Threat Level: green Handler on Duty: Remco Verhoef

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
CF-RAY
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-UA-Compatible
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-Served-By
CF-Ray
X-Xss-Protection
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Request-ID
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
P3p
X-Content-Security-Policy
X-AspNetMvc-Version
Status
Content-Encoding
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Cache-Group
X-Server
X-Backend
X-Hacker
X-Amz-Request-Id
X-Robots-Tag
X-Amz-Id-2
X-UA-Device
X-AH-Environment
Request-Context
EagleId
X-Proxy-Cache
X-Turbo-Charged-By
X-Dns-Prefetch-Control
X-Server-Powered-By
X-Template
Server-Timing
X-Language
X-Nginx-Cache-Status
Grace
Host-Header
Report-To
X-Rq
X-Page-Speed
Xkey
X-Ua-Compatible
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-Buckets
X-Vhost
X-WebKit-CSP
X-Host
X-Backend-Server
NEL
X-Server-Id
X-Dispatcher
X-Device
Surrogate-Control
X-Node
X-Ruxit-JS-Agent
Request-Id
Content-Location
Accept-CH-Lifetime
X-Response-Time
EagleEye-TraceId
Accept-CH
X-Cache-Lookup
X-Akam-SW-Version
X-Origin-Cache
X-Ac
Allow
X-Readtime
Rating
X-Mod-Pagespeed
X-HW
X-Country
X-Application-Context
X-Cloud-Trace-Context
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Edge-Control
Pinterest-Generated-By
X-TtlSet
X-PC
X-Vname
X-MS-InvokeApp
X-Cnection
X-Country-Code
X-DataDome
X-Varnish-TTL
X-CST
X-GitHub-Request-Id
X-Content-Type
X-D2id
X-Clacks-Overhead
X-Server-Name
X-Trace
X-Sol
X-Middleton-Response
Pagespeed
Display
Response
X-Middleton-Display
X-Origin-Upstream-Status
X-Pinterest-Rid
Pinterest-Version
MS-Author-Via
Fusion-Content-Source
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Source
Fusion-Component-Id
Fusion-Content-Id
X-Vcap-Request-Id
X-Px
X-Abt-Application-Version
X-TTL
X-Rack-Cache
X-B3-TraceId
X-Navigation-Version
X-ESI
X-FastCGI-Cache
Service-Worker-Allowed
Verso
X-Fastly-Request-ID
Arr-Disable-Session-Affinity
X-Client-IP
X-Url
X-Webkit-CSP
X-Element-Page-Cache
X-Cache-TTL
X-Cached
X-DynaTrace
X-FTR-Request-ID
X-Dw-Request-Base-Id
X-SharePointHealthScore
SPRequestGuid
X-VARITI-CCR
X-Exp-Variant
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Powered-By-Plesk
X-Use-Magma
X-Goog-Hash
X-Kinja-Server
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Revision
X-Upstream
Fastly-Restarts
X-NF-Request-ID
AR-CACHE
AR-ATIME
AR-PoweredBy
AR-Request-ID
X-Debug
Ar-Sid
Content-MD5
X-Pinterest-Direct
X-MSEdge-Ref
SPRequestDuration
X-Forwarded-Proto
SPIisLatency
X-Version
X-Powered-CMS
Access-Control-Request-Method
X-Release
X-T
X-Amz-Rid
X-Jurisdiction
S
X-Content-Digest
X-Edge
X-XRDS-Location
RTSS
TP-L2-Cache
TP-Cache
Accept-Ch
TCN
Cache-Tag
X-Ezoic-Cdn
Public-Key-Pins
X-Litespeed-Cache
X-Cache-Key
Front-End-Https
X-Mid
X-MCACHE
X-Node-Name
X-Yandex-Sdch-Disable
Server-Node
X-Request-Processing-Time
X-Request-Received
X-Mg-S
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-Recruiting
X-Accel-Expires
X-HP-Webp
X-B3-TraceId-Primal
MRF-Tech
X-Amzn-Trace-Id
Mrf-Cache-Status
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ttl
X-Ser
X-Kinsta-Cache
X-PressLabs-Stats
X-Grace
X-NWS-LOG-UUID
X-Microsite
X-Request-Handler-Origin-Region
X-ASPNET-VERSION
X-Origin-Server
Accept-Charset
X-Varnish-Age
X-Logged-In
ServerID
MicrosoftSharePointTeamServices
Cf-Bgj
X-DIS-Request-ID
X-Page-Id
Host
X-Cache-Hit
X-Shield-Request-Id
Nginx-Cache
Edge-Cache-Tag
X-Ratelimit-Remaining
X-ECACHE
X-Content-Security-Policy-Report-Only
X-Hits
X-Server-ID
X-B
Powered-By-ChinaCache
Cache-Tags
X-Forwarded-For
X-Mobile-URL
X-F-Cache
X-LB-Cache
X-Respond-Thread
Cleartype
Realpath
X-Activity-Id
X-AppVersion
X-Az
Accept-Ch-Lifetime
X-URL
X-Git-Hash
X-Hostname
X-N
X-Cached-By
X-Ratelimit-Limit
X-Content-Options
Alternate-Protocol
X-Upgrade-Enabled
DynaTrace
X-Type
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Paypal-Debug-Id
X-Varnish-Backend
X-App-Environment
X-Rid
X-Request-Guid
X-Load-Cache
X-Jobs
X-Amz-Meta-S3cmd-Attrs
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Backend-Server
X-Country-Code-Real
Fastcgi-Useragent
X-FTR-Backend
X-FTR-Balancer
X-Seen-By
X-FTR-Expires
Access-Control-Allow-Method
X-Cache-Age
X-Proxy
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-WebKit-CSP-Report-Only
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Zen-Fury
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-HS-Hub-Id
X-FireWall-Port
X-HS-Content-Id
X-HS-Cache-Config
X-Akamai-Edgescape
X-HS-Combine-CSS
X-B3-Sampled
X-VCache
Charset
Filterid
X-FB-Debug
X-Daa-Tunnel
X-Correlation-ID
X-Varnish-Grace
X-IPLB-Instance
X-B-Cache
Filters
X-Signature
X-Debug-Info
X-AOL-HN
X-Host-Name
X-Mobile
Healthy
MS-CV
DC
X-Whom
X-Region
Viewport
X-Geo-Country
X-User-Agent
AMP-Access-Control-Allow-Source-Origin
X-App-Server
X-Frontend
Liferay-Portal
Payment
X-Cache-Rule
X-Response-Served-From
X-Accel-Buffering
X-Original-Request-Id
X-Cache-Operation
X-XRDS-LOCATION
X-HTML-Minification-Powered-By
X-Instance
X-UUID
X-Distributor
X-FW-Dynamic
X-Tumblr-Pixel-2
X-FW-Hash
X-Cacheable-TTL
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Cache-Time
X-Rule
X-Tumblr-User
X-Acc-Debug-Context
X-Tumblr-Pixel
X-FW-Type
X-FW-Server
X-FW-Static
Surrogate-Key
X-FW-Serve
Refresh
X-Content-Powered-By
X-Protected-By
X-Id
X-Amz-Replication-Status
S-Cnection
X-Via-JSL
X-Is-Bot
X-Rendered-As
X-Cache-Expired-At
X-Wix-Request-Id
Content-Disposition
Section-Io-Cache
Version
X-Hyper-Cache
Nel
X-Sucuri-ID
X-Backend-Name
X-App-Version
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cache-Action
Datacenter
X-Ah-Environment
X-Pinterest-Sli-Endpoint-Name
X-Pinterest-Sli-Response-Type
X-Endurance-Cache-Level
Server-Name
X-Oneagent-Js-Injection
X-Tec-Api-Origin
X-Pinterest-Sli-Latency-Threshold
X-Tec-Api-Version
X-Tec-Api-Root
CACHE
Retry-After
Arc-Version
PB-PID
PB-RID
X-Ua
GEO-INFO
X-Cache-Server
X-Air-Hostname
X-Source
X-EdgeConnect-Cache-Status
X-Real-IP
Eomportal-Instance
Referer-Policy
X-RemovedCookies
X-L-Path
X-Framework
X-ProcessESI
X-Environment-Context
Frame-Options
X-Revision
X-Varnish-Server
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Sucuri-Cache
Ms-Operation-Id
X-Drupal-Cache-Contexts
NGB
X-RTag
Webserver
X-Unique-Id
Akamai-Age-Ms
Countrycode
X-Cache-Control
X-Correlation-Id
X-Proxy-Cache-Status
X-Cache-Var
X-Cache-Var-Map
X-Drupal-Cache-Tags
X-WA-Info
Meta-Geo
X-RN-RSRV
X-ES-SERVER
X-Mode
X-Azure-Ref
X-Cache-Host
DB-Nickname
X-R9-Blue-Green-Version
Cache-Tv-Group
X-GeoIP
X-Time-Microsecs
X-DynaTrace-JS-Agent
X-ProxyCache-Key
X-Cache-TTL-Remaining
X-ProxyCache-Status
X-Qloud-Router
X-BYPASS-REASON
X-Xfnlog-Site
X-Labrador-Cache-Channel
X-Redis-Cache
X-FW-Version
X-Handled-By
X-Cluster
X-Human
X-Hosted-By
X-PCL
TWC-Privacy
TWC-Locale-Group
Webcakes-App-Name
Mn-Server-Ip
X-Hl-Ver
TWC-GeoIP-LatLong
X-VWS-Id
Ec-Rule-Version
Cross-Origin-Window-Policy
TWC-GeoIP-Country
X-TNCMS
Property-Id
TWC-Connection-Speed
X-Amzn-Remapped-Content-Length
TWC-Device-Class
X-AWS-Id
X-NYM-Debug-Backend
X-Loop
X-OCL
X-Origin-Hint
X-Status
X-Server-W
Webcakes-App-Version
X-PHP-Host
X-LJ-Flow-ID
Webcakes-Region
X-Locale
X-ServerID
X-Proxied
X-From
X-Format
X-TIME
X-Detected-As
X-FB-TRIP-ID
X-Proxy-Build
X-Routing-Service
X-Via-Fastly
X-Zipkin-Id
X-Be
X-No-Session
X-Timing-Wait
X-Section
X-Site-Version
X-Proto
Selected-Fe
X-Access
X-Route-Name
X-NewRelic-App-Data
X-Contextid
X-Providence-Cookie
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Flags
FSS-Cache
X-Adobe-Loc
Uber-Trace-Id
X-Adobe-Content
X-CDN-Forward
X-AIR-PT
X-Cache-PHP
X-Debug-Cache
X-ATG-Version
X-Device-Type
X-Generated-By
X-TT
X-PHP-Backend
X-BCube-Filmed-By
X-Ratelimit-Reset
X-Esi
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Cache-Spec
Upgrade-Insecure-Requests
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-CSRF-Token
Azure-Version
Azure-InstanceId
X-Varnish-Cache-Hits
Azure-RegionName
Azure-SiteName
X-NC
Azure-SlotName
X-LLID
X-Fastcgi-Cache
Access-Control-Request-Headers
OT-Force-Account-Verify
Cache
From-Origin
X-NCache
X-UPSTREAM-Address
X-COUNTRY
X-Oss-Storage-Class
X-Akamai-Transformed
X-GoCache-CacheStatus
X-Oss-Object-Type
X-Origin
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Server-Time
X-Cache-2
X-CCM
X-Adobe-Source
SD-X-WS
X-FTR-Cache-Host
X-JoinUs
X-SaId
CF-Cached-On
X-Page-View
Powered
X-Backend-TTL
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-ShopId
X-Alternate-Cache-Key
X-ShardId
Cache-Status
X-Varnishpool
X-Storefront-Renderer-Rendered
X-LAGOON
X-Cache-Grace
Country
X-Pubstack
X-PERF
X-ID
X-G
X-Time
X-ApacheServer
X-Soup
X-Forwarded-Host
X-Backend-Host
Decoy-Debug-Key
Decoy-Debug-Status
Fastly-SSL
X-Web-Node
X-Cluster-Name
Decoy-Debug-TTL
X-Storage
X-Say-TTL
X-SayCDN-TTL
X-ECache
X-Say-Cacheable
Node
SRV
X-IP
X-Ruxit-Js-Agent
X-EC-Lua
X-NWS-UUID-VERIFY
X-Cache-Enabled
X-Cdn
X-TX-ID
X-Viewer-Country
X-A-Dam
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-A-Ccd
DCR-Processing-Time-Ms
MD5-Digest
Meta-Geo-Continent
Mobile-Detection-Method
Machine
X-A
Rendered-Blocks
Fastcgi-X-Cache-Version
Host-ID
DCR-Decision-By
X-Cache-NE
X-Session-Fingerprint
X-ScT
X-S-Cookie
X-Trv-Group
X-Via-CDN
X-Vdms-Version
X-PBS-Appsvrname
X-Destination
X-S
X-External-Request-Id
X-RCS-CacheZone
X-Processor
X-PAYTM-SRV-ID
X-APP-VERSION
X-Request-UUID
X-Rojux
X-Rewrite-Enabled
X-A-Dcw
X-D
X-Vdms-Path
X-B-Cookie
Xc-Version
X-Worker
X-CF-Lambda-Fn
X-ARC
X-Application
X-A-Dgt
X-A-Wwc
X-Aed
X-Tumblr-Pixel-3
X-Vtex-Remote-Cache
X-CF-Lambda-Version
X-VG-WebServer
X-VG-WebCache
X-Vtex-Processado-Em
X-Connection-Hash
X-IPS-LoggedIn
X-Cache-Config
X-Rebelmouse-Cache-Control
X-Platform-Server
X-Rebelmouse-Surrogate-Control
X-VG-TLSProxy
X-Varnish-Remaining-TTL
X-WADP-Cache
X-Varnish-CookieHashed-On
X-Servername
X-Varnish-CookieINHashed-On
X-Variation
CDN-Cache
Fastly-SWR
Gh-Request-Id
Fastly-SIE
X-DefElseHash
CloudFront-Viewer-Country
X-DefHash
X-CUA
X-Core-Value
Platform
X-Cache-Bucket
X-Cache-Debug
X-Clara-WADP
Is-Eu
X-Cms-Context
CDN-Uid
CDN-RequestId
X-Generation-Time
X-Fmm-Version
X-Micro-Cache
X-Microcachable
Adler-Geo
X-Ms-Request-Id
X-Fastly-Cache
X-Envoy-Decorator-Operation
CDN-PullZone
CDN-RequestCountryCode
CDN-EdgeStorageId
CDN-CachedAt
X-DPWN-IS-SECURE
X-Ms-Version
X-Auto-Login
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-Cache-Backend
X-UA
X-B3-Traceid
X-GEO
Backend
X-Bc-Bl
X-Clientip
X-Core-Mission
X-Cache-NGX
X-Fastly-Backend
X-Gamma-Serve
X-Generated-On
X-Cache-Id
X-Esi-Check
X-Dispatcher-Server
X-Developers
X-Varnish-Ttl
PFcat
Rt-Fastcgi-Cache
Origin
NM-Fastcgi-Cache
L
Wxu-Next-Commit
Wxu-Next-Hostname
X-Branch-Name
X-Bip
X-Backend-State
Wxu-Next-Region
X-Cache-Date
X-Gzip
X-Skip-Cache
X-Slack-Backend
X-Request-Start
X-Request-Host
X-Owner
X-Policy
X-Thanos
X-Varnish-Cacheable
X-Irp-Debug
X-Platform
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-VarnishDD-TTL
X-Webstats-RespID
X-OVcl-Cache
X-OVcl
X-Is-Gdpr
X-JWT-State
X-HS-Content-Campaign-Id
X-HN
X-Has-Esi
X-Hash
X-Level-Front-Cache
X-Li-Fabric
X-Method
X-Old-Content-Length
X-Location
X-LI-UUID
X-Li-Pop
X-Geo-Header
X-SN
CacheControlHeader
C-Via
Fastly-Drupal-HTML
AKAMAI
Akamai-GRN
Fastly-Backend-Name
X-CS
X-B3-Spanid
X-CGP
X-Csrf-Jwt
X-Mvc-Supplant-Cachable
X-PF-Uncompressing
X-Cache-Tags
X-Eu-Site
X-Transaction
X-Content-Age
X-Render-Time
X-Reqid
X-Twitter-Response-Tags
L5d-Success-Class
Ha-Gx-Prefs
Pagetype
HA-Ipaddr
X-Erf-Bev-Bev-Is-Generated
X-EIG-Tracking-Id
X-Erf-Bev-Bev
X-Cache-Remote
FSS-Proxy
X-Minions-Version
X-Refresh
X-DC
X-TA-CDN-Provider
X-Sql-Count
X-Sql-Duration-Ms
Country-Code
X-Wa
X-Amz-Meta-Cb-Modifiedtime
UCS
X-Aicache-OS
X-NODE
X-Accel-Expires-Debug
X-Via-Poph
X-Date
X-CACHE-AGE
X-Via-Popn
Surrogated-Key
X-NGENIX-Cache
X-Hp-Webp
NGX
X-Vgn-Hpd-Variations-Key
X-NU-AKA-ACS-Version
XServer
X-Vgn-Hpd-Cached
X-SRV
X-Up
X-Edge-Location
X-Presslabs-Stats
X-Www-Served-By
X-LB-ID
X-Req
X-RateLimit-Remaining
X-Dc
HostName
X-Cdn-Srv
X-Cache-URL
Hostname
Group
X-S-Maxage
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Mvc-Supplant-OutputCached
We-Hiring
X-Ftr-Cache-Host
Cache-Hits
Memcached
Mail-Subject
Ufe-Result
Time
Protected
X-Check-Cacheable
X-Nginx-Cache
X-FPC
X-LI-Proto
X-Proxy-Upstream
Edge-Copy-Time
X-Ua-Device
X-Servedbyhost
X-Via-Edge
X-Via-SSL
Now
ServedBy
Geoip-Latitude
On-Server
X-Varnish-Hostname
X-Svr
GeoIp-Country-Code
X-BC
X-ZONE
X-Agile-Age
X-Agile-Id
X-Request-Time
X-Agile
T-Server
X-Cdn-Forward
X-Acc-Rdl
X-FORWARDED-FOR
X-Pass-Why
X-CSRF-TOKEN
M-TraceId
X-LiteSpeed-Cache-Control
X-VCL-Version
X-NGINX-Cache
X-Cluster-Node
X-UnsetCookies
SID
Xserver
Pics-Label
X-Cs
X-Datadome
X-Via-Popv
X-Uri
X-MP-GENERATED-AT
N-Cache
Server-Host
X-Dynatrace-Js-Agent
X-Zone
X-Varnish-Hits
X-Bc
WZWS-RAY
X-HS-Status
X-APP
Section-Io-Id
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Arc-Country
Section-Origin-Responded
X-VC
X-SB
X-Srv
X-CF-Powered-By
X-Erf-Stays-Bingo-Pdp-Web
Magicmarker
NtCoent-Length
Ohc-File-Size
Cdn-Host
VivaBuild
ProcessTime
Viewtype
Processtime
X-Edge-Server
X-TT-LOGID
X-We-Are-Hiring
Apigw-Requestid
X-Info
Cdn-Request-Time
User-Agent
Ohc-Cache-HIT
DSUID
W
X-UA-Device-Type
X-MSEdge-Features
X-Action
Sid
Cache-Name
X-RunCloud-Cache
X-Via-Ucdn
X-MSEdge-Flight
Memory
Odigeo-Trace-Id
Geo-Info
LB
Cteonnt-Length
User-Cache-Control
Srv
X-Unique-ID
Tracecode
X-Origin-Date
WWW-Authenticate
X-RPS
X-RPM
X-DI
X-DB
X-Oss-Cdn-Auth
X-RSL
X-DSS
CF-IPCountry
X-DW
X-Newrelic-App-Data
CountryCode
X-HOST
Server-Info
Ssr
S-Rt
X-Vcl-Version
X-Tb
CDN
X-Geo
X-Vgn-Hpd-Ssi
WebServer
X-HITS
X-Dynatrace
X-Cache-Hfrom
X-Cache-Hm
Amp-Access-Control-Allow-Source-Origin
X-Pjax-Url
X-Magnolia-Registration
Lfy
X-Hit
X-Webkit-CSP-Report-Only
SR-User-Adfree
Thinkindot-CacheControl
X-Thinkindot-L3
Sever-Int
Server-Hostname
Thinkindot-CacheControl-Type
Thinkindot-Control
X-SRCache-Key
V-Age
X-SVT-ORM-RULES
True-Client-Country-4JS
X-SVT-ORM-VERSION
Server-Ext
Path
D-Cc-Upstream
X-Varnish-Authentication
X-Varnish-Url
X-VServer
X-Newrelic-Synthetics
X-Cc-Req-Id
X-User
IsBot
Locid
Instruction
CDCHOST
X-Scheme
Vix-Hermes-Req-Id
Web-Mar-Node
X-Node-Id
X-Nyt-Route
X-Nginx-Cache-Key
X-Matched-Rule
X-Loc
X-Server-IP
X-Origin-CC
X-Origin-TTL
X-Request-URI
X-Origin-Time
X-SD-PageType
X-Origin-Expires
X-Hnp-Log
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Block-Status
X-Cache-ASPX
X-BBXSRF
X-BBC-Edge-Cache-Status
X-API-Version
X-Cache-Expires
X-SIPLIST1
X-Gen-Mode
X-Gdpr
X-Developer
X-Contensis-Viewer-Groups
X-Response-By
X-Cc-Via
X-Fastly-Country-Code
A
X-CACHE-KEY
X-Nc
X-CLOUD-TRACE-CONTEXT
Lb
X-Cdn-Origin
X-Azure-Ref-OriginShield
Release
X-FC-Vary-Parameters
MIME-Version
Pramga
X-Device-Os
Server-ID
X-Generated-In
X-Swa-Ws
X-Trace-Id
X-Traceid
X-Var-Ttl
X-Akamai-Request-ID2
X-Sn-Servicetimems
Cache-Host
X-GeoIP-City
X-NodeID
X-Fetched-On
X-Cache-Info
GeoIP-Country-Code
GeoIP-Latitude
X-Provided-By
X-Li-Proto
X-Via-NSCOPI
X-Fpc
Cdn
X-Epic-Correlation-Id
X-Envoy-Upstream-Healthchecked-Cluster
X-ServedByHost
Tcn
X-Cache-Tag
Cf-Device-Type
Accept-Language
X-Lb-Id
FNAC-ModuleRouting
Source
X-Men
Esi-Enabled
X-Amzn-Remapped-Date
Kp-EeAlive
X-HostName
X-Origin-Response-Time
X-Browser-Type
X-StackifyID
X-TH-Server
X-Amzn-Remapped-Connection
X-Akamai-Pragma-Client-IP
Server-Ttl
X-SERVER-NAME
X-Served-From
X-Rocket-Build-Number
Cache-Key
X-Sigma-Backend
X-Sigma
Actual-Object-TTL
X-B3-SpanId
X-ORACLE-APMCS-REQUEST-ID
X-WA
X-Instart-Request-ID
X-Via-PopN
Content-Script-Type
Content-Style-Type
Expiry
X-Key
X-Parent-Response-Time
X-Via-PopV
Cache-Provider
X-Via-PopH
X-No-Cache
X-Mobile-Rewrite
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Agile-Brick-Ok
X-Batcache
X-Vgn-Hpd-Reason
X-Yottaa-OS
Inserted-Into-Cache-At
Location
X-Tt-Logid
X-VC-Cache
Req-Svc-Chain
X-ServiceProvider
X-Request-URL
X-MiniProfiler-Ids
X-ElasticPress-Query
X-Vcache
X-B3-Parentspanid
X-PJAX-URL
Content-Secure-Policy
X-RateLimit-Limit
X-BBC-Origin-Response-Status
Proxy-Firewall
X-Varnish-Beresp-TTL
X-Apw-Access-Action
X-Proxy-Cachei7
Mime-Version
Xkeyi7
X-Apw-Access-Object
X-Apw-Hits
X-Dispatch
X-Apw-Access-Token
X-Akamai-Request-ID
Who
X-Instart-Info
Origin-Edge-Control
URI
EpKe-Alive
Origin-Cache-Control
Url
X-Selected-Host-Header
X-Geo-Region
X-Selected-Name
X-Selected-Scheme
BehaviorPad-Version
Server-Id
Vha6-Origin
X-TraceId
Powered-By
Resin-Trace
X-Snapshot-Date
Pragrma
HitType
X-C
X-RAMCache
X-Dw-Trace-Id
PICS-Label
Cf-Alt-Svc
Xet-Cookie
NnCoection