side-Encryption
Akamai-Age-Ms
X-Git-Hash
X-LB-Cache
X-F-Cache
X-N
X-Type
X-Varnish-Backend
X-App-Environment
X-AppVersion
X-Varnish-Grace
X-Activity-Id
X-Az
Paypal-Debug-Id
X-Request-Guid
X-Rid
Fastcgi-Useragent
X-HP-Webp
X-Proxy
X-Zen-Fury
X-Hits
DynaTrace
MicrosoftSharePointTeamServices
X-FB-Debug
Access-Control-Allow-Method
Cache-Tags
X-Correlation-ID
Cleartype
X-App-Server
X-Upgrade-Enabled
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-WebKit-CSP-Report-Only
X-Akamai-Edgescape
X-Geo-Country
DC
Content-Disposition
X-Cached-By
X-Content-Powered-By
X-Cache-Rule
X-Cache-Operation
X-XRDS-LOCATION
AMP-Access-Control-Allow-Source-Origin
X-Host-Name
X-Amz-Meta-S3cmd-Attrs
X-TEC-API-VERSION
X-Wix-Request-Id
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-User-Agent
Powered-By-ChinaCache
X-B3-Sampled
X-Original-Request-Id
X-Accel-Buffering
X-IPLB-Instance
X-Response-Served-From
X-Endurance-Cache-Level
Healthy
X-Cache-Age
NGB
X-Goog-Generation
X-Goog-Stored-Content-Length
X-VCache
X-AOL-HN
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Storage-Class
X-HTML-Minification-Powered-By
X-Goog-Metageneration
X-Respond-Thread
X-Distributor
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-Is-Bot
X-Whom
X-Ua
X-B-Cache
Payment
X-UUID
X-Rendered-As
X-Signature
X-Cacheable-TTL
X-Region
X-HS-Combine-CSS
X-Tec-Api-Origin
X-Debug-Info
MS-CV
X-FW-Static
X-FW-Server
X-FW-Hash
X-Tec-Api-Version
X-FW-Type
X-FW-Serve
Refresh
X-Cache-Time
X-FW-Dynamic
X-Tec-Api-Root
Datacenter
X-Rule
X-Instance
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Amzn-RequestId
X-Frontend
X-Amz-Apigw-Id
X-Mobile
Countrycode
PB-RID
PB-PID
Arc-Version
X-Fastcgi-Cache
X-Varnish-Server
X-Oneagent-Js-Injection
Surrogate-Key
S-Cnection
X-Protected-By
X-Backend-Name
X-Acc-Debug-Context
X-PHP-Backend
X-App-Version
X-Via-JSL
Viewport
X-Cache-Server
Liferay-Portal
X-NewRelic-App-Data
X-Azure-Ref
X-Hyper-Cache
X-Cache-Expired-At
Powered
X-Litespeed-Cache
Cache
Filters
X-Hp-Webp
Charset
Retry-After
X-WA-Info
X-Proxy-Cache-Status
Referer-Policy
X-Cache-Control
X-DynaTrace-JS-Agent
Section-Io-Cache
X-Sucuri-ID
X-Amz-Replication-Status
X-EdgeConnect-Cache-Status
X-Source
X-RemovedCookies
X-FTR-Cache-Host
X-FB-TRIP-ID
X-CSRF-Token
X-ProcessESI
X-Real-IP
Eomportal-Instance
X-RN-RSRV
X-GeoIP
Meta-Geo
X-Cache-Var-Map
X-Mode
X-ES-SERVER
X-Cache-Var
X-Debug-Cache
FSS-Cache
X-Cache-Action
X-From
X-Framework
X-Site-Version
X-Device-Type
X-R9-Blue-Green-Version
X-Locale
X-Time
X-Via-Fastly
X-Human
X-Xfnlog-Site
X-Environment-Context
X-ProxyCache-Key
X-Time-Microsecs
X-LJ-Flow-ID
X-Qloud-Router
X-ProxyCache-Status
Version
X-Ratelimit-Reset
X-Server-W
X-L-Path
X-VWS-Id
X-Yottaa-Optimizations
Mn-Server-Ip
X-Yottaa-Metrics
X-AWS-Id
X-BYPASS-REASON
TWC-GeoIP-LatLong
TWC-Locale-Group
X-Loop
X-PCL
X-Origin-Hint
X-OCL
Webcakes-App-Version
Property-Id
TWC-Privacy
Webcakes-App-Name
X-Proxied
Webcakes-Region
Uber-Trace-Id
TWC-Device-Class
Selected-Fe
TWC-Connection-Speed
X-Revision
X-Cluster
X-FW-Version
X-Handled-By
X-Cache-Host
TWC-GeoIP-Country
Cross-Origin-Window-Policy
Cache-Tv-Group
X-Hl-Ver
Ec-Rule-Version
X-Proxy-Build
X-TNCMS
X-Zipkin-Id
GEO-INFO
X-Timing-Wait
X-Cache-TTL-Remaining
X-Routing-Service
X-BCube-Filmed-By
X-PHP-Host
X-Amzn-Remapped-Content-Length
X-Proto
X-Be
X-Detected-As
X-Hosted-By
X-Generated-By
X-Labrador-Cache-Channel
X-RTag
DB-Nickname
X-Status
X-Redis-Cache
X-NYM-Debug-Backend
Webserver
X-SaId
X-ServerID
Ms-Operation-Id
Frame-Options
X-JoinUs
X-Air-Hostname
X-Access
X-Section
X-Format
X-No-Session
Nel
X-Unique-Id
From-Origin
X-Cache-PHP
X-ATG-Version
X-NWS-UUID-VERIFY
X-Drupal-Cache-Contexts
X-Sucuri-Cache
X-Varnish-Cache-Hits
Server-Name
X-Contextid
X-TA-CDN-Provider
X-Drupal-Cache-Tags
X-NCache
X-Origin
X-Correlation-Id
CF-Cached-On
OT-Force-Account-Verify
X-EIG-Tracking-Id
X-AIR-PT
X-EC-Lua
X-IPS-LoggedIn
X-Oss-Object-Type
X-GoCache-CacheStatus
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Tt-Trace-Tag
X-CDN-Forward
X-Akamai-Transformed
X-Adobe-Content
X-Adobe-Loc
X-Tt-Trace-Host
X-Cache-Enabled
X-Bc-Bl
X-IP
X-TIME
X-APP-VERSION
X-Backend-Host
X-ECache
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Variations-Key
X-TT
X-NC
Azure-InstanceId
X-Ruxit-Js-Agent
Azure-RegionName
Azure-Version
X-Cache-Backend
Azure-SlotName
Azure-SiteName
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Cdn
X-URL
X-Tumblr-Pixel-3
X-CCM
X-Adobe-Source
X-Cache-2
SD-X-WS
Access-Control-Request-Headers
Time
X-CACHE-AGE
Node
X-Rewrite-Enabled
X-Request-UUID
X-External-Request-Id
X-Pubstack
X-Rojux
X-PAYTM-SRV-ID
X-S
X-Forwarded-Host
X-VG-WebServer
X-Worker
X-Vdms-Path
X-ScT
Xc-Version
X-Varnishpool
Rendered-Blocks
X-Transaction
Mobile-Detection-Method
Meta-Geo-Continent
X-RCS-CacheZone
X-Processor
X-S-Cookie
Host-ID
X-Soup
Now
X-G
DCR-Processing-Time-Ms
DCR-Decision-By
MD5-Digest
X-D
X-Date
X-PBS-Appsvrname
Machine
X-Cache-Grace
Apple-News-Services-Request-Url
X-Twitter-Response-Tags
X-Trv-Group
X-A-Wwc
X-Accel-Expires-Debug
X-Vtex-Processado-Em
X-A-Dgt
X-Cache-NE
X-Vtex-Remote-Cache
X-A-Dcw
X-Aed
X-Destination
X-Minions-Version
X-Up
X-PERF
X-B-Cookie
X-Ms-Request-Id
X-Application
X-ARC
X-A-Ccd
X-A-Dam
Apple-News-Services-Parsed-Url
X-Vdms-Version
X-Connection-Hash
X-VG-WebCache
X-CF-Lambda-Version
Apple-News-Services-Handled
Surrogated-Key
X-A
X-CF-Lambda-Fn
X-Backend-TTL
X-Ms-Version
X-ApacheServer
Apple-News-Services-Host
Fastcgi-X-Cache-Version
X-ShardId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShopId
X-Shopify-Stage
X-UA
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-Hash
CloudFront-Viewer-Country
X-SayCDN-TTL
X-NGENIX-Cache
X-Microcachable
Fastly-SSL
X-Cluster-Name
X-Generation-Time
X-Owner
X-Say-Cacheable
X-Say-TTL
X-Cache-Config
X-OVcl-Cache
Cache-Status
X-OVcl
X-Method
X-Envoy-Decorator-Operation
Wxu-Next-Hostname
Wxu-Next-Region
X-Viewer-Country
Wxu-Next-Commit
We-Hiring
X-Req
Ufe-Result
X-Web-Node
X-Varnish-Ttl
X-Core-Value
X-VG-TLSProxy
X-CUA
Adler-Geo
X-Variation
X-Bip
X-Cache-Bucket
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-Edge-Location
Mail-Subject
X-Servername
Is-Eu
X-Storage
NM-Fastcgi-Cache
X-Skip-Cache
Platform
X-SN
X-Thanos
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
CDN-RequestCountryCode
CDN-EdgeStorageId
C-Via
CDN-CachedAt
CDN-PullZone
X-HN
CDN-Cache
CacheControlHeader
L5d-Success-Class
X-Backend-State
X-Cache-Date
X-Auto-Login
Rt-Fastcgi-Cache
Origin
PFcat
X-Cache-NGX
X-Cache-Tags
X-Core-Mission
X-Csrf-Jwt
X-Cms-Context
X-Clientip
X-CGP
L
X-Eu-Site
X-Gamma-Serve
Fastly-Drupal-HTML
X-Generated-On
Country-Code
CDN-Uid
Fastly-SIE
Fastly-SWR
Ha-Gx-Prefs
HA-Ipaddr
Group
Gh-Request-Id
X-Fastly-Backend
CDN-RequestId
Decoy-Debug-TTL
X-Reqid
X-Request-Host
FSS-Proxy
X-Render-Time
Upgrade-Insecure-Requests
X-Proxy-Upstream
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-VarnishDD-TTL
X-Varnish-Cacheable
X-WADP-Cache
X-Webstats-RespID
X-TX-ID
X-Micro-Cache
X-Fmm-Version
X-Clara-WADP
X-Slack-Backend
X-Fastly-Cache
X-Policy
X-Request-Start
X-LI-UUID
Decoy-Debug-Status
X-Platform
X-Li-Fabric
AKAMAI
X-Level-Front-Cache
Decoy-Debug-Key
X-Li-Pop
Country
X-Ah-Environment
Backend
X-HS-Content-Campaign-Id
X-Irp-Debug
Pagetype
X-Gzip
X-Wikidot-Backend
HostName
X-Old-Content-Length
X-Is-Gdpr
UCS
X-Platform-Server
X-JWT-State
X-Has-Esi
X-Wikidot-Static-Cache
X-Amz-Meta-Cb-Modifiedtime
X-Cache-URL
X-Esi-Check
Akamai-GRN
X-Cache-Id
X-LAGOON
X-Cdn-Srv
X-Esi
X-Developers
X-Geo-Header
Fastly-Backend-Name
X-Location
X-Content-Age
Memcached
X-Mvc-Supplant-Cachable
X-Agile-Id
X-Agile-Age
X-Agile
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-DefHash
X-UPSTREAM-Address
X-DefElseHash
X-PF-Uncompressing
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Route-Name
X-NODE
X-Flags
CACHE
X-Refresh
X-Branch-Name
X-CS
X-LB-ID
X-Wa
X-Aicache-OS
X-Instart-Request-ID
X-Cdn-Forward
X-Session-Fingerprint
X-RateLimit-Remaining
X-Via-Popn
M-TraceId
X-ZONE
X-BC
X-Via-Poph
X-Dc
X-Cache-Debug
X-B3-Spanid
NGX
Arc-Country
X-Mvc-Supplant-OutputCached
X-Ua-Device
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Edge-Server
X-Servedbyhost
X-LI-Proto
Viewtype
Cdn-Host
VivaBuild
Cdn-Request-Time
X-DC
X-SERVER
X-GEO
X-Page-View
X-Request-Time
X-RunCloud-Cache
Xserver
X-Via-Ucdn
X-Bc
Srv
X-Zone
X-Ftr-Cache-Host
X-Varnish-Hostname
SRV
X-Cs
X-Nginx-Cache
X-APP
X-NGINX-Cache
X-ORACLE-APMCS-REQUEST-ID
X-Check-Cacheable
X-Pinterest-Sli-Latency-Threshold
Memory
X-Vgn-Hpd-Ssi
X-Pinterest-Sli-Response-Type
X-Pinterest-Sli-Endpoint-Name
X-Action
Actual-Object-TTL
X-FPC
X-HS-Status
X-NU-AKA-ACS-Version
X-B3-Traceid
X-Srv
Hostname
X-RSL
X-DB
X-RPS
WWW-Authenticate
X-RPM
X-DI
X-DW
X-LiteSpeed-Cache-Control
X-DSS
Geo-Info
X-Via-CDN
X-Unique-ID
X-Datadome
X-Oss-Cdn-Auth
X-UnsetCookies
X-Via-Popv
Sid
X-VCL-Version
X-MP-GENERATED-AT
GeoIp-Country-Code
X-Cluster-Node
Geoip-Latitude
X-Sql-Count
X-Sql-Duration-Ms
X-Vcache
X-Geo
X-Dynatrace-Js-Agent
X-HITS
Processtime
X-CF-Powered-By
X-Akamai-Request-ID2
User-Agent
WebServer
X-CSRF-TOKEN
X-Epic-Correlation-Id
X-SERVER-NAME
GeoIP-Latitude
X-We-Are-Hiring
GeoIP-Country-Code
XServer
X-Www-Served-By
ProcessTime
Edge-Copy-Time
X-SRV
Apigw-Requestid
X-Via-SSL
X-Svr
X-Via-Edge
W
Server-Info
X-Webkit-CSP-Report-Only
NtCoent-Length
SID
LB
X-Hit
X-FORWARDED-FOR
X-Cache-Remote
X-S-Maxage
ServedBy
On-Server
Cache-Hits
X-HOST
X-Mobile-Rewrite
Ohc-File-Size
X-FC-Vary-Parameters
X-Nc
X-Dynatrace
T-Server
X-Vcl-Version
X-Fpc
X-Presslabs-Stats
X-Envoy-Upstream-Healthchecked-Cluster
S-Rt
Amp-Access-Control-Allow-Source-Origin
X-Pjax-Url
N-Cache
CF-IPCountry
Server-Host
X-Pass-Why
Accept-Language
X-Tb
X-MSEdge-Flight
X-Cache-Hfrom
X-Fastly-Country-Code
Esi-Enabled
X-Cache-Hm
X-MSEdge-Features
X-Key
Origin-Cache-Control
Origin-Edge-Control
A
Magicmarker
CDN
Cteonnt-Length
Cdn
X-Varnish-Hits
X-CACHE-KEY
X-COUNTRY
X-SB
X-VC
WZWS-RAY
X-Dispatch
Proxy-Firewall
Pics-Label
Lb
X-LLID
X-Oracle-Dms-Rid
Ohc-Cache-HIT
X-Geo-Region
X-Amzn-Remapped-Date
Powered-By
X-Li-Proto
Protected
X-Info
X-ServedByHost
X-Instart-Info
X-Amzn-Remapped-Connection
X-RAMCache
Server-Ttl
X-Via-NSCOPI
X-Newrelic-App-Data
X-StackifyID
HitType
X-B3-SpanId
X-Uri
X-TT-LOGID
BehaviorPad-Version
X-TH-Server
X-Newrelic-Synthetics
X-Served-From
X-Generated
X-Akamai-Pragma-Client-IP
Fastcgi-Cache-TTL
Cache-Key
X-Cache-Tag
Tracecode
X-App
X-ID
X-TrackingId
Cache-Provider
User-Cache-Control
X-Via-PopN
X-Via-PopH
X-Via-PopV
X-Lb-Id
Ssr
X-LiteSpeed-Tag
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-WA
Section-Origin-Responded
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Men
X-Scheme
Lfy
DSUID
X-Cc-Via
Cache-Name
X-Cc-Req-Id
Odigeo-Trace-Id
X-Cache-Spec
D-Cc-Upstream
Section-Io-Origin-Status
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-Tt-Logid
X-Provided-By
Xet-Cookie
X-Erf-Stays-Bingo-Pdp-Web
X-Batcache
X-Path-Route
X-Agile-Brick-Ok
Dnion-Transfer-Encoding
X-Magnolia-Registration
Tcn
X-UA-Device-Type
X-Generated-In
X-GeoIP-City
X-Loc
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Node-Id
X-Origin-CC
X-Nyt-Route
X-NodeID
X-Nginx-Cache-Key
X-Matched-Rule
X-Device-Os
X-BBXSRF
X-Cache-ASPX
X-Azure-Ref-OriginShield
X-API-Version
V-Age
Vix-Hermes-Req-Id
X-Cache-Expires
X-Cache-Info
X-ElasticPress-Query
X-Fetched-On
X-Origin-Date
X-Developer
X-Cdn-Origin
X-Contensis-Viewer-Groups
X-Gdpr
X-Origin-TTL
X-Swa-Ws
X-Thinkindot-L3
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-SRCache-Key
X-Trace-Id
X-User
X-VC-Cache
X-VServer
X-Varnish-Url
X-Varnish-Authentication
X-Var-Ttl
X-SIPLIST1
X-Sigma-Backend
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Parent-Response-Time
True-Client-Country-4JS
X-Origin-Time
X-Request-URI
X-Response-By
X-ServiceProvider
X-Sigma
X-Server-IP
X-SD-PageType
X-Rocket-Build-Number
X-Origin-Expires
Thinkindot-CacheControl-Type
Instruction
PICS-Label
IsBot
Kp-EeAlive
X-Varnish-Beresp-TTL
Cache-Host
Mime-Version
Inserted-Into-Cache-At
Thinkindot-Control
X-RateLimit-Limit
X-HostName
Who
Path
Locid
Sever-Int
X-Pf-Uncompressing
SR-User-Adfree
Cf-Alt-Svc
Thinkindot-CacheControl
X-Yottaa-OS
Server-Hostname
Server-Ext
Release
Pramga
X-Acc-Rdl
CountryCode
X-Selected-Host-Header
X-Selected-Name
X-Selected-Scheme
X-Dw-Trace-Id
X-Origin-Response-Time
X-Tid
X-C
Pragrma
Server-Id
X-TraceId
Content-Script-Type
X-Traceid
X-Pad
X-PJAX-URL
X-MiniProfiler-Ids
Vha6-Origin
MIME-Version
X-Gen-Mode
FNAC-ModuleRouting
CDCHOST
Resin-Trace
X-Block-Status
Web-Mar-Node
X-BBC-Edge-Cache-Status
Server-ID
X-Hnp-Log
X-Snapshot-Date
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Access-Action
X-Apw-Hits
Content-Style-Type
X-Proxy-Cachei7
Source
X-Request-URL
X-Vgn-Hpd-Reason