Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
Age
CF-RAY
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Xss-Protection
Alt-Svc
X-Served-By
CF-Ray
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
P3p
X-Cacheable
X-Request-ID
X-Kinja-Server-Push
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
Upgrade
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Template
X-Language
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Backend
X-Dns-Prefetch-Control
X-Hacker
X-AH-Environment
X-Robots-Tag
X-Server
X-Amz-Request-Id
X-UA-Device
X-Cache-Group
X-Amz-Id-2
EagleId
X-Proxy-Cache
X-Buckets
X-Turbo-Charged-By
Request-Context
X-Server-Powered-By
Server-Timing
Host-Header
X-Nginx-Cache-Status
Grace
Report-To
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Cf-Bgj
Cf-Railgun
Ali-Swift-Global-Savetime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Vhost
X-Amz-Version-Id
X-Host
X-WebKit-CSP
NEL
X-Dispatcher
X-Device
X-Backend-Server
X-Node
Surrogate-Control
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Response-Time
Content-Location
X-Origin-Cache
Request-Id
X-Server-Id
X-Akam-SW-Version
X-ASPNET-VERSION
X-Ac
Accept-CH-Lifetime
X-Country
EagleEye-TraceId
Accept-CH
X-HW
X-Mod-Pagespeed
Rating
X-Readtime
X-ORACLE-DMS-ECID
X-Cloud-Trace-Context
X-Application-Context
Pinterest-Generated-By
X-ORACLE-DMS-RID
Edge-Control
X-Country-Code
X-DataDome
X-Url
X-Vname
X-PC
X-TtlSet
X-Varnish-TTL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Origin-Upstream-Status
X-Cnection
Allow
Fusion-Component-Id
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Source
Fusion-Template-Id
X-MS-InvokeApp
Fusion-Content-Id
X-D2id
X-GitHub-Request-Id
X-Content-Type
X-ESI
X-Clacks-Overhead
X-Server-Name
X-Abt-Application-Version
X-Navigation-Version
X-Trace
X-Pinterest-Rid
Pinterest-Version
Pagespeed
Display
Response
X-Sol
X-Middleton-Response
X-Middleton-Display
X-Vcap-Request-Id
X-FTR-Request-ID
X-B3-TraceId
Verso
X-Px
X-Cached
X-Rack-Cache
X-Webkit-CSP
X-Element-Page-Cache
X-Fastly-Request-ID
X-DynaTrace
Service-Worker-Allowed
MS-Author-Via
X-Client-IP
X-Cache-TTL
Arr-Disable-Session-Affinity
X-Powered-By-Plesk
X-Dw-Request-Base-Id
X-Upstream
X-Version
Content-MD5
AR-CACHE
X-Forwarded-Proto
AR-ATIME
AR-PoweredBy
AR-Request-ID
X-SharePointHealthScore
Ar-Sid
SPRequestGuid
X-NF-Request-ID
Accept-Ch
X-T
Fastly-Restarts
X-Debug
X-Ttl
X-VARITI-CCR
X-Server-ID
X-Exp-Id
X-Exp-Variant
X-Kinja
X-Cdn-Fetch
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-Jurisdiction
X-Goog-Hash
X-TTL
TP-Cache
TP-L2-Cache
Access-Control-Request-Method
X-FastCGI-Cache
X-Powered-CMS
X-MSEdge-Ref
X-Content-Digest
X-Release
X-XRDS-Location
X-Edge
X-NWS-LOG-UUID
SPRequestDuration
TCN
SPIisLatency
X-CST
S
RTSS
X-Amz-Rid
X-Pinterest-Direct
X-PressLabs-Stats
Cache-Tag
Public-Key-Pins
X-Request-Processing-Time
X-Request-Received
Fastcgi-Cache
X-Ezoic-Cdn
X-Node-Name
X-Yandex-Sdch-Disable
X-MCACHE
X-Mid
Server-Node
X-Cache-Key
X-Accel-Expires
Accept-Ch-Lifetime
X-Amzn-Trace-Id
Front-End-Https
X-Logged-In
X-Cache-Hit
X-Ratelimit-Remaining
ServerID
X-Ser
X-Request-Handler-Origin-Region
X-Microsite
X-Origin-Server
X-Recruiting
X-Kinsta-Cache
X-Page-Id
Alternate-Protocol
Accept-Charset
Host
X-B
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ratelimit-Limit
X-Hostname
X-Mobile-URL
X-Varnish-Age
Nginx-Cache
X-ECACHE
X-Content-Security-Policy-Report-Only
X-FireWall-Port
X-Forwarded-For
Filterid
X-DIS-Request-ID
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Realm
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Balancer
X-Shield-Request-Id
X-FTR-Expires
X-Mg-S
X-Content-Options
X-Load-Cache
Realpath
X-Seen-By
X-Daa-Tunnel
Edge-Cache-Tag
X-Grace
X-Jobs
Akamai-Age-Ms
X-Amz-Server-Side-Encryption
X-F-Cache
X-Id
X-LB-Cache
X-Git-Hash
X-Activity-Id
X-AppVersion
X-Varnish-Backend
X-Type
X-App-Environment
X-Az
X-Hits
X-Varnish-Grace
X-Request-Guid
Paypal-Debug-Id
X-N
X-Rid
Fastcgi-Useragent
X-HP-Webp
MicrosoftSharePointTeamServices
X-Zen-Fury
X-Proxy
DynaTrace
X-FB-Debug
X-Upgrade-Enabled
Access-Control-Allow-Method
Cache-Tags
Cleartype
X-App-Server
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-WebKit-CSP-Report-Only
X-Akamai-Edgescape
DC
X-Geo-Country
X-Cached-By
Content-Disposition
X-Content-Powered-By
X-Cache-Operation
X-Cache-Rule
AMP-Access-Control-Allow-Source-Origin
X-Correlation-ID
X-XRDS-LOCATION
X-TEC-API-ROOT
X-Amz-Meta-S3cmd-Attrs
X-Host-Name
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Wix-Request-Id
X-IPLB-Instance
X-User-Agent
X-B3-Sampled
X-Accel-Buffering
X-Original-Request-Id
X-Response-Served-From
Powered-By-ChinaCache
X-HS-Content-Id
X-HS-Cache-Config
X-HTML-Minification-Powered-By
X-HS-Hub-Id
Healthy
X-Cache-Age
X-Goog-Generation
X-AOL-HN
X-B-Cache
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Signature
X-VCache
X-HS-Combine-CSS
X-Tec-Api-Version
X-Respond-Thread
X-Tec-Api-Root
X-Tec-Api-Origin
X-Whom
X-Region
X-Cacheable-TTL
MS-CV
X-Distributor
X-FW-Type
X-FW-Server
Refresh
X-Rendered-As
X-FW-Hash
X-Is-Bot
X-UUID
X-FW-Static
X-Cache-Time
Payment
X-FW-Dynamic
NGB
X-FW-Serve
X-Endurance-Cache-Level
X-Debug-Info
X-Rule
Datacenter
X-Instance
X-Amz-Apigw-Id
X-Tumblr-Pixel-2
X-Mobile
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Amzn-RequestId
X-Tumblr-Pixel
X-Frontend
Countrycode
X-Ua
PB-PID
Arc-Version
PB-RID
Surrogate-Key
X-Fastcgi-Cache
X-Varnish-Server
X-Oneagent-Js-Injection
S-Cnection
X-Backend-Name
X-PHP-Backend
X-Acc-Debug-Context
X-Protected-By
X-App-Version
X-Via-JSL
Viewport
X-Cache-Server
X-Azure-Ref
X-NewRelic-App-Data
X-Hyper-Cache
X-Litespeed-Cache
Powered
Cache
Liferay-Portal
X-Cache-Expired-At
Filters
X-Hp-Webp
Charset
X-WA-Info
X-Proxy-Cache-Status
Retry-After
Referer-Policy
X-Cache-Control
X-Sucuri-ID
X-DynaTrace-JS-Agent
X-Source
X-Amz-Replication-Status
X-EdgeConnect-Cache-Status
X-Cache-Action
X-RemovedCookies
X-FB-TRIP-ID
Section-Io-Cache
X-CSRF-Token
X-ProcessESI
X-Cache-Var
Meta-Geo
X-Cache-Var-Map
X-Real-IP
X-Mode
X-ES-SERVER
X-RN-RSRV
FSS-Cache
X-GeoIP
X-Site-Version
X-Qloud-Router
X-Framework
Eomportal-Instance
X-Locale
X-Debug-Cache
X-Time
X-FTR-Cache-Host
X-Server-W
X-L-Path
X-Cache-Host
X-R9-Blue-Green-Version
X-Human
X-Device-Type
X-Environment-Context
X-Time-Microsecs
Version
Mn-Server-Ip
X-Cluster
X-ProxyCache-Status
X-ProxyCache-Key
X-Proxy-Build
GEO-INFO
Property-Id
TWC-Device-Class
X-Routing-Service
X-Ratelimit-Reset
X-Proxied
Uber-Trace-Id
X-Hl-Ver
Selected-Fe
Cache-Tv-Group
X-Loop
X-Handled-By
X-Origin-Hint
Ms-Operation-Id
TWC-Connection-Speed
X-FW-Version
TWC-Locale-Group
X-BYPASS-REASON
Webcakes-App-Name
X-Yottaa-Metrics
X-Via-Fastly
X-VWS-Id
Webcakes-App-Version
X-Revision
Webcakes-Region
X-Zipkin-Id
X-Yottaa-Optimizations
X-AWS-Id
TWC-GeoIP-Country
TWC-Privacy
TWC-GeoIP-LatLong
X-LJ-Flow-ID
X-TNCMS
X-Timing-Wait
X-RTag
X-JoinUs
X-From
X-BCube-Filmed-By
X-Be
Ec-Rule-Version
X-Detected-As
X-Amzn-Remapped-Content-Length
Cross-Origin-Window-Policy
Frame-Options
X-PCL
X-PHP-Host
X-Status
X-Labrador-Cache-Channel
X-Cache-TTL-Remaining
X-Generated-By
X-Hosted-By
X-Air-Hostname
X-Redis-Cache
X-ServerID
X-OCL
Webserver
X-SaId
X-Proto
X-NYM-Debug-Backend
X-Section
X-Format
DB-Nickname
X-Access
X-Xfnlog-Site
Nel
X-Unique-Id
X-No-Session
From-Origin
X-Sucuri-Cache
X-ATG-Version
X-Cache-PHP
X-Varnish-Cache-Hits
X-NWS-UUID-VERIFY
X-Correlation-Id
Server-Name
X-Drupal-Cache-Contexts
X-TA-CDN-Provider
X-Contextid
X-Drupal-Cache-Tags
X-Origin
X-NCache
X-EIG-Tracking-Id
OT-Force-Account-Verify
CF-Cached-On
X-CDN-Forward
X-AIR-PT
X-IPS-LoggedIn
X-EC-Lua
X-Bc-Bl
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Akamai-Transformed
X-IP
X-TIME
X-Cache-Enabled
X-GoCache-CacheStatus
X-Oss-Server-Time
X-Adobe-Content
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-APP-VERSION
X-Adobe-Loc
X-Oss-Storage-Class
X-Vgn-Hpd-Variations-Key
X-NC
X-Backend-Host
X-ECache
X-Vgn-Hpd-Cached
Azure-InstanceId
Azure-RegionName
X-Cache-Backend
X-Ruxit-Js-Agent
Azure-Version
Azure-SlotName
Azure-SiteName
X-UA
X-TT
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Tumblr-Pixel-3
X-URL
X-Cdn
X-Cache-2
Access-Control-Request-Headers
SD-X-WS
X-CACHE-AGE
Time
Node
X-Varnishpool
X-Minions-Version
Apple-News-Services-Host
X-Connection-Hash
X-CF-Lambda-Fn
X-VG-WebCache
X-S-Cookie
X-Vdms-Version
X-ScT
X-VG-WebServer
Host-ID
X-ApacheServer
X-Backend-TTL
X-Cache-Grace
Mobile-Detection-Method
Meta-Geo-Continent
X-Soup
X-Alternate-Cache-Key
MD5-Digest
Fastcgi-X-Cache-Version
X-S
Now
X-PAYTM-SRV-ID
X-G
X-Worker
X-RCS-CacheZone
CloudFront-Viewer-Country
X-Processor
X-PBS-Appsvrname
Xc-Version
X-Vdms-Path
X-Request-UUID
X-Rewrite-Enabled
X-Rojux
X-External-Request-Id
DCR-Processing-Time-Ms
Apple-News-Services-Handled
X-Cache-NE
DCR-Decision-By
Apple-News-Services-Parsed-Url
Machine
X-Shopify-Stage
X-Vtex-Remote-Cache
X-CF-Lambda-Version
X-Sorting-Hat-PodId
X-A
X-Application
X-D
X-Pubstack
X-ShopId
Rendered-Blocks
Surrogated-Key
X-Date
X-Destination
X-Aed
X-Transaction
X-ShardId
X-PERF
X-Vtex-Processado-Em
Apple-News-Services-Request-Url
X-B-Cookie
X-A-Ccd
X-Twitter-Response-Tags
X-Accel-Expires-Debug
X-Sorting-Hat-ShopId
X-Trv-Group
X-A-Dgt
X-A-Wwc
X-Forwarded-Host
X-Storefront-Renderer-Rendered
X-A-Dam
X-A-Dcw
X-ARC
X-CCM
X-Adobe-Source
X-Say-TTL
X-OVcl-Cache
X-Hash
X-SayCDN-TTL
X-Owner
X-NGENIX-Cache
X-Method
CDN-EdgeStorageId
X-Ms-Request-Id
CDN-CachedAt
CDN-Cache
X-Cache-Config
CDN-Uid
X-Cluster-Name
Fastly-SSL
X-Ms-Version
X-OVcl
CDN-RequestId
X-Web-Node
X-Storage
Cache-Status
CDN-PullZone
X-Generation-Time
CDN-RequestCountryCode
X-Say-Cacheable
X-Servername
X-Variation
X-Thanos
X-Up
Is-Eu
X-SN
X-Varnish-Ttl
Adler-Geo
Wxu-Next-Region
NM-Fastcgi-Cache
Ufe-Result
X-Dispatcher-Server
Platform
X-CUA
Wxu-Next-Hostname
Wxu-Next-Commit
X-Bip
X-Edge-Location
Fastly-SWR
X-Skip-Cache
Fastly-SIE
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Cache-Bucket
X-Varnish-Beresp-Status
X-Micro-Cache
X-Varnish-Beresp-Ttl
X-Viewer-Country
X-Varnish-Beresp-Grace
AKAMAI
X-Backend-State
Rt-Fastcgi-Cache
We-Hiring
X-Cache-Tags
X-Auto-Login
X-Cache-Date
X-Cache-NGX
X-Csrf-Jwt
X-Clientip
X-Envoy-Decorator-Operation
Gh-Request-Id
Ha-Gx-Prefs
HA-Ipaddr
Fastly-Drupal-HTML
X-Eu-Site
X-Gamma-Serve
Country-Code
X-Fastly-Backend
X-Core-Mission
L
X-CGP
PFcat
CacheControlHeader
Origin
X-Generated-On
L5d-Success-Class
Mail-Subject
X-DPWN-IS-SECURE
C-Via
Country
X-Req
X-Reqid
X-Request-Host
X-Render-Time
X-VG-TLSProxy
X-Platform
X-Policy
X-Request-Start
FSS-Proxy
X-Slack-Backend
X-VarnishDD-TTL
X-Core-Value
X-Varnish-Cacheable
X-Webstats-RespID
X-HN
Decoy-Debug-Key
X-Proxy-Upstream
X-LI-UUID
Decoy-Debug-Status
X-Li-Fabric
X-Level-Front-Cache
X-Microcachable
X-Li-Pop
X-Ah-Environment
Decoy-Debug-TTL
Backend
Upgrade-Insecure-Requests
X-Amz-Meta-Cb-Modifiedtime
X-Cache-URL
X-Old-Content-Length
X-HS-Content-Campaign-Id
X-TX-ID
X-Esi
X-Cache-Id
X-Gzip
X-Cdn-Srv
X-Wikidot-Static-Cache
X-Esi-Check
X-Clara-WADP
UCS
X-Fastly-Cache
X-Irp-Debug
X-Developers
X-Wikidot-Backend
X-WADP-Cache
Pagetype
Group
X-Cms-Context
X-Location
X-Geo-Header
X-Has-Esi
X-Content-Age
X-Is-Gdpr
X-JWT-State
Akamai-GRN
Fastly-Backend-Name
X-Fmm-Version
Memcached
X-LAGOON
X-Agile
X-CACHE-GROUP
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Flags
X-Mvc-Supplant-Cachable
X-Agile-Id
X-Providence-Cookie
X-Route-Name
X-Agile-Age
X-Platform-Server
X-PF-Uncompressing
X-UPSTREAM-Address
HostName
X-NODE
X-Aicache-OS
X-Wa
X-CS
X-Varnish-CookieHashed-On
X-DefElseHash
X-DefHash
X-Varnish-Remaining-TTL
CACHE
X-Branch-Name
X-Varnish-CookieINHashed-On
X-Refresh
X-Instart-Request-ID
X-ZONE
X-BC
X-Dc
X-LB-ID
X-RateLimit-Remaining
X-Cache-Debug
M-TraceId
X-Session-Fingerprint
X-Via-Poph
X-Via-Popn
X-Cdn-Forward
Arc-Country
X-Debug-Cache-Store
X-Ua-Device
X-Mvc-Supplant-OutputCached
X-Debug-Cache-Fetch
X-B3-Spanid
X-LI-Proto
X-Edge-Server
X-Servedbyhost
Viewtype
Cdn-Host
Cdn-Request-Time
X-Page-View
NGX
VivaBuild
X-DC
X-SERVER
X-GEO
X-Request-Time
X-RunCloud-Cache
X-Via-Ucdn
X-Bc
Srv
X-Zone
SRV
X-Ftr-Cache-Host
X-Varnish-Hostname
X-Cs
X-Srv
X-Nginx-Cache
X-APP
X-NGINX-Cache
X-ORACLE-APMCS-REQUEST-ID
Hostname
X-Pinterest-Sli-Response-Type
Memory
X-Pinterest-Sli-Latency-Threshold
X-Vgn-Hpd-Ssi
Xserver
X-Pinterest-Sli-Endpoint-Name
X-Action
Actual-Object-TTL
X-FPC
X-HS-Status
X-LiteSpeed-Cache-Control
WWW-Authenticate
X-DB
X-DSS
X-DW
X-RPM
X-DI
X-RPS
X-B3-Traceid
X-RSL
X-Check-Cacheable
X-Via-CDN
Geo-Info
X-Unique-ID
X-Datadome
X-VCL-Version
X-Sql-Count
X-Sql-Duration-Ms
X-UnsetCookies
X-MP-GENERATED-AT
Sid
X-NU-AKA-ACS-Version
GeoIp-Country-Code
Geoip-Latitude
X-Oss-Cdn-Auth
X-Vcache
X-Geo
XServer
X-Via-Edge
X-Via-SSL
Edge-Copy-Time
X-Cluster-Node
X-CF-Powered-By
X-Dynatrace-Js-Agent
X-Akamai-Request-ID2
X-Via-Popv
Processtime
WebServer
X-CSRF-TOKEN
User-Agent
X-Hit
GeoIP-Country-Code
ProcessTime
X-Www-Served-By
X-SERVER-NAME
X-We-Are-Hiring
X-Svr
X-Epic-Correlation-Id
On-Server
GeoIP-Latitude
W
Apigw-Requestid
Server-Info
NtCoent-Length
SID
X-FORWARDED-FOR
X-Webkit-CSP-Report-Only
X-S-Maxage
Cache-Hits
ServedBy
LB
X-Cache-Remote
Ohc-File-Size
X-HOST
X-Mobile-Rewrite
X-FC-Vary-Parameters
X-Envoy-Upstream-Healthchecked-Cluster
X-Presslabs-Stats
X-Dynatrace
X-SRV
X-Fpc
X-Nc
T-Server
S-Rt
Amp-Access-Control-Allow-Source-Origin
X-HITS
Server-Host
X-Cache-Hfrom
Accept-Language
X-Tb
X-Pjax-Url
X-Cache-Hm
X-Fastly-Country-Code
CF-IPCountry
X-MSEdge-Flight
N-Cache
X-MSEdge-Features
X-Vcl-Version
Esi-Enabled
A
X-Pass-Why
X-Key
Magicmarker
Cdn
Origin-Cache-Control
Origin-Edge-Control
Cteonnt-Length
CDN
X-Varnish-Hits
X-CACHE-KEY
X-COUNTRY
X-Dispatch
Pics-Label
X-Oracle-Dms-Rid
X-SB
Lb
X-VC
Proxy-Firewall
X-LLID
Ohc-Cache-HIT
Protected
WZWS-RAY
X-Amzn-Remapped-Date
X-Li-Proto
Powered-By
X-Geo-Region
X-Instart-Info
X-Amzn-Remapped-Connection
X-Info
X-RAMCache
Server-Ttl
X-Newrelic-App-Data
X-Via-NSCOPI
X-StackifyID
HitType
X-ServedByHost
X-B3-SpanId
X-Uri
X-Newrelic-Synthetics
User-Cache-Control
BehaviorPad-Version
X-Generated
Fastcgi-Cache-TTL
X-Served-From
X-Akamai-Pragma-Client-IP
X-TH-Server
Cache-Key
X-TT-LOGID
Tracecode
X-Cache-Tag
X-App
X-Lb-Id
Cache-Provider
X-Via-PopV
Ssr
X-Via-PopN
X-Via-PopH
X-LiteSpeed-Tag
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-ID
X-TrackingId
Dnion-Transfer-Encoding
X-WA
X-Planisys-CDN-Rules
X-Provided-By
X-Planisys-CDN-TTL
X-Agile-Brick-Ok
X-Path-Route
Lfy
X-Tt-Logid
D-Cc-Upstream
X-Cache-Spec
X-Cc-Req-Id
X-Scheme
X-Men
X-Cc-Via
X-Planisys-CDN-Cache
Xet-Cookie
Cache-Name
DSUID
Odigeo-Trace-Id
X-Magnolia-Registration
X-Batcache
X-Erf-Stays-Bingo-Pdp-Web
X-UA-Device-Type
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Id
Tcn
Section-Io-Origin-Status
X-Loc
X-Hnp-Log
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Nginx-Cache-Key
X-API-Version
X-Azure-Ref-OriginShield
X-Matched-Rule
X-GeoIP-City
Web-Mar-Node
X-Block-Status
X-Node-Id
X-Cache-ASPX
X-Device-Os
X-Cache-Info
X-Developer
X-Cdn-Origin
X-ElasticPress-Query
X-Fetched-On
X-BBXSRF
X-BBC-Edge-Cache-Status
X-Contensis-Viewer-Groups
X-Gen-Mode
X-Gdpr
X-Generated-In
X-Response-By
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Swa-Ws
X-SRCache-Key
X-Sn-Servicetimems
X-Sigma-Backend
X-SIPLIST1
X-Thinkindot-L3
X-Trace-Id
X-VC-Cache
X-VServer
X-Varnish-Url
X-Varnish-Authentication
X-User
X-Var-Ttl
X-Sigma
X-ServiceProvider
X-Origin-Time
X-Origin-TTL
X-Origin-Expires
X-Origin-Date
X-Nyt-Route
X-Origin-CC
X-Parent-Response-Time
X-RateLimit-Limit-Second
X-SD-PageType
X-Server-IP
X-Rocket-Build-Number
Vix-Hermes-Req-Id
X-RateLimit-Remaining-Second
X-Request-URI
X-NodeID
Path
Instruction
FNAC-ModuleRouting
IsBot
Locid
Inserted-Into-Cache-At
CDCHOST
Cache-Host
V-Age
X-Yottaa-OS
X-Pf-Uncompressing
Cf-Alt-Svc
X-Varnish-Beresp-TTL
Pramga
Kp-EeAlive
X-HostName
Release
Thinkindot-Control
SR-User-Adfree
Thinkindot-CacheControl
Sever-Int
X-PJAX-URL
Server-Ext
Who
Thinkindot-CacheControl-Type
Server-Hostname
X-RateLimit-Limit
CountryCode
X-Selected-Host-Header
X-Selected-Scheme
X-Selected-Name
X-Acc-Rdl
X-Pad
X-Proxy-Cachei7
Vha6-Origin
X-Dw-Trace-Id
Req-Svc-Chain
Server-Id
X-BBC-Origin-Response-Status
X-TraceId
X-MiniProfiler-Ids
Pragrma
X-Traceid
X-C
Mime-Version
X-Origin-Response-Time
X-Apw-Access-Action
MIME-Version
X-Snapshot-Date
Source
Resin-Trace
Server-ID
True-Client-Country-4JS
X-Cache-Expires
X-Request-URL
X-Apw-Hits
Content-Script-Type
Content-Style-Type
X-Tid
X-Vgn-Hpd-Reason
X-Apw-Access-Token
X-Apw-Access-Object
PICS-Label