Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
CF-RAY
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-Served-By
X-Xss-Protection
CF-Ray
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
X-FRAME-OPTIONS
Timing-Allow-Origin
X-DNS-Prefetch-Control
P3p
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
X-CDN
Upgrade
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
X-Template
X-Language
Feature-Policy
X-Age
X-Dns-Prefetch-Control
X-Backend
X-Hacker
X-Amz-Request-Id
X-Server
X-Robots-Tag
X-Cache-Group
X-Amz-Id-2
X-AH-Environment
X-UA-Device
EagleId
X-Proxy-Cache
Request-Context
X-Turbo-Charged-By
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Host-Header
Grace
Report-To
X-Buckets
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
Cf-Railgun
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
X-Vhost
X-WebKit-CSP
X-Host
X-Backend-Server
X-Dispatcher
NEL
X-Device
X-Node
Surrogate-Control
X-Server-Id
Cf-Bgj
X-Ruxit-JS-Agent
Content-Location
X-Response-Time
X-Cache-Lookup
Request-Id
Accept-CH-Lifetime
X-Origin-Cache
X-Akam-SW-Version
X-Ac
Accept-CH
EagleEye-TraceId
X-ASPNET-VERSION
X-Country
X-HW
Rating
X-Readtime
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-Application-Context
X-ORACLE-DMS-ECID
Allow
X-ORACLE-DMS-RID
Pinterest-Generated-By
Edge-Control
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country-Code
X-TtlSet
X-Vname
X-PC
X-DataDome
X-Varnish-TTL
X-Url
X-Cnection
X-MS-InvokeApp
X-Origin-Upstream-Status
X-GitHub-Request-Id
X-Content-Type
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Fusion-Deployment-Id
X-D2id
X-Clacks-Overhead
X-Trace
X-Middleton-Response
X-Pinterest-Rid
Response
Pagespeed
X-Middleton-Display
Pinterest-Version
X-Sol
Display
X-Abt-Application-Version
X-Server-Name
X-Vcap-Request-Id
X-Px
X-Navigation-Version
X-ESI
X-Rack-Cache
X-B3-TraceId
Verso
X-FTR-Request-ID
MS-Author-Via
Service-Worker-Allowed
X-Webkit-CSP
X-Cached
X-Fastly-Request-ID
X-Element-Page-Cache
X-DynaTrace
X-Client-IP
Arr-Disable-Session-Affinity
X-Cache-TTL
X-CST
X-FastCGI-Cache
X-Dw-Request-Base-Id
X-Powered-By-Plesk
X-Upstream
Content-MD5
X-SharePointHealthScore
SPRequestGuid
Fastly-Restarts
AR-Request-ID
AR-CACHE
AR-ATIME
AR-PoweredBy
Ar-Sid
X-Version
X-Forwarded-Proto
X-NF-Request-ID
X-VARITI-CCR
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
X-Goog-Hash
X-Kinja-Server
X-Use-Magma
X-Debug
X-Exp-Id
X-Kinja-Revision
X-Exp-Variant
X-Cdn-Fetch
X-TTL
X-T
X-Jurisdiction
X-MSEdge-Ref
X-Ttl
X-Powered-CMS
Access-Control-Request-Method
X-Release
X-Content-Digest
SPIisLatency
SPRequestDuration
TP-Cache
TP-L2-Cache
X-Edge
S
X-XRDS-Location
X-Pinterest-Direct
X-Amz-Rid
Accept-Ch
TCN
RTSS
Cache-Tag
X-Ezoic-Cdn
Public-Key-Pins
X-NWS-LOG-UUID
X-Node-Name
X-Yandex-Sdch-Disable
X-PressLabs-Stats
Fastcgi-Cache
X-Request-Received
X-Request-Processing-Time
X-MCACHE
X-Cache-Key
X-Mid
Server-Node
Front-End-Https
X-Accel-Expires
X-Amzn-Trace-Id
X-Server-ID
X-Ser
X-Recruiting
X-Kinsta-Cache
X-Logged-In
X-Microsite
X-Request-Handler-Origin-Region
ServerID
X-Cache-Hit
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
Accept-Charset
X-Origin-Server
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Page-Id
X-Mg-S
X-Ratelimit-Remaining
Host
X-Amz-Server-Side-Encryption
X-Grace
X-Varnish-Age
X-B
X-Content-Security-Policy-Report-Only
X-DIS-Request-ID
X-ECACHE
X-Shield-Request-Id
Nginx-Cache
Alternate-Protocol
X-HP-Webp
X-Mobile-URL
X-Hostname
Edge-Cache-Tag
X-Ratelimit-Limit
X-Forwarded-For
Realpath
X-Hits
X-F-Cache
X-Content-Options
Filterid
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-DC
X-LB-Cache
MicrosoftSharePointTeamServices
X-Git-Hash
X-FTR-Backend-Server
X-FireWall-Port
X-FTR-Realm
X-FTR-Backend
X-Country-Code-Real
X-Seen-By
X-FTR-Expires
X-Activity-Id
X-AppVersion
X-Load-Cache
X-Az
X-Jobs
X-Request-Guid
X-N
X-App-Environment
Paypal-Debug-Id
X-Type
X-Varnish-Backend
X-Rid
Cache-Tags
Fastcgi-Useragent
Cleartype
X-Cached-By
Accept-Ch-Lifetime
X-Varnish-Grace
X-Upgrade-Enabled
DynaTrace
X-Kong-Proxy-Latency
X-Zen-Fury
X-WebKit-CSP-Report-Only
X-Kong-Upstream-Latency
X-Daa-Tunnel
Access-Control-Allow-Method
X-Proxy
X-Litespeed-Cache
X-Cache-Age
Powered-By-ChinaCache
X-FB-Debug
X-Amz-Meta-S3cmd-Attrs
X-Akamai-Edgescape
X-Id
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-App-Server
X-Respond-Thread
X-TEC-API-ROOT
X-Goog-Generation
X-Goog-Stored-Content-Length
DC
X-Geo-Country
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Correlation-ID
X-Cache-Rule
X-Cache-Operation
X-Host-Name
X-B3-Sampled
AMP-Access-Control-Allow-Source-Origin
X-User-Agent
X-IPLB-Instance
X-Content-Powered-By
X-Signature
X-B-Cache
X-Debug-Info
X-AOL-HN
Healthy
MS-CV
X-Whom
X-Accel-Buffering
X-Response-Served-From
X-Original-Request-Id
X-XRDS-LOCATION
X-Region
Content-Disposition
X-Wix-Request-Id
X-Frontend
Payment
X-Mobile
X-HTML-Minification-Powered-By
X-FW-Server
X-FW-Type
X-Rule
X-UUID
X-Instance
X-FW-Static
X-FW-Dynamic
X-FW-Serve
X-Distributor
X-FW-Hash
X-Cacheable-TTL
X-Is-Bot
X-Cache-Time
X-Rendered-As
X-Tumblr-User
X-VCache
X-Tumblr-Pixel-2
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-Pixel-1
Akamai-Age-Ms
Refresh
X-Ua
Datacenter
X-Tec-Api-Version
Surrogate-Key
X-Tec-Api-Origin
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Endurance-Cache-Level
X-Tec-Api-Root
Filters
Charset
NGB
X-Protected-By
Liferay-Portal
Viewport
X-Acc-Debug-Context
X-Via-JSL
S-Cnection
Countrycode
Nel
PB-PID
Arc-Version
PB-RID
X-Backend-Name
X-Hyper-Cache
X-Ah-Environment
X-Oneagent-Js-Injection
X-Varnish-Server
X-Cache-Expired-At
X-App-Version
X-Cache-Server
X-Amz-Replication-Status
Section-Io-Cache
X-NewRelic-App-Data
GEO-INFO
X-Cache-Action
Retry-After
X-Sucuri-ID
X-PHP-Backend
X-Source
Version
Referer-Policy
X-Azure-Ref
X-EdgeConnect-Cache-Status
X-Cache-Control
X-WA-Info
X-Proxy-Cache-Status
X-Unique-Id
Eomportal-Instance
X-Real-IP
X-L-Path
X-Environment-Context
X-Framework
X-RemovedCookies
X-ProcessESI
X-Air-Hostname
Frame-Options
Meta-Geo
X-Revision
Server-Name
X-Yottaa-Optimizations
X-RTag
X-RN-RSRV
X-Cache-Var
X-Cache-Var-Map
X-ES-SERVER
X-Yottaa-Metrics
Ms-Operation-Id
X-Mode
X-Correlation-Id
X-GeoIP
X-From
X-DynaTrace-JS-Agent
X-Time-Microsecs
Cache
X-R9-Blue-Green-Version
X-Qloud-Router
X-Cache-Host
X-Cache-TTL-Remaining
X-ProxyCache-Status
X-PHP-Host
X-Status
X-Drupal-Cache-Contexts
X-Server-W
X-ProxyCache-Key
Cache-Tv-Group
X-Cluster
X-FW-Version
Mn-Server-Ip
Uber-Trace-Id
X-TNCMS
X-BYPASS-REASON
X-Xfnlog-Site
X-Loop
X-Labrador-Cache-Channel
Ec-Rule-Version
X-Hosted-By
Powered
X-Human
X-Sucuri-Cache
X-PCL
TWC-Privacy
TWC-Locale-Group
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
X-Timing-Wait
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Property-Id
DB-Nickname
TWC-Connection-Speed
X-Zipkin-Id
TWC-Device-Class
X-VWS-Id
X-Amzn-Remapped-Content-Length
X-Handled-By
X-Hl-Ver
X-LJ-Flow-ID
X-Origin-Hint
X-Detected-As
Selected-Fe
X-AWS-Id
X-Locale
X-OCL
X-Site-Version
X-NYM-Debug-Backend
X-Routing-Service
X-Redis-Cache
X-Proxied
X-Proxy-Build
Cross-Origin-Window-Policy
X-FB-TRIP-ID
X-Fastcgi-Cache
X-Proto
X-Format
X-Be
X-Access
X-Section
X-ServerID
X-CSRF-Token
FSS-Cache
X-BCube-Filmed-By
X-Via-Fastly
X-Cache-PHP
X-Ratelimit-Reset
X-Debug-Cache
X-ATG-Version
X-Generated-By
X-Drupal-Cache-Tags
X-CDN-Forward
X-No-Session
X-Time
X-Device-Type
X-Contextid
From-Origin
X-SaId
X-JoinUs
Webserver
X-Esi
X-Varnish-Cache-Hits
X-Hp-Webp
X-FTR-Cache-Host
X-NC
X-URL
X-Adobe-Loc
X-Adobe-Content
X-AIR-PT
CF-Cached-On
X-NCache
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
OT-Force-Account-Verify
X-Origin
X-TIME
X-NWS-UUID-VERIFY
CACHE
Azure-InstanceId
Azure-Version
Azure-RegionName
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Azure-SiteName
X-GoCache-CacheStatus
Azure-SlotName
X-TT
X-Akamai-Transformed
X-APP-VERSION
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-TA-CDN-Provider
X-IPS-LoggedIn
Upgrade-Insecure-Requests
X-IP
X-Aspnet-Duration-Ms
X-Route-Name
X-Providence-Cookie
X-Cache-Enabled
SD-X-WS
Access-Control-Request-Headers
X-Is-Crawler
X-Adobe-Source
X-Flags
X-Bc-Bl
X-EIG-Tracking-Id
X-Cache-2
X-ECache
X-Backend-Host
X-Ruxit-Js-Agent
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Pinterest-Sli-Endpoint-Name
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShardId
X-EC-Lua
X-ShopId
X-Pinterest-Sli-Response-Type
X-Pinterest-Sli-Latency-Threshold
X-Alternate-Cache-Key
X-Soup
X-Tumblr-Pixel-3
X-ApacheServer
X-Backend-TTL
X-Cache-Grace
X-Forwarded-Host
X-PERF
X-CCM
X-Pubstack
Decoy-Debug-Key
X-Cdn
Decoy-Debug-Status
X-Cluster-Name
Cache-Status
Node
X-Varnishpool
Fastly-SSL
X-Cache-Backend
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
X-LAGOON
Decoy-Debug-TTL
X-Viewer-Country
X-Web-Node
X-G
X-Storage
Host-ID
X-Rewrite-Enabled
X-Request-UUID
X-Rojux
X-S
X-S-Cookie
X-RCS-CacheZone
X-Processor
X-Destination
X-External-Request-Id
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-ScT
X-Transaction
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Worker
Xc-Version
X-VG-WebServer
X-VG-WebCache
X-Trv-Group
X-Twitter-Response-Tags
X-Vdms-Path
X-Vdms-Version
X-D
X-Connection-Hash
MD5-Digest
Machine
Meta-Geo-Continent
Mobile-Detection-Method
Rendered-Blocks
Fastcgi-X-Cache-Version
DCR-Processing-Time-Ms
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
DCR-Decision-By
X-A
X-A-Ccd
X-ARC
X-B-Cookie
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Application
X-Aed
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A-Wwc
Apple-News-Services-Handled
X-Cache-NE
X-Cache-Config
X-UPSTREAM-Address
X-Servername
X-Fastly-Cache
Fastly-SWR
Adler-Geo
X-Vgn-Hpd-Variations-Key
X-Cache-Bucket
Country
X-Variation
X-Rebelmouse-Surrogate-Control
Fastly-SIE
X-Varnish-Beresp-Ttl
X-Generation-Time
X-Ms-Version
X-Ms-Request-Id
X-Micro-Cache
X-Platform-Server
X-TX-ID
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Rebelmouse-Cache-Control
X-VG-TLSProxy
X-Vgn-Hpd-Cached
CDN-Cache
Is-Eu
CDN-CachedAt
CDN-PullZone
CDN-EdgeStorageId
X-Envoy-Decorator-Operation
Platform
CloudFront-Viewer-Country
CDN-RequestId
CDN-Uid
CDN-RequestCountryCode
X-UA
Backend
X-Hash
X-Gzip
X-Irp-Debug
X-Clara-WADP
X-Li-Pop
X-Varnish-Ttl
X-Li-Fabric
Origin
X-Core-Mission
X-HS-Content-Campaign-Id
X-Core-Value
X-LI-UUID
X-Dispatcher-Server
X-DPWN-IS-SECURE
X-Esi-Check
C-Via
X-Date
Fastly-Drupal-HTML
X-Fmm-Version
X-Fastly-Backend
Akamai-GRN
Country-Code
X-OVcl
X-Bip
L
Gh-Request-Id
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Varnish-Cacheable
X-WADP-Cache
X-Webstats-RespID
X-Backend-State
X-Auto-Login
Surrogated-Key
Rt-Fastcgi-Cache
NM-Fastcgi-Cache
Wxu-Next-Commit
Wxu-Next-Hostname
X-Accel-Expires-Debug
X-CUA
Wxu-Next-Region
X-Method
X-Thanos
X-Platform
X-SN
X-Minions-Version
X-Owner
X-OVcl-Cache
X-Clientip
X-Cache-NGX
X-Policy
X-Render-Time
X-Slack-Backend
X-Microcachable
X-Skip-Cache
X-Request-Start
X-Cache-Id
X-Request-Host
X-Old-Content-Length
X-NGENIX-Cache
X-Cache-Date
PFcat
X-CGP
X-Cache-Tags
X-Level-Front-Cache
X-DefHash
X-Developers
X-DefElseHash
X-Cms-Context
X-Amz-Meta-Cb-Modifiedtime
X-Has-Esi
X-Is-Gdpr
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-JWT-State
Fastly-Backend-Name
CacheControlHeader
X-Gamma-Serve
X-Generated-On
X-Eu-Site
X-Csrf-Jwt
X-Content-Age
X-HN
X-Mvc-Supplant-Cachable
AKAMAI
X-VarnishDD-TTL
X-Up
X-Req
Time
X-Reqid
Ha-Gx-Prefs
L5d-Success-Class
HA-Ipaddr
X-Cache-URL
X-Cdn-Srv
We-Hiring
Mail-Subject
Group
Pagetype
X-CS
X-Aicache-OS
X-Edge-Location
X-Branch-Name
X-Wa
X-Page-View
X-Location
X-Cache-Debug
X-Session-Fingerprint
X-Geo-Header
Now
Ufe-Result
UCS
Memcached
FSS-Proxy
X-RateLimit-Remaining
X-Proxy-Upstream
X-Refresh
X-B3-Spanid
X-NODE
X-PF-Uncompressing
X-LB-ID
SRV
X-DC
X-GEO
X-CACHE-GROUP
X-CACHE-AGE
X-B3-Traceid
X-Agile-Age
X-Agile
X-Via-Poph
X-Via-Popn
X-Agile-Id
X-Dc
X-BC
X-Via-CDN
X-Mvc-Supplant-OutputCached
X-Debug-Cache-Fetch
X-Debug-Cache-Store
NGX
X-ZONE
X-Ftr-Cache-Host
HostName
Hostname
X-Datadome
X-Ua-Device
M-TraceId
X-Servedbyhost
X-LI-Proto
X-Sql-Duration-Ms
X-Sql-Count
X-Nginx-Cache
X-LLID
X-SERVER
X-Varnish-Hostname
X-Request-Time
X-FPC
X-NU-AKA-ACS-Version
X-Check-Cacheable
Arc-Country
Xserver
Cdn-Request-Time
Cdn-Host
X-Bc
Viewtype
X-SERVER-NAME
VivaBuild
X-Zone
X-Edge-Server
X-Cs
X-COUNTRY
X-Cache-Remote
X-Cdn-Forward
X-NGINX-Cache
X-LiteSpeed-Cache-Control
X-Via-Ucdn
X-Srv
X-RunCloud-Cache
X-Via-SSL
WebServer
X-SRV
X-VCL-Version
X-Action
X-APP
X-CF-Powered-By
X-Via-Edge
Edge-Copy-Time
X-Www-Served-By
X-UnsetCookies
XServer
X-FORWARDED-FOR
Srv
X-S-Maxage
X-RPM
X-HS-Status
ServedBy
X-DI
Cache-Hits
X-RPS
X-RSL
X-DB
WWW-Authenticate
GeoIp-Country-Code
X-ID
X-Svr
Memory
X-DW
X-Dynatrace-Js-Agent
Geoip-Latitude
X-DSS
On-Server
X-Cluster-Node
X-Instart-Request-ID
SID
X-CSRF-TOKEN
X-MP-GENERATED-AT
X-Presslabs-Stats
X-Vgn-Hpd-Ssi
X-Oss-Cdn-Auth
NtCoent-Length
X-Via-Popv
X-Vcache
Processtime
ProcessTime
Apigw-Requestid
X-We-Are-Hiring
T-Server
X-Pass-Why
User-Agent
X-Geo
Ohc-File-Size
X-MSEdge-Flight
Sid
W
X-MSEdge-Features
LB
Server-Info
X-Hit
Actual-Object-TTL
X-ORACLE-APMCS-REQUEST-ID
Pics-Label
X-Akamai-Request-ID2
Server-Host
N-Cache
X-Erf-Stays-Bingo-Pdp-Web
GeoIP-Country-Code
GeoIP-Latitude
Geo-Info
X-Unique-ID
X-Varnish-Hits
Protected
X-HOST
Magicmarker
X-VC
X-SB
CF-IPCountry
X-Dynatrace
X-Envoy-Upstream-Healthchecked-Cluster
X-Epic-Correlation-Id
X-Tb
S-Rt
X-HITS
X-Info
X-Uri
X-Cache-Hm
X-Erf-Bev-Bev
WZWS-RAY
X-Cache-Hfrom
CDN
Accept-Language
X-Pjax-Url
Amp-Access-Control-Allow-Source-Origin
X-Vcl-Version
X-Erf-Bev-Bev-Is-Generated
Ohc-Cache-HIT
X-Webkit-CSP-Report-Only
Cteonnt-Length
X-FC-Vary-Parameters
X-Fpc
Cdn
Esi-Enabled
A
X-Fastly-Country-Code
X-Acc-Rdl
X-CACHE-KEY
X-Mobile-Rewrite
Lb
X-Newrelic-App-Data
User-Cache-Control
X-Nc
Tracecode
X-TT-LOGID
X-Key
X-Oracle-Dms-Rid
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Id
Odigeo-Trace-Id
X-Newrelic-Synthetics
Section-Io-Origin-Status
DSUID
X-Provided-By
X-Via-NSCOPI
X-Amzn-Remapped-Connection
X-Li-Proto
Ssr
X-UA-Device-Type
X-Amzn-Remapped-Date
Cache-Name
Origin-Edge-Control
Origin-Cache-Control
Lfy
X-Dispatch
Proxy-Firewall
X-Instart-Info
X-Origin-Date
X-StackifyID
X-ServedByHost
X-Magnolia-Registration
X-Cache-Tag
IsBot
Locid
Release
Path
Instruction
X-Cc-Via
X-Sigma-Backend
X-Sigma
X-SIPLIST1
X-SRCache-Key
Powered-By
X-Node-Id
D-Cc-Upstream
X-Scheme
CDCHOST
X-Men
X-Cc-Req-Id
X-Nginx-Cache-Key
FNAC-ModuleRouting
SR-User-Adfree
X-Contensis-Viewer-Groups
X-Developer
X-Cache-Info
X-Cache-Expires
X-Cache-ASPX
X-Gdpr
X-Gen-Mode
X-Loc
X-Hnp-Log
X-Goog-Meta-Goog-Reserved-File-Mtime
X-GeoIP-City
X-Block-Status
X-BBXSRF
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Sever-Int
Server-Hostname
Server-Ext
Thinkindot-Control
V-Age
X-BBC-Edge-Cache-Status
X-API-Version
Web-Mar-Node
Vix-Hermes-Req-Id
X-Server-IP
X-Rocket-Build-Number
X-Origin-Expires
X-Matched-Rule
X-SD-PageType
X-SVT-ORM-VERSION
Server-Ttl
X-Served-From
X-Origin-CC
X-Akamai-Pragma-Client-IP
X-Origin-Time
X-Varnish-Url
X-VServer
X-Request-URI
X-Geo-Region
X-Varnish-Authentication
X-Thinkindot-L3
X-Origin-TTL
X-User
Cache-Key
X-B3-SpanId
X-SVT-ORM-RULES
X-Nyt-Route
X-TH-Server
X-Response-By
X-Azure-Ref-OriginShield
X-Lb-Id
X-Via-PopH
X-Via-PopN
Cache-Provider
X-Via-PopV
X-Sn-Servicetimems
X-Cdn-Origin
X-Parent-Response-Time
X-Var-Ttl
X-Fetched-On
X-Device-Os
X-Traceid
X-Trace-Id
X-Generated-In
True-Client-Country-4JS
MIME-Version
X-RAMCache
Kp-EeAlive
X-Cache-Spec
HitType
Cache-Host
X-NodeID
Pramga
X-Swa-Ws
Server-ID
X-No-Cache
CountryCode
X-Tt-Logid
X-VC-Cache
X-Batcache
X-ServiceProvider
X-WA
X-RateLimit-Limit-Second
X-TrackingId
X-ElasticPress-Query
Fastcgi-Cache-TTL
X-RateLimit-Remaining-Second
X-Generated
X-LiteSpeed-Tag
BehaviorPad-Version
X-Agile-Brick-Ok
Tcn
X-PJAX-URL
X-Pf-Uncompressing
Cf-Alt-Svc
Xet-Cookie
Req-Svc-Chain
X-RateLimit-Limit
X-HostName
X-MiniProfiler-Ids
X-Yottaa-OS
X-Varnish-Beresp-TTL
X-Request-URL
Who
Cf-Device-Type
Dnion-Transfer-Encoding
Source
X-Selected-Host-Header
X-App
X-Selected-Scheme
X-Selected-Name
X-Planisys-CDN-TTL
X-Proxy-Cachei7
X-Planisys-CDN-Rules
X-BBC-Origin-Response-Status
X-TraceId
Server-Id
X-B3-Parentspanid
Vha6-Origin
X-Planisys-CDN-Cache
X-Dw-Trace-Id
X-Apw-Access-Object
X-Apw-Access-Action
X-Apw-Access-Token
X-Apw-Hits
X-Snapshot-Date
X-Vgn-Hpd-Reason
PICS-Label
Mime-Version
X-C
Inserted-Into-Cache-At
Pragrma
Resin-Trace