Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
Age
CF-RAY
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-Served-By
CF-Ray
X-Xss-Protection
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Methods
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
P3p
X-Cacheable
X-Request-ID
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Upgrade
Content-Encoding
X-CDN
X-Template
X-Language
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Backend
X-Buckets
X-Dns-Prefetch-Control
X-AH-Environment
X-Hacker
X-Cache-Group
X-Robots-Tag
X-Server
X-Amz-Request-Id
X-UA-Device
EagleId
X-Amz-Id-2
X-Proxy-Cache
X-Turbo-Charged-By
X-Server-Powered-By
Request-Context
Server-Timing
Host-Header
X-Nginx-Cache-Status
Grace
Xkey
Report-To
X-Page-Speed
X-Rq
Cf-Bgj
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Cf-Railgun
Ali-Swift-Global-Savetime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Amz-Version-Id
X-Vhost
X-Host
NEL
X-Dispatcher
X-Device
X-Backend-Server
X-Node
X-Cache-Lookup
Surrogate-Control
X-Ruxit-JS-Agent
X-Origin-Cache
X-Response-Time
Content-Location
X-Akam-SW-Version
Request-Id
X-ASPNET-VERSION
X-Ac
X-Country
X-Server-Id
X-Mod-Pagespeed
Rating
X-HW
EagleEye-TraceId
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Readtime
Accept-CH
Accept-CH-Lifetime
X-Cloud-Trace-Context
X-Application-Context
Pinterest-Generated-By
Edge-Control
X-Url
X-Country-Code
X-DataDome
X-Origin-Upstream-Status
X-TtlSet
X-PC
X-Vname
X-Varnish-TTL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Fusion-Content-Source
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
X-Cnection
Akamai-Age-Ms
X-D2id
X-GitHub-Request-Id
X-ESI
X-MS-InvokeApp
X-Content-Type
X-Clacks-Overhead
X-Server-Name
X-Abt-Application-Version
X-Navigation-Version
X-FTR-Request-ID
Allow
X-Vcap-Request-Id
X-Trace
Verso
Pinterest-Version
X-Pinterest-Rid
X-Server-ID
X-Sol
Pagespeed
X-Middleton-Display
Response
X-Middleton-Response
Display
X-Px
Accept-Ch
X-B3-TraceId
X-Cached
X-DynaTrace
X-Element-Page-Cache
X-Rack-Cache
X-Fastly-Request-ID
Service-Worker-Allowed
X-Client-IP
Accept-Ch-Lifetime
X-Cache-TTL
MS-Author-Via
X-Version
Arr-Disable-Session-Affinity
X-Powered-By-Plesk
X-TTL
X-Upstream
Content-MD5
X-Forwarded-Proto
X-Dw-Request-Base-Id
X-T
X-NF-Request-ID
SPRequestGuid
Fastly-Restarts
AR-PoweredBy
AR-ATIME
AR-Request-ID
X-SharePointHealthScore
AR-CACHE
Ar-Sid
X-Debug
X-VARITI-CCR
X-Jurisdiction
X-XRDS-Location
X-Kinja-Build
X-Kinja
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
TP-L2-Cache
TP-Cache
Access-Control-Request-Method
X-Content-Digest
X-Powered-CMS
X-Goog-Hash
X-NWS-LOG-UUID
X-MSEdge-Ref
X-Release
X-Edge
X-PressLabs-Stats
X-Webkit-CSP
TCN
X-Ttl
X-FastCGI-Cache
S
RTSS
Cache-Tag
SPIisLatency
SPRequestDuration
X-Amz-Rid
Fastcgi-Cache
X-Request-Received
X-Request-Processing-Time
X-Yandex-Sdch-Disable
Public-Key-Pins
X-Ezoic-Cdn
X-Accel-Expires
X-Node-Name
Server-Node
X-MCACHE
X-Mid
X-Ratelimit-Remaining
X-Cache-Key
X-Logged-In
X-Amzn-Trace-Id
X-Cache-Hit
X-Pinterest-Direct
ServerID
Front-End-Https
X-Request-Handler-Origin-Region
X-Microsite
X-CST
Alternate-Protocol
X-Ser
X-Page-Id
X-Origin-Server
X-Recruiting
X-Kinsta-Cache
X-B
X-Ratelimit-Limit
Accept-Charset
Host
X-ECACHE
X-Mobile-URL
X-Hostname
X-Country-Code-Real
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-FTR-Expires
X-FTR-Backend-Server
X-FTR-Balancer
X-FireWall-Port
Nginx-Cache
X-Varnish-Age
X-Content-Security-Policy-Report-Only
X-SRCache-Store-Status
X-Seen-By
X-SRCache-Fetch-Status
Filterid
X-B3-TraceId-Primal
X-Forwarded-For
MRF-Tech
Mrf-Cache-Status
X-Load-Cache
X-Jobs
X-DIS-Request-ID
X-Content-Options
X-Daa-Tunnel
Realpath
X-Az
X-AppVersion
X-Activity-Id
X-Shield-Request-Id
X-Id
X-App-Environment
X-F-Cache
X-Varnish-Backend
X-LB-Cache
X-Type
X-Request-Guid
Edge-Cache-Tag
X-Varnish-Grace
X-Git-Hash
X-N
X-Zen-Fury
Paypal-Debug-Id
X-Rid
X-Hits
Fastcgi-Useragent
X-Correlation-ID
X-Grace
X-FB-Debug
X-Mg-S
X-Proxy
X-App-Server
DynaTrace
Access-Control-Allow-Method
Cache-Tags
X-Upgrade-Enabled
Content-Disposition
X-Akamai-Edgescape
X-Content-Powered-By
DC
X-WebKit-CSP-Report-Only
X-Kong-Upstream-Latency
X-Cache-Rule
AMP-Access-Control-Allow-Source-Origin
X-Kong-Proxy-Latency
X-Cache-Operation
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Amz-Server-Side-Encryption
Cleartype
X-Geo-Country
X-Endurance-Cache-Level
MicrosoftSharePointTeamServices
X-Wix-Request-Id
X-HP-Webp
X-Cached-By
X-VCache
X-Response-Served-From
X-Accel-Buffering
X-Original-Request-Id
X-Host-Name
X-IPLB-Instance
NGB
X-Rule
X-HTML-Minification-Powered-By
X-UUID
MS-CV
Payment
X-Is-Bot
X-User-Agent
X-Rendered-As
X-AOL-HN
X-FW-Server
Refresh
X-FW-Serve
X-HS-Combine-CSS
X-Distributor
X-FW-Static
X-Ua
X-Cacheable-TTL
X-FW-Type
X-HS-Cache-Config
X-HS-Content-Id
X-B-Cache
X-FW-Dynamic
X-Cache-Time
X-B3-Sampled
X-Signature
Healthy
X-HS-Hub-Id
X-Amzn-RequestId
X-FW-Hash
X-Amz-Apigw-Id
X-Whom
X-Hp-Webp
X-Instance
Datacenter
X-Amz-Meta-S3cmd-Attrs
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-GUploader-UploadID
X-Fastcgi-Cache
X-Goog-Stored-Content-Encoding
X-Region
X-Goog-Stored-Content-Length
Countrycode
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Tumblr-User
X-Debug-Info
X-XRDS-LOCATION
PB-RID
X-Mobile
PB-PID
Powered
X-Frontend
Arc-Version
X-Varnish-Server
X-Cache-Age
X-App-Version
Powered-By-ChinaCache
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Oneagent-Js-Injection
Surrogate-Key
X-PHP-Backend
S-Cnection
X-Backend-Name
X-NewRelic-App-Data
X-Respond-Thread
X-Azure-Ref
X-Via-JSL
X-Cache-Server
X-Protected-By
X-Litespeed-Cache
X-DynaTrace-JS-Agent
Cache
X-Hyper-Cache
X-WA-Info
X-FTR-Cache-Host
Liferay-Portal
X-Cache-Control
X-Cache-Expired-At
Referer-Policy
Viewport
X-Time
X-Proxy-Cache-Status
X-Acc-Debug-Context
Retry-After
X-EdgeConnect-Cache-Status
X-FB-TRIP-ID
X-CSRF-Token
X-Cache-Var-Map
X-Cache-Var
X-RN-RSRV
X-R9-Blue-Green-Version
Filters
Meta-Geo
Webserver
X-Source
X-ES-SERVER
X-Qloud-Router
X-Device-Type
X-Mode
X-From
X-Debug-Cache
From-Origin
Eomportal-Instance
Section-Io-Cache
X-ProxyCache-Status
X-Ratelimit-Reset
X-ProxyCache-Key
X-LJ-Flow-ID
X-Cache-Host
X-Xfnlog-Site
X-VWS-Id
X-RTag
X-BYPASS-REASON
X-OCL
Ms-Operation-Id
Mn-Server-Ip
X-AWS-Id
X-Time-Microsecs
X-GeoIP
X-Server-W
X-PCL
Cache-Tv-Group
TWC-GeoIP-Country
X-FW-Version
X-RemovedCookies
TWC-GeoIP-LatLong
X-Origin-Hint
TWC-Device-Class
X-Sucuri-ID
Selected-Fe
TWC-Connection-Speed
Property-Id
X-Real-IP
X-Human
X-ProcessESI
X-Proxy-Build
X-Loop
X-Handled-By
X-TNCMS
X-Timing-Wait
X-Cache-Action
Ec-Rule-Version
X-Cluster
TWC-Privacy
Webcakes-App-Name
Charset
Cross-Origin-Window-Policy
Webcakes-App-Version
TWC-Locale-Group
Webcakes-Region
X-Proto
X-Zipkin-Id
X-Routing-Service
DB-Nickname
X-Be
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-ServerID
X-SaId
X-Status
X-Amzn-Remapped-Content-Length
X-Proxied
X-PHP-Host
X-BCube-Filmed-By
X-Hosted-By
X-Detected-As
X-Environment-Context
X-Framework
X-JoinUs
X-Hl-Ver
X-L-Path
X-NYM-Debug-Backend
X-Locale
X-Labrador-Cache-Channel
X-Format
X-Revision
X-Section
X-Site-Version
Uber-Trace-Id
X-Generated-By
X-Via-Fastly
X-Access
X-Cache-TTL-Remaining
X-Amz-Replication-Status
X-Redis-Cache
FSS-Cache
X-Varnish-Cache-Hits
X-NWS-UUID-VERIFY
Frame-Options
Version
X-Air-Hostname
X-Cache-PHP
X-No-Session
X-ATG-Version
X-Drupal-Cache-Contexts
X-TA-CDN-Provider
X-NCache
X-Contextid
Nel
X-Origin
GEO-INFO
X-Drupal-Cache-Tags
X-Unique-Id
CF-Cached-On
X-EIG-Tracking-Id
X-Sucuri-Cache
X-EC-Lua
X-IPS-LoggedIn
Server-Name
X-Tt-Trace-Host
X-Tt-Trace-Tag
OT-Force-Account-Verify
X-IP
X-Cache-Enabled
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Variations-Key
X-Bc-Bl
X-CACHE-AGE
Time
X-Akamai-Transformed
X-GoCache-CacheStatus
Now
X-Backend-Host
X-Cache-Backend
X-Oss-Storage-Class
X-Adobe-Loc
X-CDN-Forward
X-Ruxit-Js-Agent
X-Tumblr-Pixel-3
X-Oss-Server-Time
X-Adobe-Content
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-AIR-PT
X-TT
X-Correlation-Id
Azure-SiteName
X-URL
Azure-RegionName
X-Cdn
Azure-InstanceId
Azure-Version
X-Instart-Request-ID
X-TIME
Azure-SlotName
Access-Control-Request-Headers
X-RCS-CacheZone
Node
X-APP-VERSION
X-CF-Lambda-Version
X-Connection-Hash
X-ScT
X-G
X-Generation-Time
X-Worker
Xc-Version
X-CF-Lambda-Fn
X-Date
X-Destination
X-D
X-B-Cookie
X-A
Fastcgi-X-Cache-Version
X-A-Ccd
DCR-Processing-Time-Ms
X-A-Dam
DCR-Decision-By
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
MD5-Digest
Mobile-Detection-Method
Machine
Rendered-Blocks
Surrogated-Key
SD-X-WS
X-A-Dcw
X-A-Dgt
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
X-Vtex-Remote-Cache
X-Cache-2
X-Cache-NE
Apple-News-Services-Request-Url
X-ARC
X-Accel-Expires-Debug
X-A-Wwc
X-Adobe-Source
X-Aed
X-Application
X-CCM
X-External-Request-Id
X-S
X-Rojux
X-S-Cookie
X-Rewrite-Enabled
X-Twitter-Response-Tags
X-Processor
X-Up
X-VG-WebServer
X-Vdms-Version
X-Vdms-Path
X-VG-WebCache
X-Request-UUID
X-PBS-Appsvrname
Meta-Geo-Continent
X-PAYTM-SRV-ID
X-Vtex-Processado-Em
X-Trv-Group
X-Transaction
X-NGENIX-Cache
X-UA
CDN-Cache
X-Rebelmouse-Cache-Control
CDN-PullZone
CDN-RequestCountryCode
X-Shopify-Stage
We-Hiring
Wxu-Next-Commit
Wxu-Next-Hostname
X-Reqid
Wxu-Next-Region
CDN-CachedAt
X-Storage
X-Req
X-Cache-Bucket
X-Backend-TTL
Adler-Geo
CloudFront-Viewer-Country
CDN-Uid
X-Varnish-Ttl
X-Rebelmouse-Surrogate-Control
X-Variation
X-Alternate-Cache-Key
CDN-RequestId
X-Storefront-Renderer-Rendered
X-Soup
Fastly-SSL
X-NC
Host-ID
X-OVcl-Cache
X-Sorting-Hat-ShopId
X-ShardId
X-Platform
X-OVcl
Is-Eu
X-Minions-Version
Mail-Subject
X-Servername
X-SN
X-Hash
Platform
NM-Fastcgi-Cache
Ufe-Result
Fastly-SWR
X-VG-TLSProxy
CDN-EdgeStorageId
X-Core-Value
X-ShopId
Fastly-SIE
X-Sorting-Hat-PodId
X-CUA
X-Edge-Location
X-Envoy-Decorator-Operation
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-TX-ID
HostName
X-Skip-Cache
Rt-Fastcgi-Cache
X-Request-Start
X-Thanos
X-Render-Time
Pagetype
Origin
X-Cache-Grace
X-Fastly-Backend
X-Fastly-Cache
X-Owner
X-Fmm-Version
X-Viewer-Country
X-Eu-Site
X-Core-Mission
X-Csrf-Jwt
X-PERF
X-Forwarded-Host
X-Generated-On
X-Li-Pop
X-HS-Content-Campaign-Id
X-Level-Front-Cache
X-LI-UUID
X-Method
X-Webstats-RespID
X-WADP-Cache
X-Microcachable
X-Cms-Context
X-Cluster-Name
X-Backend-State
X-Bip
X-Cache-Config
X-Auto-Login
X-Proxy-Upstream
X-Agile-Age
X-ApacheServer
X-Pubstack
X-Li-Fabric
X-Cache-NGX
X-CGP
X-Clara-WADP
X-Clientip
X-Policy
X-Varnishpool
X-Cache-Tags
X-Varnish-Cacheable
X-Cdn-Srv
X-Agile
X-Agile-Id
CacheControlHeader
Decoy-Debug-TTL
Fastly-Backend-Name
Fastly-Drupal-HTML
Cache-Status
Decoy-Debug-Status
Decoy-Debug-Key
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
Country-Code
Gh-Request-Id
C-Via
Ha-Gx-Prefs
L
L5d-Success-Class
X-VHOST
HA-Ipaddr
Group
X-ECache
X-Cache-URL
X-Ms-Version
X-Cache-Id
X-Cache-Date
X-Gamma-Serve
X-Ms-Request-Id
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Content-Age
X-Esi-Check
X-Developers
X-Has-Esi
X-Slack-Backend
X-Esi
X-Request-Host
X-SayCDN-TTL
X-Say-Cacheable
X-Say-TTL
X-Old-Content-Length
X-Micro-Cache
X-HN
AKAMAI
X-Irp-Debug
X-Is-Gdpr
X-VarnishDD-TTL
X-JWT-State
X-Gzip
X-Web-Node
Akamai-GRN
Backend
UCS
PFcat
Memcached
X-Amz-Meta-Cb-Modifiedtime
X-CS
X-Cdn-Forward
X-Wa
FSS-Proxy
X-Mvc-Supplant-Cachable
M-TraceId
X-Refresh
X-Location
X-Geo-Header
Country
X-NODE
X-Dc
X-PF-Uncompressing
X-Platform-Server
X-LB-ID
X-Aicache-OS
X-ZONE
X-BC
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-Via-Poph
X-Via-Popn
X-DefElseHash
X-DefHash
Upgrade-Insecure-Requests
X-LAGOON
X-RateLimit-Remaining
Arc-Country
X-UPSTREAM-Address
X-Branch-Name
X-B3-Spanid
VivaBuild
Viewtype
X-Ah-Environment
X-ORACLE-APMCS-REQUEST-ID
X-LI-Proto
X-Servedbyhost
Actual-Object-TTL
X-Cache-Debug
X-Via-Ucdn
X-Ua-Device
NGX
X-Session-Fingerprint
X-RunCloud-Cache
Srv
Cdn-Request-Time
Cdn-Host
X-Aspnet-Duration-Ms
CACHE
X-Mvc-Supplant-OutputCached
X-Flags
X-Providence-Cookie
X-Edge-Server
X-Route-Name
X-Is-Crawler
X-Unique-ID
X-SERVER
Geo-Info
X-Debug-Cache-Store
Memory
X-Debug-Cache-Fetch
X-Request-Time
X-Zone
X-Bc
X-Srv
X-Nginx-Cache
X-Vgn-Hpd-Ssi
X-DC
X-APP
X-Action
Xserver
X-HS-Status
X-GEO
X-Varnish-Hostname
X-DW
X-CF-Powered-By
X-B3-Traceid
X-DSS
X-RPM
X-Ftr-Cache-Host
X-Page-View
X-DB
X-Akamai-Request-ID2
X-FPC
X-RPS
X-RSL
X-LiteSpeed-Cache-Control
Sid
X-DI
X-Cs
WWW-Authenticate
X-NGINX-Cache
X-Geo
X-Oss-Cdn-Auth
X-Via-Popv
X-Cluster-Node
NtCoent-Length
X-MP-GENERATED-AT
X-Check-Cacheable
X-Epic-Correlation-Id
X-FC-Vary-Parameters
X-Vcache
X-Mobile-Rewrite
Hostname
X-Hit
Geoip-Latitude
X-VCL-Version
GeoIP-Latitude
X-Dynatrace-Js-Agent
ProcessTime
Server-Info
GeoIP-Country-Code
GeoIp-Country-Code
X-NU-AKA-ACS-Version
X-Nc
SRV
X-CSRF-TOKEN
User-Agent
Apigw-Requestid
X-SERVER-NAME
XServer
Processtime
X-FORWARDED-FOR
X-Webkit-CSP-Report-Only
X-Vcl-Version
X-Sql-Duration-Ms
X-Via-SSL
X-Via-Edge
X-Via-CDN
Edge-Copy-Time
X-UnsetCookies
W
X-Sql-Count
X-HOST
SID
WebServer
X-Datadome
Esi-Enabled
On-Server
X-We-Are-Hiring
X-Envoy-Upstream-Healthchecked-Cluster
Accept-Language
Origin-Cache-Control
X-Svr
X-Key
Origin-Edge-Control
X-Fpc
Amp-Access-Control-Allow-Source-Origin
LB
X-HITS
X-Cache-Hfrom
X-Cache-Hm
S-Rt
CF-IPCountry
Cdn
Proxy-Firewall
X-Fastly-Country-Code
X-Tb
X-Dispatch
N-Cache
X-SRV
T-Server
X-Www-Served-By
A
ServedBy
X-S-Maxage
X-COUNTRY
HitType
X-CACHE-KEY
X-Cache-Remote
Server-Host
Cteonnt-Length
X-Pjax-Url
CDN
Cache-Hits
X-MSEdge-Flight
Lb
Ohc-File-Size
X-MSEdge-Features
X-Geo-Region
X-Pass-Why
X-Presslabs-Stats
X-App
X-Newrelic-App-Data
WZWS-RAY
Fastcgi-Cache-TTL
X-RAMCache
Pics-Label
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Generated
Powered-By
X-Instart-Info
BehaviorPad-Version
X-Newrelic-Synthetics
X-TrackingId
X-Li-Proto
X-Path-Route
X-ServedByHost
Magicmarker
X-Varnish-Hits
X-Dynatrace
X-TH-Server
X-Akamai-Pragma-Client-IP
Cache-Key
Xet-Cookie
X-Info
X-VC
X-Served-From
X-SB
X-StackifyID
X-Via-NSCOPI
X-Via-PopH
X-Via-PopV
X-B3-SpanId
X-Via-PopN
Server-Ttl
X-LiteSpeed-Tag
Ohc-Cache-HIT
X-Batcache
Protected
Dnion-Transfer-Encoding
X-Lb-Id
Cache-Provider
X-Cache-Tag
X-TT-LOGID
X-WA
X-Tt-Logid
X-Uri
Content-Script-Type
Content-Style-Type
Cf-Alt-Svc
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Origin-Response-Time
User-Cache-Control
X-ID
X-Agile-Brick-Ok
Tcn
X-Vgn-Hpd-Reason
X-Tid
X-Pad
Who
X-Yottaa-OS
X-RateLimit-Limit
Inserted-Into-Cache-At
X-Pf-Uncompressing
Ssr
X-HostName
X-Region-Sid
X-Varnish-Beresp-TTL
CountryCode
X-Selected-Name
X-Selected-Host-Header
X-Selected-Scheme
X-Pinterest-Sli-Latency-Threshold
X-Pinterest-Sli-Response-Type
X-Pinterest-Sli-Endpoint-Name
Lfy
Source
D-Cc-Upstream
X-Request-URL
Mime-Version
X-Magnolia-Registration
X-Cache-Spec
X-Men
X-Snapshot-Date
X-Cc-Via
X-Cc-Req-Id
X-MiniProfiler-Ids
Tracecode
X-Apw-Access-Token
Pragrma
X-DevSite-Last-Modified
PICS-Label
X-PJAX-URL
X-C
X-Proxy-Cachei7
Cneonction
X-Nananana
X-Apw-Hits
X-Apw-Access-Object
X-Apw-Access-Action
Vha6-Origin
X-Dw-Trace-Id