Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
Age
CF-RAY
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-Served-By
CF-Ray
X-Xss-Protection
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
P3p
X-Cacheable
X-Request-ID
X-Kinja-Server-Push
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
Upgrade
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Template
X-Language
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Backend
X-Dns-Prefetch-Control
X-Hacker
X-Cache-Group
X-AH-Environment
X-Robots-Tag
X-Server
X-Amz-Request-Id
X-UA-Device
X-Amz-Id-2
EagleId
X-Proxy-Cache
X-Buckets
X-Turbo-Charged-By
Request-Context
X-Server-Powered-By
Server-Timing
Host-Header
X-Nginx-Cache-Status
Grace
Report-To
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Cf-Bgj
Cf-Railgun
Ali-Swift-Global-Savetime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Vhost
X-Amz-Version-Id
X-Host
X-WebKit-CSP
NEL
X-Dispatcher
X-Device
X-Backend-Server
X-Node
Surrogate-Control
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Response-Time
Content-Location
X-Origin-Cache
Request-Id
X-Server-Id
X-Akam-SW-Version
X-ASPNET-VERSION
X-Ac
Accept-CH-Lifetime
X-Country
EagleEye-TraceId
Accept-CH
X-HW
X-Mod-Pagespeed
Rating
X-Readtime
X-ORACLE-DMS-ECID
X-Cloud-Trace-Context
X-Application-Context
Pinterest-Generated-By
X-ORACLE-DMS-RID
Edge-Control
X-Country-Code
X-DataDome
X-Url
X-PC
X-TtlSet
X-Vname
X-EdgeConnect-Origin-MEX-Latency
X-Varnish-TTL
X-EdgeConnect-MidMile-RTT
X-Origin-Upstream-Status
X-Cnection
Allow
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Source
X-MS-InvokeApp
X-D2id
X-GitHub-Request-Id
X-Content-Type
X-ESI
X-Clacks-Overhead
X-Server-Name
X-Abt-Application-Version
Pinterest-Version
X-Trace
X-Pinterest-Rid
X-Navigation-Version
X-FTR-Request-ID
X-Middleton-Response
Response
X-Middleton-Display
X-Sol
Pagespeed
Display
X-Vcap-Request-Id
X-B3-TraceId
Verso
X-Px
X-Cached
X-Rack-Cache
X-Webkit-CSP
X-Element-Page-Cache
X-Fastly-Request-ID
Service-Worker-Allowed
X-DynaTrace
MS-Author-Via
X-Client-IP
X-Cache-TTL
Arr-Disable-Session-Affinity
X-Powered-By-Plesk
X-Dw-Request-Base-Id
X-Upstream
X-Version
Content-MD5
AR-ATIME
AR-Request-ID
AR-CACHE
AR-PoweredBy
X-TTL
X-Forwarded-Proto
Ar-Sid
X-NF-Request-ID
X-SharePointHealthScore
SPRequestGuid
Accept-Ch
X-T
Fastly-Restarts
X-Debug
X-VARITI-CCR
X-Server-ID
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja-Revision
X-Use-Magma
X-Kinja-Build
X-Kinja-Server
X-Kinja
X-Jurisdiction
X-Goog-Hash
Access-Control-Request-Method
X-Powered-CMS
TP-Cache
TP-L2-Cache
X-FastCGI-Cache
X-MSEdge-Ref
X-Content-Digest
X-Release
X-Ttl
X-XRDS-Location
X-Edge
X-NWS-LOG-UUID
SPRequestDuration
SPIisLatency
TCN
S
X-CST
RTSS
X-Amz-Rid
X-Pinterest-Direct
Cache-Tag
X-PressLabs-Stats
X-Request-Processing-Time
X-Request-Received
Fastcgi-Cache
Public-Key-Pins
X-Ezoic-Cdn
X-Yandex-Sdch-Disable
X-Node-Name
Server-Node
X-MCACHE
X-Mid
X-Cache-Key
X-Accel-Expires
Accept-Ch-Lifetime
X-Amzn-Trace-Id
Front-End-Https
X-Logged-In
X-Cache-Hit
ServerID
X-Ser
X-Microsite
X-Request-Handler-Origin-Region
X-Ratelimit-Remaining
X-Recruiting
X-Origin-Server
X-Kinsta-Cache
X-Page-Id
Alternate-Protocol
Accept-Charset
Host
X-B
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ratelimit-Limit
X-Hostname
X-Mobile-URL
X-Varnish-Age
X-ECACHE
X-FireWall-Port
X-Content-Security-Policy-Report-Only
Nginx-Cache
X-FTR-Balancer
X-FTR-Cache-Status
Filterid
X-FTR-Realm
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Backend
X-Forwarded-For
X-Country-Code-Real
X-DIS-Request-ID
X-FTR-Expires
X-Shield-Request-Id
X-Mg-S
X-Load-Cache
X-Content-Options
X-Seen-By
Realpath
X-Grace
X-Daa-Tunnel
Edge-Cache-Tag
X-Jobs
X-Id
Akamai-Age-Ms
X-Amz-Server-Side-Encryption
X-LB-Cache
X-F-Cache
X-Git-Hash
X-N
X-AppVersion
X-App-Environment
X-Varnish-Backend
X-Az
X-Activity-Id
X-Type
Paypal-Debug-Id
X-Hits
X-Request-Guid
X-Varnish-Grace
X-Rid
Fastcgi-Useragent
X-HP-Webp
MicrosoftSharePointTeamServices
X-Zen-Fury
X-Proxy
DynaTrace
X-FB-Debug
Access-Control-Allow-Method
X-Correlation-ID
Cache-Tags
X-Upgrade-Enabled
Cleartype
X-App-Server
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-WebKit-CSP-Report-Only
DC
X-Geo-Country
X-Akamai-Edgescape
X-Cached-By
Content-Disposition
X-Content-Powered-By
X-Cache-Rule
X-Cache-Operation
AMP-Access-Control-Allow-Source-Origin
X-XRDS-LOCATION
X-TEC-API-ROOT
X-Host-Name
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Amz-Meta-S3cmd-Attrs
X-Wix-Request-Id
X-IPLB-Instance
X-User-Agent
Powered-By-ChinaCache
X-Accel-Buffering
X-Response-Served-From
X-Original-Request-Id
X-B3-Sampled
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-Cache-Age
X-HTML-Minification-Powered-By
Healthy
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-AOL-HN
X-Goog-Metageneration
X-Goog-Generation
X-Ua
X-VCache
X-Goog-Storage-Class
X-HS-Combine-CSS
X-Signature
X-Endurance-Cache-Level
X-B-Cache
X-Whom
X-Rendered-As
MS-CV
X-Cacheable-TTL
X-Region
X-Respond-Thread
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-Is-Bot
X-Cache-Time
X-Distributor
X-FW-Dynamic
X-FW-Static
X-FW-Type
Refresh
X-UUID
X-FW-Server
Payment
NGB
X-FW-Serve
X-FW-Hash
X-Rule
X-Debug-Info
Datacenter
X-Instance
X-Frontend
X-Amz-Apigw-Id
X-Mobile
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Amzn-RequestId
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel-2
Countrycode
Arc-Version
PB-RID
PB-PID
X-Fastcgi-Cache
Surrogate-Key
X-Varnish-Server
X-Oneagent-Js-Injection
S-Cnection
X-Backend-Name
X-Acc-Debug-Context
X-App-Version
X-PHP-Backend
X-Protected-By
X-Via-JSL
Viewport
X-Cache-Server
X-Azure-Ref
X-NewRelic-App-Data
X-Hyper-Cache
Liferay-Portal
Cache
X-Litespeed-Cache
Powered
X-Cache-Expired-At
Filters
X-Hp-Webp
X-WA-Info
X-Proxy-Cache-Status
Charset
Referer-Policy
Retry-After
X-Cache-Control
X-Sucuri-ID
X-Source
X-DynaTrace-JS-Agent
X-Amz-Replication-Status
X-EdgeConnect-Cache-Status
X-FTR-Cache-Host
X-FB-TRIP-ID
X-RemovedCookies
X-Cache-Action
Section-Io-Cache
X-CSRF-Token
X-ProcessESI
X-GeoIP
X-Real-IP
Meta-Geo
X-ES-SERVER
X-Cache-Var-Map
X-Cache-Var
X-RN-RSRV
X-Mode
X-Debug-Cache
FSS-Cache
X-Time
X-Qloud-Router
Eomportal-Instance
X-Locale
X-Site-Version
X-Device-Type
X-Framework
X-Cache-Host
X-BYPASS-REASON
X-Server-W
X-Yottaa-Metrics
X-ProxyCache-Status
X-L-Path
X-Human
X-ProxyCache-Key
X-LJ-Flow-ID
X-R9-Blue-Green-Version
Mn-Server-Ip
X-AWS-Id
X-Environment-Context
X-VWS-Id
X-Via-Fastly
X-Time-Microsecs
Version
X-Yottaa-Optimizations
TWC-Locale-Group
X-FW-Version
X-Handled-By
X-Hl-Ver
Selected-Fe
Webcakes-App-Name
Webcakes-App-Version
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Privacy
Webcakes-Region
X-Cluster
X-Proxy-Build
X-Xfnlog-Site
X-TNCMS
X-Timing-Wait
Cross-Origin-Window-Policy
X-Zipkin-Id
Cache-Tv-Group
GEO-INFO
X-Revision
X-RTag
Property-Id
X-Routing-Service
X-PCL
X-Origin-Hint
X-OCL
Ms-Operation-Id
X-Loop
Uber-Trace-Id
X-Ratelimit-Reset
X-Proxied
Ec-Rule-Version
Frame-Options
X-Air-Hostname
X-JoinUs
X-Cache-TTL-Remaining
DB-Nickname
X-Status
X-Generated-By
X-Hosted-By
X-Redis-Cache
X-PHP-Host
X-Labrador-Cache-Channel
X-ServerID
X-SaId
X-Detected-As
X-Be
X-BCube-Filmed-By
X-Amzn-Remapped-Content-Length
X-From
Webserver
X-Proto
X-NYM-Debug-Backend
X-Access
X-Section
X-Format
X-No-Session
X-Unique-Id
Nel
X-Cache-PHP
X-ATG-Version
From-Origin
X-Varnish-Cache-Hits
X-Sucuri-Cache
X-NWS-UUID-VERIFY
Server-Name
X-Drupal-Cache-Contexts
X-TA-CDN-Provider
X-Drupal-Cache-Tags
X-Contextid
X-Origin
X-NCache
X-Correlation-Id
X-EIG-Tracking-Id
CF-Cached-On
OT-Force-Account-Verify
X-CDN-Forward
X-AIR-PT
X-EC-Lua
X-IPS-LoggedIn
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Bc-Bl
X-GoCache-CacheStatus
X-Cache-Enabled
X-TIME
X-IP
X-Akamai-Transformed
X-APP-VERSION
X-Adobe-Content
X-Oss-Hash-Crc64ecma
X-Adobe-Loc
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Object-Type
X-Vgn-Hpd-Cached
X-Backend-Host
X-ECache
X-Vgn-Hpd-Variations-Key
X-NC
Azure-Version
X-Ruxit-Js-Agent
Azure-InstanceId
X-Cache-Backend
X-TT
Azure-SlotName
Azure-RegionName
Azure-SiteName
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-URL
X-Cdn
X-Tumblr-Pixel-3
X-Cache-2
Access-Control-Request-Headers
SD-X-WS
X-CCM
X-CACHE-AGE
Node
Time
Machine
MD5-Digest
Meta-Geo-Continent
X-Date
X-Destination
X-Worker
Xc-Version
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-VG-WebServer
Rendered-Blocks
X-Accel-Expires-Debug
Mobile-Detection-Method
X-CF-Lambda-Fn
Host-ID
X-Cache-NE
X-CF-Lambda-Version
DCR-Decision-By
X-ShopId
X-ShardId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Pubstack
X-PERF
X-ApacheServer
X-Backend-TTL
X-Cache-Grace
X-Forwarded-Host
X-Soup
X-Storefront-Renderer-Rendered
Surrogated-Key
DCR-Processing-Time-Ms
Fastcgi-X-Cache-Version
X-Connection-Hash
CloudFront-Viewer-Country
Apple-News-Services-Request-Url
X-Varnishpool
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-D
X-B-Cookie
X-Application
X-G
X-A-Dam
X-Processor
X-Request-UUID
X-ARC
X-PBS-Appsvrname
X-External-Request-Id
X-ScT
X-S-Cookie
X-A-Ccd
X-Rewrite-Enabled
X-A
X-Rojux
X-S
X-RCS-CacheZone
X-VG-WebCache
X-Minions-Version
X-Transaction
X-Aed
X-A-Wwc
X-A-Dgt
X-Vdms-Path
X-Vdms-Version
Now
X-Twitter-Response-Tags
X-PAYTM-SRV-ID
X-Alternate-Cache-Key
X-A-Dcw
X-Trv-Group
X-UA
X-Adobe-Source
X-Req
Adler-Geo
X-Say-TTL
X-Say-Cacheable
X-Owner
X-OVcl
X-Cache-Config
X-Rebelmouse-Surrogate-Control
X-Cluster-Name
X-Ms-Version
X-NGENIX-Cache
X-Storage
X-OVcl-Cache
X-Viewer-Country
X-Rebelmouse-Cache-Control
X-SayCDN-TTL
X-Web-Node
CDN-PullZone
X-CUA
X-Dispatcher-Server
X-Cache-Bucket
X-DPWN-IS-SECURE
X-Edge-Location
X-SN
X-Thanos
X-Bip
NM-Fastcgi-Cache
Wxu-Next-Commit
We-Hiring
Wxu-Next-Hostname
X-Variation
Platform
X-Up
Mail-Subject
X-Skip-Cache
CDN-RequestCountryCode
CDN-RequestId
CDN-EdgeStorageId
Wxu-Next-Region
CDN-Cache
CDN-CachedAt
CDN-Uid
X-Method
X-Generation-Time
Is-Eu
X-Servername
Fastly-SWR
X-Hash
Fastly-SIE
X-Ms-Request-Id
Ufe-Result
X-Varnish-Ttl
Cache-Status
Fastly-SSL
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Micro-Cache
X-Li-Fabric
X-Level-Front-Cache
FSS-Proxy
X-Li-Pop
X-LI-UUID
Fastly-Drupal-HTML
X-Microcachable
X-Clientip
X-Request-Host
X-Request-Start
X-Slack-Backend
X-Render-Time
X-Proxy-Upstream
Country-Code
X-Platform
X-Policy
Gh-Request-Id
HA-Ipaddr
PFcat
Origin
X-Envoy-Decorator-Operation
X-Csrf-Jwt
X-Core-Value
X-Cms-Context
Rt-Fastcgi-Cache
X-Core-Mission
X-Eu-Site
X-Fastly-Backend
X-HN
X-TX-ID
Ha-Gx-Prefs
L
L5d-Success-Class
X-Gamma-Serve
X-Generated-On
Group
X-Reqid
X-Fmm-Version
X-Varnish-Cacheable
X-Webstats-RespID
AKAMAI
X-Backend-State
Country
Decoy-Debug-Status
X-Clara-WADP
Decoy-Debug-TTL
X-Auto-Login
X-WADP-Cache
X-CGP
X-VarnishDD-TTL
C-Via
CacheControlHeader
X-Cache-Tags
X-Ah-Environment
Decoy-Debug-Key
X-Cache-Date
X-Cache-NGX
X-VG-TLSProxy
Backend
Upgrade-Insecure-Requests
X-Amz-Meta-Cb-Modifiedtime
X-Content-Age
X-Old-Content-Length
X-Developers
X-Geo-Header
X-Wikidot-Backend
Pagetype
X-Wikidot-Static-Cache
X-Gzip
X-Location
X-Cache-Id
X-Has-Esi
Memcached
Akamai-GRN
X-RateLimit-Remaining
UCS
X-Esi
X-Cdn-Srv
X-Cache-URL
X-HS-Content-Campaign-Id
X-Irp-Debug
HostName
Fastly-Backend-Name
X-Is-Gdpr
X-Esi-Check
X-JWT-State
X-Fastly-Cache
X-LAGOON
X-Agile-Id
X-Agile-Age
X-PF-Uncompressing
X-DefHash
X-DefElseHash
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Platform-Server
X-Mvc-Supplant-Cachable
X-Aspnet-Duration-Ms
X-Flags
X-Is-Crawler
X-Route-Name
X-Agile
X-Providence-Cookie
X-UPSTREAM-Address
X-NODE
X-LB-ID
CACHE
X-Aicache-OS
X-CS
X-Branch-Name
X-Wa
X-Refresh
X-Instart-Request-ID
X-BC
X-ZONE
X-Dc
M-TraceId
X-Via-Popn
X-Via-Poph
X-Session-Fingerprint
X-Cache-Debug
X-Cdn-Forward
X-Mvc-Supplant-OutputCached
X-Ua-Device
X-B3-Spanid
X-Debug-Cache-Store
Arc-Country
X-Debug-Cache-Fetch
VivaBuild
NGX
X-Edge-Server
Viewtype
X-Servedbyhost
Cdn-Host
X-LI-Proto
X-Page-View
Cdn-Request-Time
X-SERVER
X-GEO
X-DC
Xserver
X-RunCloud-Cache
X-Request-Time
X-Via-Ucdn
X-Bc
X-Zone
Srv
X-Ftr-Cache-Host
X-Varnish-Hostname
SRV
X-Nginx-Cache
X-Cs
X-Srv
X-Pinterest-Sli-Latency-Threshold
X-Pinterest-Sli-Endpoint-Name
X-APP
X-Pinterest-Sli-Response-Type
X-NGINX-Cache
X-Vgn-Hpd-Ssi
X-Action
Memory
X-Check-Cacheable
X-FPC
X-HS-Status
Actual-Object-TTL
X-ORACLE-APMCS-REQUEST-ID
X-LiteSpeed-Cache-Control
X-RPS
X-RPM
WWW-Authenticate
X-B3-Traceid
X-RSL
X-Via-CDN
X-DB
X-DW
X-DSS
Hostname
X-DI
X-Datadome
Geo-Info
X-Unique-ID
Geoip-Latitude
Sid
GeoIp-Country-Code
X-Oss-Cdn-Auth
X-Sql-Count
X-Via-Popv
X-UnsetCookies
X-NU-AKA-ACS-Version
X-Sql-Duration-Ms
X-VCL-Version
X-Cluster-Node
X-MP-GENERATED-AT
X-Geo
X-Vcache
X-Akamai-Request-ID2
X-CF-Powered-By
X-Dynatrace-Js-Agent
X-Via-SSL
X-Via-Edge
Edge-Copy-Time
Processtime
User-Agent
X-Hit
WebServer
X-CSRF-TOKEN
Apigw-Requestid
X-Www-Served-By
XServer
On-Server
X-Svr
W
X-Epic-Correlation-Id
X-SERVER-NAME
X-We-Are-Hiring
GeoIP-Country-Code
GeoIP-Latitude
ProcessTime
SID
X-Webkit-CSP-Report-Only
Server-Info
NtCoent-Length
X-FORWARDED-FOR
Cache-Hits
ServedBy
X-S-Maxage
X-Cache-Remote
X-FC-Vary-Parameters
X-Mobile-Rewrite
LB
X-HOST
Ohc-File-Size
X-Envoy-Upstream-Healthchecked-Cluster
T-Server
S-Rt
X-Vcl-Version
X-SRV
X-Presslabs-Stats
X-Nc
X-Dynatrace
X-Fpc
X-HITS
Amp-Access-Control-Allow-Source-Origin
X-Fastly-Country-Code
Accept-Language
Server-Host
N-Cache
X-Pjax-Url
X-Tb
X-MSEdge-Flight
Esi-Enabled
CF-IPCountry
X-Cache-Hm
X-Cache-Hfrom
X-MSEdge-Features
Origin-Cache-Control
Cteonnt-Length
CDN
Origin-Edge-Control
Magicmarker
X-Pass-Why
A
Cdn
X-Key
X-CACHE-KEY
X-Varnish-Hits
X-COUNTRY
Pics-Label
X-VC
Lb
X-SB
WZWS-RAY
Proxy-Firewall
X-Dispatch
X-Oracle-Dms-Rid
X-LLID
Ohc-Cache-HIT
X-Instart-Info
X-ServedByHost
X-Amzn-Remapped-Date
X-Geo-Region
X-Li-Proto
X-Amzn-Remapped-Connection
Protected
X-Info
Powered-By
X-StackifyID
X-Via-NSCOPI
X-Newrelic-App-Data
Server-Ttl
X-RAMCache
X-B3-SpanId
HitType
X-Uri
BehaviorPad-Version
Cache-Key
X-Akamai-Pragma-Client-IP
User-Cache-Control
Fastcgi-Cache-TTL
X-Served-From
X-TH-Server
X-Generated
X-Newrelic-Synthetics
X-TT-LOGID
Tracecode
X-Cache-Tag
X-App
X-Erf-Bev-Bev-Is-Generated
X-LiteSpeed-Tag
X-Via-PopV
Cache-Provider
X-Erf-Bev-Bev
X-Via-PopN
X-Via-PopH
X-Lb-Id
X-TrackingId
X-ID
Ssr
X-Cc-Req-Id
X-Men
Dnion-Transfer-Encoding
X-Cc-Via
X-Scheme
X-Path-Route
X-Magnolia-Registration
X-Planisys-CDN-Rules
Cache-Name
X-UA-Device-Type
X-Agile-Brick-Ok
X-Provided-By
Xet-Cookie
DSUID
X-WA
X-Batcache
X-Erf-Stays-Bingo-Pdp-Web
D-Cc-Upstream
Lfy
X-Planisys-CDN-Cache
Odigeo-Trace-Id
X-Tt-Logid
X-Planisys-CDN-TTL
X-Cache-Spec
Section-Io-Id
Section-Origin-Responded
Tcn
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-Gen-Mode
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated-In
X-GeoIP-City
X-Hnp-Log
X-Loc
X-Origin-CC
X-Origin-Date
X-Nyt-Route
X-NodeID
X-Nginx-Cache-Key
X-Node-Id
X-Matched-Rule
X-ElasticPress-Query
X-Block-Status
X-Cache-ASPX
X-BBXSRF
X-BBC-Edge-Cache-Status
X-API-Version
X-Azure-Ref-OriginShield
X-Cache-Info
X-Cdn-Origin
X-Origin-Expires
X-Fetched-On
X-Device-Os
X-Developer
X-Contensis-Viewer-Groups
X-Gdpr
X-Parent-Response-Time
X-Swa-Ws
X-Thinkindot-L3
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-SRCache-Key
X-Trace-Id
X-User
X-VC-Cache
X-VServer
X-Varnish-Url
X-Varnish-Authentication
X-Var-Ttl
X-Sn-Servicetimems
X-SIPLIST1
X-RateLimit-Remaining-Second
X-Request-URI
X-RateLimit-Limit-Second
Web-Mar-Node
X-Origin-TTL
X-Response-By
X-Rocket-Build-Number
X-Sigma
X-Sigma-Backend
X-ServiceProvider
X-Server-IP
X-SD-PageType
X-Origin-Time
Vix-Hermes-Req-Id
Cache-Host
X-Yottaa-OS
X-RateLimit-Limit
FNAC-ModuleRouting
Instruction
Kp-EeAlive
IsBot
X-HostName
X-PJAX-URL
X-Pf-Uncompressing
Inserted-Into-Cache-At
Cf-Alt-Svc
X-Varnish-Beresp-TTL
Mime-Version
Who
Locid
CDCHOST
Thinkindot-CacheControl
Sever-Int
Thinkindot-CacheControl-Type
Thinkindot-Control
V-Age
True-Client-Country-4JS
Server-Hostname
SR-User-Adfree
Pramga
Release
Path
Server-Ext
X-Selected-Name
X-Selected-Host-Header
X-Selected-Scheme
CountryCode
X-Acc-Rdl
X-Proxy-Cachei7
Vha6-Origin
PICS-Label
X-Traceid
X-C
X-TraceId
Req-Svc-Chain
X-MiniProfiler-Ids
Server-Id
X-BBC-Origin-Response-Status
X-Dw-Trace-Id
X-Pad
X-Snapshot-Date
Content-Style-Type
X-Origin-Response-Time
MIME-Version
Resin-Trace
X-Cache-Expires
Server-ID
Source
Pragrma
X-Apw-Access-Object
X-Apw-Access-Action
X-Vgn-Hpd-Reason
X-Apw-Access-Token
X-Apw-Hits
Content-Script-Type
X-Request-URL
X-Tid