Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
CF-Ray
Alt-Svc
X-Served-By
X-Xss-Protection
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
P3p
X-DNS-Prefetch-Control
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
X-CDN
Upgrade
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Dns-Prefetch-Control
X-Ws-Request-Id
X-Template
X-Language
Feature-Policy
X-Age
X-Backend
X-Hacker
X-Amz-Request-Id
X-Server
X-Cache-Group
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
X-UA-Device
EagleId
X-Proxy-Cache
Request-Context
X-Turbo-Charged-By
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Host-Header
Grace
Report-To
X-Buckets
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
Cf-Railgun
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
X-Vhost
X-WebKit-CSP
X-Host
X-Backend-Server
X-Dispatcher
NEL
X-Device
X-Node
Surrogate-Control
Cf-Bgj
X-Server-Id
X-Ruxit-JS-Agent
Content-Location
X-Response-Time
X-Cache-Lookup
Request-Id
X-Origin-Cache
X-Akam-SW-Version
Accept-CH-Lifetime
X-Ac
EagleEye-TraceId
X-ASPNET-VERSION
Accept-CH
X-Country
X-HW
Rating
X-Mod-Pagespeed
X-Readtime
X-Cloud-Trace-Context
X-Application-Context
X-ORACLE-DMS-ECID
Allow
X-ORACLE-DMS-RID
Pinterest-Generated-By
Edge-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country-Code
X-Vname
X-TtlSet
X-PC
X-DataDome
X-Varnish-TTL
X-Url
X-Cnection
X-MS-InvokeApp
X-Origin-Upstream-Status
X-GitHub-Request-Id
X-Content-Type
Fusion-Source
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Template-Id
X-D2id
X-Clacks-Overhead
X-Trace
X-Middleton-Display
Response
Display
Pagespeed
X-Middleton-Response
X-Sol
Pinterest-Version
X-Pinterest-Rid
X-Abt-Application-Version
X-Server-Name
X-Vcap-Request-Id
X-Px
X-ESI
X-Navigation-Version
X-Rack-Cache
X-B3-TraceId
Verso
X-FTR-Request-ID
MS-Author-Via
Service-Worker-Allowed
X-Fastly-Request-ID
X-Webkit-CSP
X-Cached
X-Element-Page-Cache
X-DynaTrace
X-Client-IP
Arr-Disable-Session-Affinity
X-Cache-TTL
X-CST
X-FastCGI-Cache
X-Dw-Request-Base-Id
X-Powered-By-Plesk
X-Upstream
Content-MD5
Fastly-Restarts
X-SharePointHealthScore
SPRequestGuid
AR-CACHE
Accept-Ch
AR-ATIME
AR-Request-ID
AR-PoweredBy
Ar-Sid
X-Version
X-Forwarded-Proto
X-NF-Request-ID
X-VARITI-CCR
X-GoogleNews-Bot
X-Goog-Hash
X-Kinja
X-Exp-Variant
X-Kinja-Revision
X-Debug
X-Kinja-Server
X-Exp-Id
X-Kinja-Build
X-Use-Magma
X-Cdn-Fetch
X-TTL
X-T
X-Jurisdiction
X-MSEdge-Ref
X-Ttl
X-Powered-CMS
Access-Control-Request-Method
X-Release
X-Content-Digest
TP-Cache
TP-L2-Cache
SPIisLatency
SPRequestDuration
S
X-Edge
X-XRDS-Location
X-Pinterest-Direct
X-Amz-Rid
TCN
RTSS
Cache-Tag
X-Ezoic-Cdn
Public-Key-Pins
X-NWS-LOG-UUID
X-Node-Name
X-PressLabs-Stats
X-Yandex-Sdch-Disable
Fastcgi-Cache
X-Request-Received
X-Request-Processing-Time
X-Cache-Key
X-MCACHE
X-Mid
Server-Node
X-Accel-Expires
Front-End-Https
X-Amzn-Trace-Id
X-Server-ID
X-Ser
X-Recruiting
X-Kinsta-Cache
X-Request-Handler-Origin-Region
X-Logged-In
X-Microsite
ServerID
X-Cache-Hit
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
Accept-Charset
X-Origin-Server
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Mg-S
X-Page-Id
X-Ratelimit-Remaining
Accept-Ch-Lifetime
Host
X-Amz-Server-Side-Encryption
X-Grace
X-Varnish-Age
X-Content-Security-Policy-Report-Only
X-B
X-ECACHE
X-DIS-Request-ID
Alternate-Protocol
X-HP-Webp
Nginx-Cache
X-Shield-Request-Id
X-Mobile-URL
X-Hostname
Edge-Cache-Tag
X-Ratelimit-Limit
X-Forwarded-For
Realpath
X-Hits
X-F-Cache
X-Content-Options
X-Country-Code-Real
Filterid
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-LB-Cache
X-FTR-Backend
X-FireWall-Port
X-Git-Hash
X-FTR-Expires
X-Seen-By
MicrosoftSharePointTeamServices
X-AppVersion
X-Az
X-Load-Cache
X-Activity-Id
X-Jobs
X-Request-Guid
X-App-Environment
X-N
Paypal-Debug-Id
X-Type
X-Varnish-Backend
X-Rid
Cache-Tags
Fastcgi-Useragent
Cleartype
DynaTrace
X-Varnish-Grace
X-Upgrade-Enabled
X-Cached-By
X-WebKit-CSP-Report-Only
X-Zen-Fury
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Daa-Tunnel
Access-Control-Allow-Method
X-Proxy
X-Cache-Age
X-Litespeed-Cache
Powered-By-ChinaCache
X-FB-Debug
X-Akamai-Edgescape
X-Id
X-Amz-Meta-S3cmd-Attrs
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Respond-Thread
X-TEC-API-VERSION
X-App-Server
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Geo-Country
X-Goog-Stored-Content-Length
DC
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-Cache-Rule
X-Host-Name
X-Cache-Operation
X-HS-Combine-CSS
X-Correlation-ID
AMP-Access-Control-Allow-Source-Origin
X-B3-Sampled
X-Content-Powered-By
X-User-Agent
X-B-Cache
X-Signature
X-IPLB-Instance
X-AOL-HN
X-Debug-Info
Healthy
X-Response-Served-From
X-Original-Request-Id
X-Whom
MS-CV
X-Accel-Buffering
X-XRDS-LOCATION
Content-Disposition
X-Region
X-Wix-Request-Id
Payment
X-Mobile
X-Frontend
X-HTML-Minification-Powered-By
X-FW-Serve
X-Instance
X-FW-Server
X-UUID
X-Rule
X-FW-Type
X-FW-Static
X-FW-Hash
X-FW-Dynamic
X-Cacheable-TTL
X-Distributor
X-Is-Bot
X-Rendered-As
X-Cache-Time
X-VCache
X-Tumblr-Pixel
X-Tumblr-Pixel-2
Akamai-Age-Ms
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel-0
Refresh
X-Ua
Datacenter
X-Amz-Apigw-Id
Surrogate-Key
X-Amzn-RequestId
X-Endurance-Cache-Level
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
Charset
Filters
NGB
X-Protected-By
X-Via-JSL
X-Acc-Debug-Context
Viewport
Liferay-Portal
S-Cnection
Countrycode
Nel
Arc-Version
PB-PID
PB-RID
X-Backend-Name
X-Hyper-Cache
X-Ah-Environment
X-Oneagent-Js-Injection
X-Varnish-Server
X-Cache-Expired-At
X-App-Version
X-Cache-Server
X-Amz-Replication-Status
Section-Io-Cache
X-NewRelic-App-Data
Retry-After
GEO-INFO
X-Cache-Action
X-Sucuri-ID
X-PHP-Backend
Version
Referer-Policy
X-Source
X-Azure-Ref
X-EdgeConnect-Cache-Status
X-Cache-Control
X-Proxy-Cache-Status
X-WA-Info
X-Unique-Id
Eomportal-Instance
X-Environment-Context
X-ProcessESI
X-Framework
X-Real-IP
X-L-Path
X-RemovedCookies
Frame-Options
X-Air-Hostname
Meta-Geo
X-Cache-Var-Map
X-RTag
Ms-Operation-Id
X-Revision
X-Cache-Var
Server-Name
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-ES-SERVER
X-RN-RSRV
X-Mode
X-From
X-Correlation-Id
X-GeoIP
X-R9-Blue-Green-Version
X-Cache-TTL-Remaining
X-Cache-Host
X-Qloud-Router
X-Drupal-Cache-Contexts
X-TNCMS
X-DynaTrace-JS-Agent
X-Xfnlog-Site
X-Loop
X-Hosted-By
X-Status
Mn-Server-Ip
X-ProxyCache-Key
X-Human
X-ProxyCache-Status
X-FW-Version
X-Cluster
Uber-Trace-Id
X-BYPASS-REASON
X-Server-W
Powered
X-Time-Microsecs
Ec-Rule-Version
X-VWS-Id
X-Sucuri-Cache
DB-Nickname
Property-Id
X-Zipkin-Id
Cache-Tv-Group
X-NYM-Debug-Backend
X-Origin-Hint
X-Labrador-Cache-Channel
X-Detected-As
X-AWS-Id
Selected-Fe
X-Redis-Cache
X-Proxy-Build
X-Proxied
X-OCL
X-Locale
X-PCL
X-PHP-Host
X-Hl-Ver
X-Routing-Service
X-Site-Version
TWC-Privacy
Cross-Origin-Window-Policy
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-GeoIP-Country
Webcakes-App-Name
X-Timing-Wait
X-Handled-By
X-LJ-Flow-ID
X-Amzn-Remapped-Content-Length
Webcakes-Region
Webcakes-App-Version
TWC-Connection-Speed
X-FB-TRIP-ID
X-Fastcgi-Cache
X-Proto
X-Section
X-Format
X-Access
X-CSRF-Token
X-ServerID
X-Be
X-Generated-By
X-Via-Fastly
X-ATG-Version
X-Cache-PHP
FSS-Cache
X-Debug-Cache
X-Ratelimit-Reset
X-BCube-Filmed-By
X-Time
X-Drupal-Cache-Tags
X-CDN-Forward
X-No-Session
X-Device-Type
X-Contextid
Cache
X-SaId
From-Origin
X-JoinUs
Webserver
X-Esi
X-Hp-Webp
X-Varnish-Cache-Hits
CACHE
X-FTR-Cache-Host
X-URL
X-NC
X-AIR-PT
X-Adobe-Loc
X-Adobe-Content
CF-Cached-On
X-NCache
OT-Force-Account-Verify
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Origin
X-Oss-Object-Type
X-TIME
X-NWS-UUID-VERIFY
Azure-RegionName
VIX-Pulpo-Upstream-Status
Azure-SiteName
VIX-Pulpo-Node
Azure-InstanceId
X-GoCache-CacheStatus
Azure-Version
Azure-SlotName
X-TT
X-Akamai-Transformed
X-APP-VERSION
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-IPS-LoggedIn
X-TA-CDN-Provider
X-IP
Upgrade-Insecure-Requests
X-Is-Crawler
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Bc-Bl
X-EIG-Tracking-Id
X-Route-Name
X-Flags
X-Cache-Enabled
Access-Control-Request-Headers
SD-X-WS
X-Adobe-Source
X-Backend-Host
X-Cache-2
X-ECache
X-Storefront-Renderer-Rendered
X-Ruxit-Js-Agent
X-Sorting-Hat-ShopId
X-ShopId
X-ShardId
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Shopify-Stage
X-EC-Lua
X-Backend-TTL
X-ApacheServer
X-Pinterest-Sli-Endpoint-Name
X-Cache-Grace
X-CCM
X-Forwarded-Host
X-PERF
X-Pubstack
X-Tumblr-Pixel-3
X-Pinterest-Sli-Latency-Threshold
X-Soup
X-Pinterest-Sli-Response-Type
X-LAGOON
X-SayCDN-TTL
X-Viewer-Country
X-Cluster-Name
X-Varnishpool
X-Say-TTL
X-Say-Cacheable
X-Cdn
X-Storage
Node
Cache-Status
X-Web-Node
Decoy-Debug-TTL
Fastly-SSL
Decoy-Debug-Status
X-Cache-Backend
Decoy-Debug-Key
X-D
X-RCS-CacheZone
X-A-Ccd
Apple-News-Services-Parsed-Url
X-S-Cookie
X-Destination
X-A-Dgt
X-A-Dcw
X-PAYTM-SRV-ID
X-A-Dam
X-CF-Lambda-Fn
X-Application
X-Aed
X-ScT
MD5-Digest
X-ARC
X-B-Cookie
X-Transaction
Apple-News-Services-Request-Url
Meta-Geo-Continent
X-A-Wwc
X-CF-Lambda-Version
X-External-Request-Id
X-Cache-NE
X-Connection-Hash
X-A
X-Vdms-Path
X-Vtex-Processado-Em
Host-ID
X-Vtex-Remote-Cache
X-Processor
X-Request-UUID
X-VG-WebServer
DCR-Processing-Time-Ms
Rendered-Blocks
X-Vdms-Version
Fastcgi-X-Cache-Version
X-VG-WebCache
X-PBS-Appsvrname
X-Rewrite-Enabled
Machine
DCR-Decision-By
Apple-News-Services-Handled
Apple-News-Services-Host
Mobile-Detection-Method
X-Rojux
Xc-Version
X-Trv-Group
X-Twitter-Response-Tags
X-Worker
X-S
X-Cache-Config
X-UPSTREAM-Address
X-Rebelmouse-Surrogate-Control
CDN-EdgeStorageId
Country
CDN-CachedAt
X-Varnish-Beresp-Status
Fastly-SWR
CDN-RequestCountryCode
X-Servername
X-Rebelmouse-Cache-Control
X-Generation-Time
Fastly-SIE
X-Vgn-Hpd-Variations-Key
X-Ms-Version
X-Ms-Request-Id
X-Micro-Cache
X-VG-TLSProxy
X-G
X-Vgn-Hpd-Cached
CloudFront-Viewer-Country
X-Varnish-Beresp-Ttl
X-Cache-Bucket
CDN-PullZone
CDN-Uid
CDN-RequestId
X-Varnish-Beresp-Grace
CDN-Cache
X-Platform-Server
X-Fastly-Cache
X-Envoy-Decorator-Operation
X-TX-ID
Backend
X-UA
L
Country-Code
Is-Eu
Fastly-Drupal-HTML
X-Clara-WADP
X-Microcachable
X-Method
X-Minions-Version
X-Old-Content-Length
X-OVcl
X-LI-UUID
X-Li-Pop
X-Hash
X-HS-Content-Campaign-Id
X-Irp-Debug
X-Li-Fabric
X-OVcl-Cache
X-Owner
X-Request-Host
X-Render-Time
X-Thanos
X-SN
X-Request-Start
X-Skip-Cache
X-Varnish-Cacheable
X-Variation
X-Platform
X-Policy
X-WADP-Cache
X-Webstats-RespID
X-Accel-Expires-Debug
X-Backend-State
X-Bip
X-Slack-Backend
Wxu-Next-Region
Wxu-Next-Hostname
Platform
Rt-Fastcgi-Cache
Surrogated-Key
Wxu-Next-Commit
X-Clientip
X-Core-Mission
X-Auto-Login
Gh-Request-Id
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Fmm-Version
X-Fastly-Backend
X-Core-Value
X-CUA
X-Date
X-DPWN-IS-SECURE
Origin
X-Cache-NGX
X-Varnish-Ttl
Adler-Geo
Akamai-GRN
C-Via
X-NGENIX-Cache
X-Level-Front-Cache
X-HN
X-Gzip
PFcat
NM-Fastcgi-Cache
X-Up
X-Reqid
X-Req
X-Mvc-Supplant-Cachable
Time
X-Gamma-Serve
X-CGP
X-Cache-Tags
X-Cache-Id
X-Cache-Date
X-Content-Age
X-Csrf-Jwt
X-VarnishDD-TTL
X-Eu-Site
X-Esi-Check
X-Dispatcher-Server
X-Generated-On
L5d-Success-Class
X-Has-Esi
X-Developers
X-DefHash
X-Is-Gdpr
X-JWT-State
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-DefElseHash
X-Cms-Context
CacheControlHeader
AKAMAI
Fastly-Backend-Name
HA-Ipaddr
Ha-Gx-Prefs
X-Amz-Meta-Cb-Modifiedtime
X-Session-Fingerprint
X-Cdn-Srv
X-Cache-Debug
X-Geo-Header
X-Cache-URL
X-Location
X-Edge-Location
X-CS
X-Wa
Now
X-Aicache-OS
FSS-Proxy
X-Branch-Name
X-Page-View
We-Hiring
Memcached
Pagetype
UCS
Mail-Subject
Ufe-Result
Group
X-RateLimit-Remaining
X-Refresh
X-Proxy-Upstream
X-B3-Spanid
X-NODE
X-GEO
SRV
X-DC
X-LB-ID
X-CACHE-GROUP
X-PF-Uncompressing
X-CACHE-AGE
X-Agile
X-Agile-Id
X-Via-Poph
X-B3-Traceid
X-Via-Popn
X-Agile-Age
X-Dc
X-BC
X-Debug-Cache-Fetch
NGX
X-ZONE
X-Debug-Cache-Store
X-Mvc-Supplant-OutputCached
X-Via-CDN
HostName
Hostname
X-Datadome
X-Ftr-Cache-Host
X-Ua-Device
M-TraceId
X-LI-Proto
X-Servedbyhost
X-Sql-Count
X-SERVER
X-Nginx-Cache
X-Sql-Duration-Ms
X-NU-AKA-ACS-Version
Arc-Country
X-FPC
X-Request-Time
X-Check-Cacheable
X-Varnish-Hostname
X-LLID
Xserver
X-Zone
X-Bc
Cdn-Request-Time
VivaBuild
X-Edge-Server
X-SERVER-NAME
Viewtype
Cdn-Host
X-Cache-Remote
X-Cdn-Forward
X-COUNTRY
X-Cs
X-VCL-Version
X-RunCloud-Cache
X-Via-Ucdn
X-SRV
X-NGINX-Cache
X-Www-Served-By
X-CF-Powered-By
X-APP
X-Action
Edge-Copy-Time
X-Srv
X-LiteSpeed-Cache-Control
WebServer
X-Via-SSL
X-Via-Edge
Srv
X-UnsetCookies
XServer
X-FORWARDED-FOR
X-Dynatrace-Js-Agent
X-Cluster-Node
X-RPS
X-RSL
ServedBy
GeoIp-Country-Code
X-RPM
X-HS-Status
WWW-Authenticate
Memory
X-ID
X-DW
On-Server
X-DSS
Geoip-Latitude
X-DB
X-DI
X-Svr
X-Instart-Request-ID
Cache-Hits
X-S-Maxage
SID
X-Presslabs-Stats
X-CSRF-TOKEN
NtCoent-Length
X-Vgn-Hpd-Ssi
X-Oss-Cdn-Auth
X-MP-GENERATED-AT
X-Via-Popv
X-Vcache
ProcessTime
Apigw-Requestid
T-Server
X-We-Are-Hiring
Processtime
X-Geo
X-Pass-Why
User-Agent
Ohc-File-Size
Sid
X-MSEdge-Flight
X-MSEdge-Features
W
Actual-Object-TTL
X-Hit
X-ORACLE-APMCS-REQUEST-ID
LB
Server-Info
X-Akamai-Request-ID2
N-Cache
GeoIP-Country-Code
GeoIP-Latitude
Pics-Label
X-Erf-Stays-Bingo-Pdp-Web
Server-Host
X-Varnish-Hits
Geo-Info
X-Unique-ID
X-HOST
X-Dynatrace
X-VC
X-Envoy-Upstream-Healthchecked-Cluster
X-Epic-Correlation-Id
CF-IPCountry
X-SB
S-Rt
X-Tb
Protected
Magicmarker
X-HITS
X-Info
WZWS-RAY
X-Cache-Hfrom
X-Cache-Hm
X-Uri
X-Vcl-Version
X-Pjax-Url
CDN
Accept-Language
X-Erf-Bev-Bev
Amp-Access-Control-Allow-Source-Origin
X-Erf-Bev-Bev-Is-Generated
Ohc-Cache-HIT
X-Webkit-CSP-Report-Only
X-Fastly-Country-Code
Cteonnt-Length
A
Esi-Enabled
X-Fpc
X-FC-Vary-Parameters
X-Acc-Rdl
Cdn
X-CACHE-KEY
X-Mobile-Rewrite
X-TT-LOGID
X-Nc
X-Newrelic-App-Data
X-Key
Lb
User-Cache-Control
X-Oracle-Dms-Rid
Tracecode
Section-Io-Origin-Status
X-Newrelic-Synthetics
Section-Io-Id
Odigeo-Trace-Id
X-Provided-By
DSUID
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Li-Proto
X-Via-NSCOPI
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-UA-Device-Type
Ssr
Cache-Name
Origin-Edge-Control
Origin-Cache-Control
Proxy-Firewall
Lfy
X-ServedByHost
X-Magnolia-Registration
X-Dispatch
X-Origin-Date
X-StackifyID
X-Instart-Info
X-Cache-Tag
X-GeoIP-City
CDCHOST
X-Men
X-Scheme
X-Cc-Via
D-Cc-Upstream
X-Thinkindot-L3
X-User
X-Gen-Mode
FNAC-ModuleRouting
X-SVT-ORM-RULES
X-B3-SpanId
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Gdpr
X-Cc-Req-Id
Release
X-API-Version
X-BBC-Edge-Cache-Status
Web-Mar-Node
Vix-Hermes-Req-Id
V-Age
X-BBXSRF
X-Block-Status
X-Contensis-Viewer-Groups
X-Cache-Info
X-Cache-Expires
X-Cache-ASPX
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Hnp-Log
Path
Locid
IsBot
X-SVT-ORM-VERSION
Server-Ext
Thinkindot-CacheControl
SR-User-Adfree
Sever-Int
Server-Hostname
Instruction
X-Matched-Rule
X-Origin-Time
X-Origin-TTL
X-VServer
X-Varnish-Url
X-Akamai-Pragma-Client-IP
Powered-By
X-Origin-CC
Cache-Key
X-Request-URI
X-Response-By
X-Sigma-Backend
X-SIPLIST1
X-SRCache-Key
X-Sigma
X-Server-IP
X-Rocket-Build-Number
X-SD-PageType
X-Nyt-Route
X-Origin-Expires
X-Nginx-Cache-Key
X-Served-From
X-Geo-Region
X-Node-Id
X-TH-Server
Server-Ttl
X-Developer
X-Varnish-Authentication
X-Loc
True-Client-Country-4JS
X-RAMCache
X-Parent-Response-Time
X-Traceid
X-Lb-Id
X-Cdn-Origin
X-Generated-In
Server-ID
X-Azure-Ref-OriginShield
X-Sn-Servicetimems
Cache-Provider
X-Via-PopH
X-Fetched-On
X-Var-Ttl
Kp-EeAlive
Cache-Host
X-Swa-Ws
X-Cache-Spec
X-NodeID
X-Device-Os
X-Trace-Id
X-Via-PopV
X-Via-PopN
MIME-Version
HitType
Pramga
X-No-Cache
CountryCode
X-RateLimit-Limit-Second
X-ElasticPress-Query
X-RateLimit-Remaining-Second
X-ServiceProvider
X-Tt-Logid
X-LiteSpeed-Tag
X-Batcache
X-WA
X-TrackingId
BehaviorPad-Version
X-Agile-Brick-Ok
X-VC-Cache
X-Generated
Fastcgi-Cache-TTL
Tcn
X-MiniProfiler-Ids
Cf-Device-Type
Xet-Cookie
X-Pf-Uncompressing
Cf-Alt-Svc
Req-Svc-Chain
X-Yottaa-OS
X-Varnish-Beresp-TTL
Source
X-Request-URL
Who
X-HostName
X-PJAX-URL
X-RateLimit-Limit
Dnion-Transfer-Encoding
X-Selected-Scheme
X-Selected-Name
X-Selected-Host-Header
X-App
X-BBC-Origin-Response-Status
X-B3-Parentspanid
X-TraceId
Server-Id
X-Apw-Access-Object
X-Planisys-CDN-Cache
X-Dw-Trace-Id
Mime-Version
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
Vha6-Origin
X-Proxy-Cachei7
X-C
Inserted-Into-Cache-At
X-Apw-Access-Token
X-Apw-Hits
X-Snapshot-Date
X-Apw-Access-Action
X-Vgn-Hpd-Reason
Pragrma
PICS-Label
Resin-Trace