Threat Level: green Handler on Duty: Remco Verhoef

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
CF-RAY
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-UA-Compatible
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-Served-By
CF-Ray
X-Xss-Protection
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-Iinfo
P3p
X-Content-Security-Policy
X-AspNetMvc-Version
Status
Content-Encoding
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Cache-Group
X-Server
X-Backend
X-Hacker
X-Amz-Request-Id
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
X-UA-Device
Request-Context
X-Proxy-Cache
EagleId
X-Turbo-Charged-By
X-Server-Powered-By
X-Template
Server-Timing
X-Language
X-Nginx-Cache-Status
Grace
Host-Header
Report-To
X-Dns-Prefetch-Control
X-Rq
X-Page-Speed
Xkey
X-Ua-Compatible
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-Buckets
X-Vhost
X-WebKit-CSP
X-Host
X-Backend-Server
X-Server-Id
X-Dispatcher
X-Device
NEL
Surrogate-Control
X-Node
Accept-CH-Lifetime
X-Ruxit-JS-Agent
Request-Id
Content-Location
Accept-CH
X-Response-Time
EagleEye-TraceId
X-Cache-Lookup
X-Akam-SW-Version
X-Origin-Cache
X-Ac
Allow
X-Readtime
Rating
X-Mod-Pagespeed
X-HW
X-Country
X-Cloud-Trace-Context
X-Application-Context
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-EdgeConnect-Origin-MEX-Latency
Edge-Control
X-EdgeConnect-MidMile-RTT
Pinterest-Generated-By
X-TtlSet
X-Vname
X-PC
X-MS-InvokeApp
X-Cnection
X-DataDome
X-Country-Code
X-CST
X-Varnish-TTL
X-GitHub-Request-Id
X-Content-Type
X-D2id
X-Clacks-Overhead
X-Server-Name
X-Trace
X-Sol
Display
Response
X-Middleton-Display
X-Middleton-Response
Pagespeed
X-Origin-Upstream-Status
Pinterest-Version
X-Pinterest-Rid
X-FastCGI-Cache
MS-Author-Via
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
X-Vcap-Request-Id
X-Abt-Application-Version
X-Px
X-Rack-Cache
X-B3-TraceId
X-Navigation-Version
X-ESI
Service-Worker-Allowed
X-Url
Verso
X-Fastly-Request-ID
X-TTL
Arr-Disable-Session-Affinity
X-Client-IP
X-Webkit-CSP
X-Element-Page-Cache
X-Cache-TTL
X-Cached
X-DynaTrace
X-FTR-Request-ID
X-Dw-Request-Base-Id
X-VARITI-CCR
X-SharePointHealthScore
SPRequestGuid
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-Powered-By-Plesk
X-Exp-Id
X-Goog-Hash
X-Kinja-Server
X-Cdn-Fetch
X-Use-Magma
X-Upstream
Fastly-Restarts
X-NF-Request-ID
AR-PoweredBy
AR-ATIME
AR-Request-ID
AR-CACHE
X-Debug
Ar-Sid
Content-MD5
X-MSEdge-Ref
X-Pinterest-Direct
SPRequestDuration
SPIisLatency
X-Forwarded-Proto
X-Powered-CMS
X-Version
Access-Control-Request-Method
X-Release
X-T
X-Amz-Rid
X-Jurisdiction
S
X-Content-Digest
X-Edge
TCN
X-XRDS-Location
RTSS
TP-L2-Cache
TP-Cache
Cache-Tag
Public-Key-Pins
X-Ezoic-Cdn
X-Litespeed-Cache
X-Ttl
Front-End-Https
X-Node-Name
X-MCACHE
X-Mid
X-Yandex-Sdch-Disable
Server-Node
X-Request-Received
X-Cache-Key
X-Request-Processing-Time
X-Mg-S
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-Recruiting
X-Amzn-Trace-Id
X-Accel-Expires
X-HP-Webp
X-B3-TraceId-Primal
MRF-Tech
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Mrf-Cache-Status
X-Ser
X-Kinsta-Cache
X-PressLabs-Stats
X-Grace
X-NWS-LOG-UUID
Accept-Ch
X-Request-Handler-Origin-Region
X-Microsite
X-ASPNET-VERSION
X-Origin-Server
Accept-Charset
X-Varnish-Age
X-Logged-In
ServerID
MicrosoftSharePointTeamServices
X-DIS-Request-ID
Cf-Bgj
X-Page-Id
Host
X-Shield-Request-Id
Nginx-Cache
X-Cache-Hit
X-Ratelimit-Remaining
Edge-Cache-Tag
X-Content-Security-Policy-Report-Only
X-ECACHE
X-Server-ID
Powered-By-ChinaCache
X-B
X-Hostname
Cache-Tags
X-Forwarded-For
X-Mobile-URL
X-F-Cache
X-LB-Cache
X-Hits
X-Respond-Thread
Cleartype
Realpath
X-Az
X-AppVersion
X-Activity-Id
X-Git-Hash
X-Cached-By
X-N
X-Upgrade-Enabled
Alternate-Protocol
X-Content-Options
X-Ratelimit-Limit
X-Kong-Upstream-Latency
DynaTrace
X-Type
X-Kong-Proxy-Latency
X-Cache-Age
X-Rid
X-Varnish-Backend
X-Request-Guid
X-Load-Cache
Paypal-Debug-Id
X-App-Environment
X-Amz-Meta-S3cmd-Attrs
X-Jobs
X-FTR-Backend
Fastcgi-Useragent
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Balancer
X-Seen-By
Access-Control-Allow-Method
X-FTR-Expires
Nel
X-Proxy
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-WebKit-CSP-Report-Only
X-Correlation-ID
X-URL
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-GUploader-UploadID
X-Zen-Fury
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-FireWall-Port
X-HS-Combine-CSS
X-Akamai-Edgescape
Charset
X-B3-Sampled
Filterid
X-VCache
X-FB-Debug
X-Daa-Tunnel
X-Varnish-Grace
X-IPLB-Instance
X-B-Cache
X-Signature
Filters
X-Mobile
X-Host-Name
X-AOL-HN
X-Debug-Info
Healthy
MS-CV
DC
X-Whom
Viewport
X-Region
AMP-Access-Control-Allow-Source-Origin
X-User-Agent
X-Geo-Country
X-Frontend
X-App-Server
X-Cache-Rule
Payment
X-Original-Request-Id
X-Accel-Buffering
X-Cache-Operation
X-Response-Served-From
Liferay-Portal
X-XRDS-LOCATION
Accept-Ch-Lifetime
X-HTML-Minification-Powered-By
X-Instance
X-Distributor
X-UUID
X-Tumblr-Pixel-2
X-Cache-Time
X-Cacheable-TTL
X-Tumblr-User
X-Rule
Surrogate-Key
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Refresh
X-Content-Powered-By
X-Protected-By
X-FW-Server
X-FW-Serve
X-FW-Type
X-FW-Static
X-Acc-Debug-Context
X-FW-Hash
X-FW-Dynamic
X-Amz-Replication-Status
X-Id
S-Cnection
X-Via-JSL
X-Rendered-As
X-Cache-Expired-At
X-Is-Bot
Content-Disposition
Section-Io-Cache
X-Wix-Request-Id
X-Hyper-Cache
Version
X-Backend-Name
X-Sucuri-ID
X-Amz-Apigw-Id
X-Cache-Action
X-Amzn-RequestId
GEO-INFO
Datacenter
X-Ah-Environment
Server-Name
X-Endurance-Cache-Level
CACHE
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Oneagent-Js-Injection
X-App-Version
Arc-Version
PB-PID
X-Pinterest-Sli-Response-Type
PB-RID
Retry-After
X-Pinterest-Sli-Endpoint-Name
X-Pinterest-Sli-Latency-Threshold
X-Cache-Server
X-Air-Hostname
X-Ua
X-Source
X-EdgeConnect-Cache-Status
X-Unique-Id
X-Real-IP
Eomportal-Instance
X-Framework
X-ProcessESI
X-RemovedCookies
Referer-Policy
X-Varnish-Server
X-L-Path
X-Yottaa-Optimizations
X-Environment-Context
X-Revision
X-Yottaa-Metrics
X-Sucuri-Cache
Frame-Options
X-RTag
Ms-Operation-Id
NGB
X-Drupal-Cache-Contexts
Webserver
Akamai-Age-Ms
Countrycode
X-Cache-Control
X-Cache-Var-Map
X-Proxy-Cache-Status
X-Cache-Var
X-RN-RSRV
X-WA-Info
X-Drupal-Cache-Tags
Meta-Geo
X-ES-SERVER
X-Azure-Ref
X-Mode
X-Time-Microsecs
X-Qloud-Router
DB-Nickname
X-ProxyCache-Status
X-BYPASS-REASON
X-ProxyCache-Key
X-R9-Blue-Green-Version
X-Xfnlog-Site
X-DynaTrace-JS-Agent
X-Cache-Host
Cache-Tv-Group
X-Cache-TTL-Remaining
X-GeoIP
X-TNCMS
X-Redis-Cache
X-VWS-Id
X-Status
X-Server-W
X-NYM-Debug-Backend
Ec-Rule-Version
Mn-Server-Ip
Webcakes-App-Version
Cross-Origin-Window-Policy
X-Amzn-Remapped-Content-Length
Property-Id
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Privacy
Webcakes-App-Name
TWC-GeoIP-Country
TWC-Device-Class
X-AWS-Id
X-Cluster
X-OCL
TWC-Locale-Group
X-Origin-Hint
X-PCL
X-PHP-Host
X-Loop
X-LJ-Flow-ID
X-Handled-By
X-FW-Version
X-Hosted-By
X-Human
X-Labrador-Cache-Channel
X-Hl-Ver
Webcakes-Region
X-From
X-Locale
X-Proxied
X-Proxy-Build
X-Format
X-FB-TRIP-ID
Selected-Fe
X-TIME
X-Detected-As
X-ServerID
X-Routing-Service
X-No-Session
X-Zipkin-Id
X-Be
X-Via-Fastly
X-Proto
X-Section
X-Site-Version
X-Timing-Wait
X-Contextid
X-Access
X-Flags
X-Is-Crawler
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-NewRelic-App-Data
X-Route-Name
FSS-Cache
X-Correlation-Id
X-Adobe-Content
Uber-Trace-Id
X-Adobe-Loc
X-CDN-Forward
X-Debug-Cache
X-AIR-PT
X-Cache-PHP
X-ATG-Version
X-Generated-By
X-Device-Type
X-PHP-Backend
X-TT
X-BCube-Filmed-By
X-Ratelimit-Reset
X-Cache-Spec
X-Esi
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-NC
Upgrade-Insecure-Requests
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-CSRF-Token
Azure-Version
Azure-InstanceId
Azure-SiteName
Azure-SlotName
X-Varnish-Cache-Hits
Azure-RegionName
X-LLID
Access-Control-Request-Headers
OT-Force-Account-Verify
From-Origin
Cache
X-NCache
X-COUNTRY
X-UPSTREAM-Address
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Origin
X-Varnish-Ttl
X-Oss-Request-Id
X-GoCache-CacheStatus
X-Oss-Storage-Class
X-Oss-Server-Time
X-Akamai-Transformed
SD-X-WS
X-CCM
X-FTR-Cache-Host
X-Cache-2
X-Adobe-Source
X-SaId
Powered
X-JoinUs
CF-Cached-On
X-Backend-TTL
X-Page-View
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-Sorting-Hat-PodId
Cache-Status
X-ShopId
X-LAGOON
X-Alternate-Cache-Key
X-Varnishpool
X-ShardId
X-ID
X-ApacheServer
Country
X-Time
X-Soup
X-PERF
X-Cache-Grace
X-Forwarded-Host
X-Pubstack
X-G
X-Backend-Host
X-Say-Cacheable
Fastly-SSL
X-Say-TTL
X-SayCDN-TTL
X-Storage
Decoy-Debug-TTL
Decoy-Debug-Status
X-Web-Node
Decoy-Debug-Key
X-Cluster-Name
Node
X-ECache
X-APP-VERSION
X-Ruxit-Js-Agent
X-IP
X-Cache-Enabled
X-TX-ID
X-Cdn
X-Viewer-Country
X-NWS-UUID-VERIFY
X-EC-Lua
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
X-A-Dam
X-A-Ccd
X-GEO
Machine
Mobile-Detection-Method
MD5-Digest
Meta-Geo-Continent
Host-ID
Fastcgi-X-Cache-Version
X-A
Rendered-Blocks
DCR-Processing-Time-Ms
DCR-Decision-By
X-CF-Lambda-Fn
X-ScT
X-S-Cookie
X-External-Request-Id
X-Session-Fingerprint
X-Trv-Group
X-Vdms-Path
X-Destination
X-Via-CDN
X-S
X-Rojux
X-Processor
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-RCS-CacheZone
SRV
X-Rewrite-Enabled
X-A-Dcw
X-Request-UUID
X-Vdms-Version
X-D
X-B-Cookie
Xc-Version
X-Worker
X-Cache-NE
X-ARC
X-Application
X-A-Dgt
X-A-Wwc
X-Aed
X-Tumblr-Pixel-3
X-CF-Lambda-Version
X-Vtex-Remote-Cache
X-VG-WebServer
X-Connection-Hash
X-Vtex-Processado-Em
X-VG-WebCache
X-Cache-Config
X-IPS-LoggedIn
X-Varnish-CookieINHashed-On
X-Platform-Server
X-Varnish-Remaining-TTL
X-Rebelmouse-Cache-Control
X-Varnish-CookieHashed-On
X-VG-TLSProxy
X-WADP-Cache
X-Variation
X-Servername
X-Rebelmouse-Surrogate-Control
CDN-Cache
Fastly-SWR
X-CUA
Fastly-SIE
X-DefElseHash
CloudFront-Viewer-Country
X-DefHash
Gh-Request-Id
X-Core-Value
X-Cache-Bucket
Platform
X-Cache-Debug
X-Clara-WADP
Is-Eu
X-Cms-Context
CDN-Uid
CDN-RequestId
X-Generation-Time
CDN-CachedAt
X-Micro-Cache
X-Microcachable
X-Ms-Version
X-Ms-Request-Id
X-Fmm-Version
X-Fastly-Cache
CDN-PullZone
CDN-RequestCountryCode
CDN-EdgeStorageId
X-DPWN-IS-SECURE
X-Envoy-Decorator-Operation
Adler-Geo
X-Auto-Login
X-Varnish-Beresp-Ttl
X-B3-Spanid
X-Varnish-Beresp-Status
X-Fastcgi-Cache
X-Varnish-Beresp-Grace
X-UA
X-B3-Traceid
Backend
X-Cache-Backend
X-Bc-Bl
X-Developers
X-Cache-NGX
X-Clientip
X-Dispatcher-Server
X-Esi-Check
X-Geo-Header
X-Generated-On
X-Gamma-Serve
X-Fastly-Backend
X-Cache-Id
X-Bip
Wxu-Next-Commit
Rt-Fastcgi-Cache
NM-Fastcgi-Cache
PFcat
Wxu-Next-Hostname
Wxu-Next-Region
X-Branch-Name
Origin
X-Backend-State
X-Gzip
X-Cache-Date
X-Hash
X-SN
X-Thanos
X-Slack-Backend
X-Skip-Cache
X-Request-Host
X-Request-Start
X-Varnish-Cacheable
X-VarnishDD-TTL
X-Irp-Debug
X-Platform
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Webstats-RespID
X-Policy
X-Owner
X-JWT-State
X-Level-Front-Cache
X-Is-Gdpr
X-HS-Content-Campaign-Id
L
X-HN
X-Li-Fabric
X-LI-UUID
X-OVcl
X-OVcl-Cache
X-Old-Content-Length
X-Method
X-Location
X-Has-Esi
X-Li-Pop
Akamai-GRN
Fastly-Drupal-HTML
Fastly-Backend-Name
C-Via
AKAMAI
CacheControlHeader
X-Mvc-Supplant-Cachable
Pagetype
HA-Ipaddr
X-PF-Uncompressing
Ha-Gx-Prefs
X-Cache-Tags
X-CGP
X-Eu-Site
X-Core-Mission
X-Reqid
X-Render-Time
X-Csrf-Jwt
X-Content-Age
L5d-Success-Class
X-Twitter-Response-Tags
X-Transaction
X-EIG-Tracking-Id
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Minions-Version
X-Cache-Remote
FSS-Proxy
X-Refresh
X-CS
X-DC
X-TA-CDN-Provider
X-Sql-Duration-Ms
X-Sql-Count
X-Amz-Meta-Cb-Modifiedtime
UCS
Country-Code
X-Aicache-OS
X-Wa
X-NODE
Surrogated-Key
X-Date
X-Accel-Expires-Debug
X-Via-Poph
X-Via-Popn
X-Hp-Webp
X-NGENIX-Cache
XServer
X-Www-Served-By
X-Req
X-Edge-Location
X-NU-AKA-ACS-Version
X-Vgn-Hpd-Cached
X-LB-ID
NGX
X-Up
X-Vgn-Hpd-Variations-Key
X-SRV
X-Presslabs-Stats
X-RateLimit-Remaining
X-Dc
X-Cache-URL
X-Cdn-Srv
X-Debug-Cache-Store
HostName
X-S-Maxage
Mail-Subject
Ufe-Result
Cache-Hits
Hostname
X-Mvc-Supplant-OutputCached
Group
X-Debug-Cache-Fetch
X-Ftr-Cache-Host
Memcached
We-Hiring
Time
Protected
X-Check-Cacheable
X-Proxy-Upstream
X-Via-Edge
X-LI-Proto
X-Nginx-Cache
X-Ua-Device
X-FPC
X-Via-SSL
X-Servedbyhost
Edge-Copy-Time
X-CACHE-AGE
Now
GeoIp-Country-Code
X-Varnish-Hostname
ServedBy
X-Svr
On-Server
Geoip-Latitude
X-BC
X-ZONE
X-Agile
X-Agile-Age
X-Agile-Id
X-Request-Time
T-Server
X-Cdn-Forward
X-FORWARDED-FOR
X-Cs
X-Pass-Why
X-Acc-Rdl
X-CSRF-TOKEN
M-TraceId
X-Cluster-Node
X-VCL-Version
X-NGINX-Cache
X-LiteSpeed-Cache-Control
X-UnsetCookies
SID
Xserver
X-Via-Popv
N-Cache
X-Datadome
Server-Host
X-MP-GENERATED-AT
X-Uri
X-Varnish-Hits
X-Dynatrace-Js-Agent
WZWS-RAY
X-Zone
X-Bc
Section-Origin-Responded
X-HS-Status
X-CF-Powered-By
Pics-Label
X-APP
Arc-Country
Section-Io-Id
X-Srv
X-VC
X-SB
X-Erf-Stays-Bingo-Pdp-Web
Section-Io-Origin-Status
Magicmarker
Section-Io-Origin-Time-Seconds
Srv
NtCoent-Length
Ohc-File-Size
Viewtype
Processtime
Cdn-Request-Time
X-TT-LOGID
Apigw-Requestid
X-We-Are-Hiring
VivaBuild
X-Info
ProcessTime
X-Edge-Server
Cdn-Host
DSUID
Ohc-Cache-HIT
User-Agent
X-HITS
X-UA-Device-Type
X-MSEdge-Flight
X-Action
Sid
W
X-Via-Ucdn
Memory
Cache-Name
X-MSEdge-Features
X-RunCloud-Cache
LB
User-Cache-Control
X-CACHE-KEY
Cteonnt-Length
Odigeo-Trace-Id
Tracecode
X-RPM
X-RPS
CF-IPCountry
X-Origin-Date
X-Oss-Cdn-Auth
X-RSL
WWW-Authenticate
X-DB
X-DI
X-DSS
X-DW
Server-Info
X-HOST
X-Newrelic-App-Data
CountryCode
WebServer
X-Vgn-Hpd-Ssi
X-Vcl-Version
Ssr
CDN
X-Tb
S-Rt
X-Magnolia-Registration
X-Dynatrace
X-Cache-Hfrom
Geo-Info
Amp-Access-Control-Allow-Source-Origin
X-Unique-ID
X-Cache-Hm
X-Pjax-Url
Lfy
X-Hit
X-Geo
X-Webkit-CSP-Report-Only
X-User
Web-Mar-Node
X-SVT-ORM-RULES
X-SIPLIST1
X-BBC-Edge-Cache-Status
X-Block-Status
X-Cache-ASPX
X-Cache-Expires
X-BBXSRF
X-API-Version
X-Cache-Info
X-SRCache-Key
Thinkindot-CacheControl-Type
CDCHOST
Server-Hostname
X-Scheme
X-Cc-Via
Instruction
IsBot
Path
Locid
Server-Ext
X-Cc-Req-Id
D-Cc-Upstream
True-Client-Country-4JS
V-Age
Vix-Hermes-Req-Id
X-Thinkindot-L3
Thinkindot-Control
X-Contensis-Viewer-Groups
Sever-Int
SR-User-Adfree
Thinkindot-CacheControl
X-SVT-ORM-VERSION
A
X-VServer
X-Varnish-Authentication
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Developer
X-Newrelic-Synthetics
X-Hnp-Log
X-SD-PageType
X-Origin-Time
X-Server-IP
X-Varnish-Url
X-Origin-Expires
X-Gen-Mode
X-Loc
X-Nginx-Cache-Key
X-Node-Id
X-Request-URI
X-Response-By
X-Origin-TTL
X-Nyt-Route
X-Origin-CC
X-Gdpr
X-Matched-Rule
X-Fastly-Country-Code
X-FC-Vary-Parameters
Release
Pramga
MIME-Version
X-NodeID
Cache-Host
Server-ID
GeoIP-Latitude
X-Traceid
X-Generated-In
GeoIP-Country-Code
X-Azure-Ref-OriginShield
X-Akamai-Request-ID2
X-Cdn-Origin
X-Device-Os
X-Fetched-On
X-Var-Ttl
X-Sn-Servicetimems
Lb
X-GeoIP-City
X-Trace-Id
X-Swa-Ws
X-Provided-By
X-Envoy-Upstream-Healthchecked-Cluster
Cdn
X-Fpc
X-ServedByHost
X-Nc
X-Li-Proto
X-Via-NSCOPI
X-Epic-Correlation-Id
X-Cache-Tag
X-Men
Source
Cf-Device-Type
Accept-Language
X-Lb-Id
FNAC-ModuleRouting
X-Sigma-Backend
X-Rocket-Build-Number
X-Sigma
X-StackifyID
Cache-Key
Esi-Enabled
X-Akamai-Pragma-Client-IP
X-TH-Server
X-Amzn-Remapped-Connection
X-Served-From
X-SERVER-NAME
X-Amzn-Remapped-Date
X-Browser-Type
X-Origin-Response-Time
Server-Ttl
Kp-EeAlive
X-ORACLE-APMCS-REQUEST-ID
Actual-Object-TTL
X-Key
X-Via-PopH
X-Instart-Request-ID
X-Via-PopV
X-Via-PopN
X-Parent-Response-Time
Cache-Provider
Expiry
Content-Style-Type
Content-Script-Type
X-WA
X-No-Cache
Location
Url
Req-Svc-Chain
X-ServiceProvider
X-Agile-Brick-Ok
X-VC-Cache
X-Mobile-Rewrite
X-Batcache
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Tt-Logid
X-Vgn-Hpd-Reason
X-Yottaa-OS
X-ElasticPress-Query
Inserted-Into-Cache-At
X-MiniProfiler-Ids
X-B3-SpanId
X-Request-URL
Tcn
X-Vcache
EpKe-Alive
X-RateLimit-Limit
X-Apw-Access-Object
X-Apw-Access-Action
PICS-Label
X-Apw-Hits
X-Varnish-Beresp-TTL
Content-Secure-Policy
X-B3-Parentspanid
Origin-Cache-Control
X-BBC-Origin-Response-Status
X-Apw-Access-Token
Proxy-Firewall
Xkeyi7
Origin-Edge-Control
X-Dispatch
Mime-Version
X-HostName
X-Instart-Info
X-Akamai-Request-ID
X-Proxy-Cachei7
URI
X-PJAX-URL
Who
X-Geo-Region
X-Selected-Scheme
X-Selected-Name
X-Selected-Host-Header
X-TraceId
BehaviorPad-Version
Server-Id
Vha6-Origin
Cf-Alt-Svc
X-C
Resin-Trace
X-Dw-Trace-Id
X-RAMCache
Pragrma
Xet-Cookie
NnCoection
HitType
Powered-By
X-Snapshot-Date