Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
CF-RAY
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-Served-By
X-Xss-Protection
CF-Ray
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Request-ID
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-DNS-Prefetch-Control
P3p
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
X-CDN
Upgrade
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
X-Template
X-Language
Feature-Policy
X-Age
X-Dns-Prefetch-Control
X-Backend
X-Cache-Group
X-Hacker
X-Amz-Request-Id
X-Server
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
EagleId
X-UA-Device
X-Proxy-Cache
Request-Context
X-Turbo-Charged-By
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Host-Header
Grace
Report-To
X-Buckets
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
Cf-Railgun
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-Vhost
X-Host
X-WebKit-CSP
X-Dispatcher
X-Backend-Server
NEL
X-Device
X-Node
Surrogate-Control
Cf-Bgj
X-Ruxit-JS-Agent
Content-Location
X-Server-Id
X-Response-Time
X-Cache-Lookup
Request-Id
Accept-CH-Lifetime
X-Origin-Cache
X-Akam-SW-Version
X-Ac
EagleEye-TraceId
Accept-CH
X-ASPNET-VERSION
X-Country
X-HW
Rating
X-Readtime
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-Application-Context
X-ORACLE-DMS-ECID
Allow
X-ORACLE-DMS-RID
Pinterest-Generated-By
Edge-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country-Code
X-DataDome
X-Vname
X-TtlSet
X-PC
X-Varnish-TTL
X-Url
X-Cnection
X-MS-InvokeApp
X-Origin-Upstream-Status
X-GitHub-Request-Id
X-Content-Type
Fusion-Template-Id
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Content-Id
X-D2id
X-Clacks-Overhead
X-Trace
Response
Display
Pagespeed
X-Middleton-Display
X-Middleton-Response
X-Sol
Pinterest-Version
X-Pinterest-Rid
X-Abt-Application-Version
X-Server-Name
X-Px
X-Vcap-Request-Id
X-ESI
X-Navigation-Version
X-Rack-Cache
X-B3-TraceId
X-FTR-Request-ID
Verso
Service-Worker-Allowed
MS-Author-Via
X-Fastly-Request-ID
X-Webkit-CSP
X-Cached
X-Element-Page-Cache
X-DynaTrace
X-Client-IP
Arr-Disable-Session-Affinity
X-Cache-TTL
X-CST
X-FastCGI-Cache
X-Dw-Request-Base-Id
X-Powered-By-Plesk
X-Upstream
Content-MD5
SPRequestGuid
X-SharePointHealthScore
Fastly-Restarts
AR-CACHE
AR-ATIME
AR-Request-ID
AR-PoweredBy
X-Version
Ar-Sid
X-NF-Request-ID
X-Forwarded-Proto
X-VARITI-CCR
X-Kinja
X-GoogleNews-Bot
X-Goog-Hash
X-Kinja-Build
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-Debug
X-TTL
X-T
X-Jurisdiction
Access-Control-Request-Method
X-Powered-CMS
X-Ttl
X-MSEdge-Ref
X-XRDS-Location
X-Release
X-Content-Digest
SPIisLatency
SPRequestDuration
S
TP-Cache
TP-L2-Cache
X-Edge
X-Amz-Rid
X-Pinterest-Direct
Accept-Ch
TCN
RTSS
X-Server-ID
Cache-Tag
Public-Key-Pins
X-Ezoic-Cdn
X-NWS-LOG-UUID
X-Node-Name
X-Yandex-Sdch-Disable
Fastcgi-Cache
X-PressLabs-Stats
X-Cache-Key
X-Request-Processing-Time
X-Request-Received
X-Mid
X-MCACHE
Server-Node
Front-End-Https
X-Accel-Expires
X-Amzn-Trace-Id
X-Recruiting
X-Ser
X-Kinsta-Cache
X-Request-Handler-Origin-Region
X-Microsite
X-Logged-In
ServerID
X-Cache-Hit
Mrf-Cache-Status
Accept-Charset
MRF-Tech
X-Origin-Server
X-B3-TraceId-Primal
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Page-Id
X-Ratelimit-Remaining
X-Mg-S
Host
X-Amz-Server-Side-Encryption
X-Grace
X-Varnish-Age
X-B
X-Content-Security-Policy-Report-Only
X-ECACHE
X-DIS-Request-ID
Alternate-Protocol
Nginx-Cache
X-HP-Webp
X-Shield-Request-Id
X-Mobile-URL
Edge-Cache-Tag
X-Hostname
X-Ratelimit-Limit
X-Forwarded-For
X-Hits
Realpath
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Realm
X-Country-Code-Real
X-FTR-Expires
X-Content-Options
X-F-Cache
X-FireWall-Port
X-Git-Hash
MicrosoftSharePointTeamServices
X-LB-Cache
Filterid
X-Seen-By
X-Load-Cache
X-Az
X-AppVersion
X-Activity-Id
X-N
X-Jobs
X-App-Environment
X-Request-Guid
Paypal-Debug-Id
X-Type
X-Varnish-Backend
X-Rid
Fastcgi-Useragent
Cache-Tags
Cleartype
DynaTrace
X-Cached-By
X-Varnish-Grace
X-Upgrade-Enabled
Accept-Ch-Lifetime
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Zen-Fury
X-WebKit-CSP-Report-Only
X-Daa-Tunnel
Access-Control-Allow-Method
X-Proxy
X-Litespeed-Cache
X-Cache-Age
Powered-By-ChinaCache
X-FB-Debug
X-Correlation-ID
X-Id
X-Amz-Meta-S3cmd-Attrs
X-Akamai-Edgescape
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Respond-Thread
X-TEC-API-ROOT
X-App-Server
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Geo-Country
DC
X-Goog-Storage-Class
X-Goog-Metageneration
X-GUploader-UploadID
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Combine-CSS
X-Cache-Rule
X-Host-Name
X-Cache-Operation
AMP-Access-Control-Allow-Source-Origin
X-B3-Sampled
X-B-Cache
X-User-Agent
X-IPLB-Instance
X-Content-Powered-By
X-Signature
X-Debug-Info
Content-Disposition
X-AOL-HN
X-Response-Served-From
MS-CV
Healthy
X-Accel-Buffering
X-Original-Request-Id
X-Region
X-Whom
X-Wix-Request-Id
X-Frontend
X-Mobile
X-HTML-Minification-Powered-By
Payment
X-FW-Server
X-UUID
X-FW-Hash
X-FW-Type
X-Rule
X-Distributor
X-FW-Static
X-FW-Serve
X-Instance
X-FW-Dynamic
X-Cacheable-TTL
X-Rendered-As
X-Is-Bot
X-Cache-Time
Akamai-Age-Ms
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-VCache
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Ua
Refresh
X-Endurance-Cache-Level
Datacenter
X-Tec-Api-Version
X-Tec-Api-Origin
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Tec-Api-Root
Surrogate-Key
Liferay-Portal
Filters
NGB
Charset
X-Acc-Debug-Context
S-Cnection
Viewport
X-Via-JSL
X-Protected-By
Countrycode
Nel
X-XRDS-LOCATION
X-App-Version
PB-PID
Arc-Version
PB-RID
X-Hyper-Cache
X-Ah-Environment
X-Backend-Name
X-Varnish-Server
X-Cache-Expired-At
X-Oneagent-Js-Injection
X-Cache-Server
X-Amz-Replication-Status
X-NewRelic-App-Data
Section-Io-Cache
Retry-After
GEO-INFO
X-Cache-Action
X-PHP-Backend
X-Sucuri-ID
Referer-Policy
X-Azure-Ref
Version
X-EdgeConnect-Cache-Status
X-Source
X-WA-Info
X-Proxy-Cache-Status
X-Cache-Control
X-Unique-Id
Eomportal-Instance
X-ProcessESI
X-RemovedCookies
X-Real-IP
X-Framework
X-L-Path
X-Environment-Context
X-Yottaa-Metrics
Frame-Options
X-Air-Hostname
X-Yottaa-Optimizations
X-RTag
Meta-Geo
X-RN-RSRV
X-Revision
X-Cache-Var
X-Cache-Var-Map
Server-Name
X-ES-SERVER
Ms-Operation-Id
X-From
X-Mode
X-GeoIP
X-ProxyCache-Status
X-Time-Microsecs
X-Qloud-Router
X-R9-Blue-Green-Version
X-Cache-TTL-Remaining
X-DynaTrace-JS-Agent
X-Xfnlog-Site
X-BYPASS-REASON
X-ProxyCache-Key
Cross-Origin-Window-Policy
X-Labrador-Cache-Channel
X-Server-W
X-Status
X-Human
X-LJ-Flow-ID
X-Loop
X-PCL
X-PHP-Host
X-OCL
X-TNCMS
X-VWS-Id
Mn-Server-Ip
Ec-Rule-Version
X-Drupal-Cache-Contexts
X-AWS-Id
X-Cache-Host
Cache-Tv-Group
X-Hosted-By
DB-Nickname
Uber-Trace-Id
X-FW-Version
Powered
X-Sucuri-Cache
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-Country
Webcakes-App-Name
TWC-Connection-Speed
TWC-Device-Class
Property-Id
Selected-Fe
X-NYM-Debug-Backend
X-Origin-Hint
X-Handled-By
X-Amzn-Remapped-Content-Length
Webcakes-App-Version
Webcakes-Region
X-Cluster
TWC-GeoIP-LatLong
X-Locale
X-Routing-Service
X-Zipkin-Id
X-Redis-Cache
X-Fastcgi-Cache
X-Proxy-Build
X-Proxied
X-Hl-Ver
X-Site-Version
X-FB-TRIP-ID
X-Timing-Wait
X-Detected-As
X-Debug-Cache
X-Section
X-Format
X-Be
X-Proto
X-Via-Fastly
X-Access
X-No-Session
X-Device-Type
X-Generated-By
X-Cache-PHP
X-Ratelimit-Reset
X-BCube-Filmed-By
FSS-Cache
X-ATG-Version
X-ServerID
X-Drupal-Cache-Tags
X-Time
X-CDN-Forward
X-CSRF-Token
X-Contextid
X-Correlation-Id
From-Origin
X-SaId
Webserver
Cache
X-JoinUs
X-FTR-Cache-Host
X-Esi
X-Varnish-Cache-Hits
CACHE
X-Hp-Webp
X-NC
X-URL
X-Adobe-Loc
CF-Cached-On
X-Adobe-Content
X-NCache
X-AIR-PT
X-Oss-Server-Time
X-Oss-Object-Type
OT-Force-Account-Verify
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-TIME
X-Origin
X-NWS-UUID-VERIFY
Azure-Version
X-GoCache-CacheStatus
Azure-RegionName
Azure-InstanceId
X-TT
Azure-SiteName
Azure-SlotName
X-Akamai-Transformed
X-Tt-Trace-Host
X-Tt-Trace-Tag
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-TA-CDN-Provider
X-IPS-LoggedIn
Upgrade-Insecure-Requests
X-IP
X-CCM
X-Adobe-Source
Access-Control-Request-Headers
SD-X-WS
X-Bc-Bl
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Flags
X-Providence-Cookie
X-EIG-Tracking-Id
X-Cache-Enabled
X-Route-Name
X-Cache-2
X-Backend-Host
X-APP-VERSION
X-ECache
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-ShopId
X-EC-Lua
X-Alternate-Cache-Key
X-Ruxit-Js-Agent
X-ShardId
X-Storefront-Renderer-Rendered
X-Forwarded-Host
X-Soup
X-Cache-Grace
X-ApacheServer
X-Tumblr-Pixel-3
X-Pubstack
X-Backend-TTL
X-PERF
X-Pinterest-Sli-Latency-Threshold
X-Pinterest-Sli-Endpoint-Name
X-Pinterest-Sli-Response-Type
Decoy-Debug-TTL
Fastly-SSL
Decoy-Debug-Status
Decoy-Debug-Key
X-G
X-Storage
X-Web-Node
X-Varnishpool
X-SayCDN-TTL
X-LAGOON
X-Cluster-Name
X-Say-Cacheable
X-Say-TTL
X-Viewer-Country
Cache-Status
Node
X-Cdn
X-Cache-Backend
X-Processor
X-Transaction
X-VG-WebCache
X-VG-WebServer
X-Aed
X-Trv-Group
X-Twitter-Response-Tags
X-Vdms-Path
X-Request-UUID
X-Vdms-Version
X-PBS-Appsvrname
X-B-Cookie
X-ARC
X-A-Dgt
X-A
X-A-Ccd
X-PAYTM-SRV-ID
X-A-Wwc
X-RCS-CacheZone
X-External-Request-Id
X-Application
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-A-Dcw
X-Rewrite-Enabled
Meta-Geo-Continent
X-Cache-NE
MD5-Digest
Machine
Host-ID
Xc-Version
X-Worker
Rendered-Blocks
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Connection-Hash
Mobile-Detection-Method
X-D
Fastcgi-X-Cache-Version
Apple-News-Services-Handled
Apple-News-Services-Host
X-S-Cookie
X-S
X-Rojux
X-A-Dam
Apple-News-Services-Parsed-Url
X-Destination
DCR-Processing-Time-Ms
DCR-Decision-By
X-ScT
Apple-News-Services-Request-Url
X-TX-ID
X-Cache-Config
X-UPSTREAM-Address
Platform
X-Generation-Time
X-Rebelmouse-Cache-Control
Country
X-Micro-Cache
X-Cache-Bucket
X-Rebelmouse-Surrogate-Control
Fastly-SIE
X-Fastly-Cache
X-Fmm-Version
X-Variation
Adler-Geo
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Servername
X-Envoy-Decorator-Operation
X-Vgn-Hpd-Variations-Key
X-DPWN-IS-SECURE
X-Vgn-Hpd-Cached
Is-Eu
CloudFront-Viewer-Country
X-Platform-Server
X-Varnish-Beresp-Ttl
X-VG-TLSProxy
Fastly-SWR
X-WADP-Cache
X-Clara-WADP
X-Ms-Version
X-Ms-Request-Id
X-UA
Backend
X-Hash
Gh-Request-Id
X-Gzip
X-Varnish-Cacheable
X-Varnish-CookieHashed-On
Fastly-Drupal-HTML
X-Cms-Context
X-Dispatcher-Server
CDN-PullZone
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-RequestId
X-Auto-Login
Country-Code
CDN-Uid
CDN-CachedAt
CDN-Cache
X-CUA
X-DefElseHash
Akamai-GRN
X-Core-Value
X-Date
C-Via
X-Esi-Check
X-Fastly-Backend
X-Thanos
X-Microcachable
X-Minions-Version
X-Cache-NGX
X-Clientip
X-Cache-Id
Wxu-Next-Region
X-Slack-Backend
X-Method
Rt-Fastcgi-Cache
X-Wikidot-Backend
X-Platform
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Policy
Surrogated-Key
X-OVcl
X-OVcl-Cache
X-Owner
Origin
NM-Fastcgi-Cache
X-SN
L
X-Core-Mission
X-HS-Content-Campaign-Id
X-Backend-State
X-DefHash
X-Bip
X-Request-Host
Wxu-Next-Commit
X-Webstats-RespID
X-Irp-Debug
Wxu-Next-Hostname
X-Skip-Cache
X-Varnish-Ttl
X-Accel-Expires-Debug
X-Wikidot-Static-Cache
X-Render-Time
X-Request-Start
X-NGENIX-Cache
X-Content-Age
AKAMAI
X-Req
X-Mvc-Supplant-Cachable
CacheControlHeader
X-Cache-Tags
X-Old-Content-Length
X-Level-Front-Cache
X-Li-Fabric
X-Is-Gdpr
X-Has-Esi
Time
PFcat
X-Li-Pop
X-LI-UUID
X-Reqid
L5d-Success-Class
X-VarnishDD-TTL
X-HN
X-Generated-On
X-Gamma-Serve
X-Eu-Site
X-Amz-Meta-Cb-Modifiedtime
X-Csrf-Jwt
X-JWT-State
X-Developers
X-Cache-Date
Fastly-Backend-Name
X-Up
Ha-Gx-Prefs
HA-Ipaddr
X-CGP
We-Hiring
X-Cache-URL
X-Session-Fingerprint
X-Cdn-Srv
Ufe-Result
X-Location
X-RateLimit-Remaining
Now
X-Wa
X-Page-View
UCS
X-Edge-Location
FSS-Proxy
X-Geo-Header
Memcached
Pagetype
X-CS
Mail-Subject
Group
X-Cache-Debug
X-Aicache-OS
X-Proxy-Upstream
X-Branch-Name
X-Refresh
X-B3-Spanid
X-NODE
SRV
X-LB-ID
X-PF-Uncompressing
X-DC
X-CACHE-AGE
X-GEO
X-Via-Popn
X-Via-Poph
X-Agile
X-B3-Traceid
X-Agile-Id
X-Agile-Age
X-Dc
NGX
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-BC
X-Via-CDN
Hostname
X-ZONE
X-Mvc-Supplant-OutputCached
X-Servedbyhost
HostName
X-Datadome
X-Ftr-Cache-Host
X-Ua-Device
X-LI-Proto
M-TraceId
X-SERVER
X-Sql-Duration-Ms
X-Sql-Count
X-Nginx-Cache
X-LLID
Arc-Country
X-NU-AKA-ACS-Version
X-Request-Time
X-Varnish-Hostname
X-FPC
X-Check-Cacheable
Xserver
X-SRV
Viewtype
X-Bc
X-Zone
X-VCL-Version
Cdn-Request-Time
X-SERVER-NAME
Cdn-Host
VivaBuild
X-Edge-Server
X-Cs
X-Cdn-Forward
X-Cache-Remote
X-COUNTRY
X-NGINX-Cache
X-LiteSpeed-Cache-Control
X-RunCloud-Cache
XServer
WebServer
X-CF-Powered-By
X-Via-SSL
X-Via-Edge
Edge-Copy-Time
X-Cluster-Node
X-APP
X-Action
X-Via-Ucdn
Srv
X-UnsetCookies
X-FORWARDED-FOR
X-Www-Served-By
On-Server
X-Svr
X-RSL
X-Dynatrace-Js-Agent
X-ID
X-Instart-Request-ID
GeoIp-Country-Code
X-RPS
Geoip-Latitude
X-RPM
X-CSRF-TOKEN
X-HS-Status
Memory
WWW-Authenticate
Cache-Hits
X-DB
X-DI
X-DW
X-DSS
X-S-Maxage
ServedBy
SID
X-Srv
X-Vgn-Hpd-Ssi
X-Oss-Cdn-Auth
X-Presslabs-Stats
X-Via-Popv
X-MP-GENERATED-AT
NtCoent-Length
X-Vcache
ProcessTime
T-Server
X-We-Are-Hiring
Apigw-Requestid
Processtime
X-Pass-Why
X-Geo
User-Agent
Ohc-File-Size
W
X-MSEdge-Flight
X-MSEdge-Features
Sid
Actual-Object-TTL
Server-Info
X-ORACLE-APMCS-REQUEST-ID
LB
X-Hit
GeoIP-Latitude
N-Cache
X-Erf-Stays-Bingo-Pdp-Web
X-Akamai-Request-ID2
Pics-Label
GeoIP-Country-Code
X-HOST
Geo-Info
Protected
X-Varnish-Hits
X-Unique-ID
X-Envoy-Upstream-Healthchecked-Cluster
X-VC
X-Epic-Correlation-Id
X-SB
CF-IPCountry
WZWS-RAY
X-Dynatrace
X-Tb
S-Rt
Server-Host
Magicmarker
X-HITS
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Vcl-Version
X-Pjax-Url
Amp-Access-Control-Allow-Source-Origin
X-Info
CDN
X-Uri
X-Cache-Hfrom
Accept-Language
X-Cache-Hm
Ohc-Cache-HIT
X-Webkit-CSP-Report-Only
X-Fastly-Country-Code
A
X-Acc-Rdl
Esi-Enabled
Cteonnt-Length
X-FC-Vary-Parameters
X-Fpc
Cdn
X-CACHE-KEY
X-Mobile-Rewrite
X-TT-LOGID
X-Nc
Lb
User-Cache-Control
X-Oracle-Dms-Rid
Tracecode
X-Key
X-Newrelic-App-Data
X-Newrelic-Synthetics
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-Provided-By
DSUID
Odigeo-Trace-Id
Section-Io-Id
Cache-Name
X-Via-NSCOPI
Ssr
X-Amzn-Remapped-Date
X-UA-Device-Type
X-Amzn-Remapped-Connection
Origin-Edge-Control
Origin-Cache-Control
X-Instart-Info
X-ServedByHost
X-Magnolia-Registration
Proxy-Firewall
X-Li-Proto
Lfy
X-StackifyID
X-Origin-Date
X-Dispatch
X-Cache-Tag
CDCHOST
Sever-Int
FNAC-ModuleRouting
X-SRCache-Key
X-Men
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Cc-Via
Instruction
X-Scheme
SR-User-Adfree
X-Request-URI
X-Varnish-Authentication
Locid
MIME-Version
Path
X-Varnish-Url
X-VServer
IsBot
X-User
X-Origin-Time
Server-Ext
Release
X-SVT-ORM-RULES
X-Thinkindot-L3
X-SVT-ORM-VERSION
Server-Hostname
Web-Mar-Node
X-Gen-Mode
X-Sigma
X-GeoIP-City
X-Sigma-Backend
X-Nyt-Route
X-Rocket-Build-Number
X-Gdpr
X-Goog-Meta-Goog-Reserved-File-Mtime
X-SD-PageType
X-Nginx-Cache-Key
X-Cc-Req-Id
X-Matched-Rule
X-Loc
X-Server-IP
X-Hnp-Log
X-Developer
X-Contensis-Viewer-Groups
X-API-Version
X-SIPLIST1
X-BBC-Edge-Cache-Status
X-Node-Id
V-Age
True-Client-Country-4JS
X-Origin-Expires
X-BBXSRF
X-Origin-TTL
X-Cache-Expires
X-Cache-Info
X-Cache-ASPX
X-Origin-CC
X-Response-By
X-Block-Status
Thinkindot-Control
Cache-Key
X-TH-Server
X-Via-PopN
X-B3-SpanId
X-Lb-Id
X-Via-PopH
X-Via-PopV
Powered-By
D-Cc-Upstream
X-Akamai-Pragma-Client-IP
Server-Ttl
X-Served-From
X-Geo-Region
X-Azure-Ref-OriginShield
X-Cdn-Origin
X-Device-Os
HitType
X-Swa-Ws
X-Trace-Id
X-Traceid
X-Var-Ttl
X-Sn-Servicetimems
X-Parent-Response-Time
Vix-Hermes-Req-Id
X-NodeID
X-RAMCache
X-Fetched-On
X-Generated-In
Server-ID
Cache-Host
Cache-Provider
Kp-EeAlive
Pramga
X-No-Cache
CountryCode
X-Cache-Spec
X-Generated
X-RateLimit-Limit-Second
X-ServiceProvider
X-Batcache
Fastcgi-Cache-TTL
X-RateLimit-Remaining-Second
BehaviorPad-Version
X-ElasticPress-Query
X-LiteSpeed-Tag
X-Agile-Brick-Ok
X-VC-Cache
X-WA
X-TrackingId
X-Tt-Logid
Tcn
Req-Svc-Chain
Cf-Device-Type
Source
X-Varnish-Beresp-TTL
X-Request-URL
X-RateLimit-Limit
X-HostName
X-MiniProfiler-Ids
X-Pf-Uncompressing
Cf-Alt-Svc
Dnion-Transfer-Encoding
Who
X-Yottaa-OS
X-PJAX-URL
Xet-Cookie
X-Selected-Scheme
X-Selected-Host-Header
X-Selected-Name
X-App
X-C
X-Proxy-Cachei7
X-BBC-Origin-Response-Status
Server-Id
X-TraceId
X-B3-Parentspanid
Pragrma
Inserted-Into-Cache-At
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Apw-Access-Object
X-Dw-Trace-Id
Vha6-Origin
X-Apw-Hits
X-Planisys-CDN-TTL
X-Apw-Access-Action
X-Vgn-Hpd-Reason
X-Snapshot-Date
X-Apw-Access-Token
Resin-Trace
PICS-Label
Mime-Version