Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
Age
CF-RAY
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-Served-By
X-Xss-Protection
CF-Ray
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Methods
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
P3p
X-Cacheable
X-Request-ID
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Upgrade
Content-Encoding
X-Template
X-CDN
X-Language
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Backend
X-AH-Environment
X-Buckets
X-Hacker
X-Cache-Group
X-Robots-Tag
X-Server
X-Amz-Request-Id
X-UA-Device
EagleId
X-Amz-Id-2
X-Dns-Prefetch-Control
X-Proxy-Cache
X-Turbo-Charged-By
X-Server-Powered-By
Request-Context
Host-Header
Server-Timing
X-Nginx-Cache-Status
Grace
Report-To
Xkey
X-Page-Speed
X-Rq
Cf-Bgj
X-Varnish-Cache
X-Pingback
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Cf-Railgun
Ali-Swift-Global-Savetime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Amz-Version-Id
X-Vhost
NEL
X-Host
X-Dispatcher
X-Device
X-Backend-Server
X-Node
X-Cache-Lookup
Surrogate-Control
X-Ruxit-JS-Agent
X-Origin-Cache
X-Response-Time
Content-Location
X-Akam-SW-Version
Request-Id
X-ASPNET-VERSION
X-Ac
X-Country
X-Mod-Pagespeed
X-Server-Id
Rating
EagleEye-TraceId
X-HW
Accept-CH
Accept-CH-Lifetime
X-Readtime
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Cloud-Trace-Context
Pinterest-Generated-By
X-Application-Context
X-DataDome
Edge-Control
X-Url
X-Country-Code
X-Origin-Upstream-Status
X-PC
X-Vname
X-TtlSet
X-Varnish-TTL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Content-Id
X-Cnection
Akamai-Age-Ms
X-D2id
X-GitHub-Request-Id
X-ESI
X-MS-InvokeApp
X-Clacks-Overhead
X-Content-Type
X-Server-ID
X-Server-Name
X-Abt-Application-Version
X-Navigation-Version
X-FTR-Request-ID
Allow
X-Vcap-Request-Id
X-Trace
Verso
Pinterest-Version
X-Pinterest-Rid
X-Sol
Pagespeed
X-Middleton-Display
X-Middleton-Response
Response
Display
X-Px
X-B3-TraceId
X-Cached
X-DynaTrace
X-Rack-Cache
X-Element-Page-Cache
X-Fastly-Request-ID
Service-Worker-Allowed
X-Client-IP
Accept-Ch
X-Cache-TTL
X-Version
MS-Author-Via
Arr-Disable-Session-Affinity
X-TTL
X-Powered-By-Plesk
X-Forwarded-Proto
X-Upstream
Content-MD5
X-Dw-Request-Base-Id
X-T
X-NF-Request-ID
X-Debug
AR-CACHE
AR-ATIME
Ar-Sid
AR-Request-ID
Fastly-Restarts
AR-PoweredBy
X-SharePointHealthScore
SPRequestGuid
Accept-Ch-Lifetime
X-VARITI-CCR
X-Jurisdiction
X-XRDS-Location
TP-Cache
TP-L2-Cache
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Exp-Id
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Variant
X-Content-Digest
Access-Control-Request-Method
X-Goog-Hash
X-NWS-LOG-UUID
X-Powered-CMS
X-MSEdge-Ref
X-Release
X-Edge
X-PressLabs-Stats
TCN
X-Webkit-CSP
X-Ttl
X-FastCGI-Cache
RTSS
S
Cache-Tag
SPIisLatency
SPRequestDuration
X-Amz-Rid
Fastcgi-Cache
X-Yandex-Sdch-Disable
X-Request-Received
X-Request-Processing-Time
Public-Key-Pins
X-Ezoic-Cdn
X-Node-Name
X-Accel-Expires
Server-Node
X-Mid
X-MCACHE
X-Ratelimit-Remaining
X-Pinterest-Direct
X-Cache-Key
X-Cache-Hit
X-Amzn-Trace-Id
X-Logged-In
ServerID
Front-End-Https
X-Request-Handler-Origin-Region
X-Microsite
Alternate-Protocol
X-Ser
X-CST
X-Recruiting
X-Page-Id
X-Kinsta-Cache
X-Origin-Server
X-ECACHE
X-B
X-Ratelimit-Limit
Accept-Charset
X-Mobile-URL
Host
X-Hostname
X-FireWall-Port
X-FTR-DC
X-FTR-Expires
X-FTR-Realm
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Balancer
X-FTR-Backend-Server
Nginx-Cache
X-Varnish-Age
X-Seen-By
X-SRCache-Fetch-Status
MRF-Tech
X-B3-TraceId-Primal
X-SRCache-Store-Status
Mrf-Cache-Status
X-Content-Security-Policy-Report-Only
Filterid
X-Forwarded-For
X-DIS-Request-ID
X-Daa-Tunnel
X-Load-Cache
X-Jobs
Realpath
X-Content-Options
X-Id
X-Activity-Id
X-Az
X-AppVersion
X-Shield-Request-Id
X-F-Cache
X-Request-Guid
X-Type
X-Varnish-Grace
X-Git-Hash
X-Varnish-Backend
X-N
X-App-Environment
X-LB-Cache
Edge-Cache-Tag
Paypal-Debug-Id
X-Zen-Fury
X-Rid
X-Hits
Fastcgi-Useragent
X-Correlation-ID
X-FB-Debug
X-Mg-S
X-Grace
X-App-Server
X-Proxy
DynaTrace
Cache-Tags
X-Upgrade-Enabled
Access-Control-Allow-Method
Content-Disposition
X-Content-Powered-By
DC
AMP-Access-Control-Allow-Source-Origin
X-Akamai-Edgescape
X-Cache-Operation
X-Amz-Server-Side-Encryption
X-Cache-Rule
X-WebKit-CSP-Report-Only
X-Geo-Country
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Cleartype
X-Endurance-Cache-Level
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Wix-Request-Id
X-HP-Webp
MicrosoftSharePointTeamServices
X-Cached-By
X-VCache
X-Response-Served-From
X-Accel-Buffering
X-Original-Request-Id
X-Host-Name
X-Distributor
Payment
X-Rendered-As
X-Is-Bot
X-UUID
X-AOL-HN
Refresh
X-FW-Static
X-FW-Type
X-Amz-Apigw-Id
X-FW-Server
X-Rule
X-Cacheable-TTL
X-B3-Sampled
X-B-Cache
NGB
Healthy
X-FW-Dynamic
X-Signature
X-Amzn-RequestId
X-FW-Serve
X-IPLB-Instance
X-FW-Hash
MS-CV
X-Cache-Time
X-HS-Cache-Config
Datacenter
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Content-Id
X-Ua
X-Instance
X-User-Agent
X-Hp-Webp
X-Goog-Storage-Class
X-Goog-Generation
X-Region
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Fastcgi-Cache
X-Whom
X-Tumblr-Pixel-0
X-Amz-Meta-S3cmd-Attrs
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-2
X-HTML-Minification-Powered-By
X-Debug-Info
Countrycode
X-XRDS-LOCATION
X-Mobile
X-Frontend
Powered
X-Varnish-Server
X-Cache-Age
Arc-Version
PB-RID
PB-PID
X-App-Version
X-Tec-Api-Version
X-Tec-Api-Origin
X-Oneagent-Js-Injection
X-Tec-Api-Root
X-PHP-Backend
Powered-By-ChinaCache
Surrogate-Key
S-Cnection
X-NewRelic-App-Data
X-Backend-Name
X-Respond-Thread
X-Azure-Ref
X-Via-JSL
X-Protected-By
Cache
X-Litespeed-Cache
X-DynaTrace-JS-Agent
X-Hyper-Cache
X-WA-Info
Liferay-Portal
X-FTR-Cache-Host
X-Cache-Server
X-Cache-Control
Referer-Policy
Viewport
X-Cache-Expired-At
X-Time
X-Proxy-Cache-Status
X-Acc-Debug-Context
Retry-After
X-EdgeConnect-Cache-Status
X-Source
X-RN-RSRV
Meta-Geo
X-ES-SERVER
X-Cache-Var-Map
Webserver
Filters
X-Cache-Var
Section-Io-Cache
X-CSRF-Token
X-R9-Blue-Green-Version
X-Sucuri-ID
Eomportal-Instance
X-From
X-Mode
X-FB-TRIP-ID
X-Xfnlog-Site
X-OCL
X-Time-Microsecs
X-Qloud-Router
X-Ratelimit-Reset
X-Cache-Host
X-PCL
X-ProcessESI
X-LJ-Flow-ID
X-ProxyCache-Key
Mn-Server-Ip
X-AWS-Id
Ms-Operation-Id
Ec-Rule-Version
Cache-Tv-Group
X-Loop
X-ProxyCache-Status
X-VWS-Id
Cross-Origin-Window-Policy
X-RTag
From-Origin
X-FW-Version
X-RemovedCookies
X-Server-W
X-BYPASS-REASON
X-TNCMS
X-Debug-Cache
X-Cache-Action
X-Cluster
X-Routing-Service
X-Status
X-PHP-Host
X-Environment-Context
X-Amzn-Remapped-Content-Length
DB-Nickname
X-BCube-Filmed-By
X-Real-IP
X-Origin-Hint
X-Timing-Wait
X-Detected-As
X-Handled-By
Selected-Fe
X-Proxied
X-Labrador-Cache-Channel
TWC-Privacy
X-Human
X-Proxy-Build
X-Yottaa-Metrics
Webcakes-App-Version
X-Zipkin-Id
X-L-Path
X-Locale
X-Hosted-By
TWC-Device-Class
TWC-Connection-Speed
X-Yottaa-Optimizations
TWC-GeoIP-Country
Webcakes-Region
X-NYM-Debug-Backend
TWC-Locale-Group
TWC-GeoIP-LatLong
Property-Id
Webcakes-App-Name
Charset
X-Device-Type
X-Generated-By
X-JoinUs
X-Format
X-Access
X-Amz-Replication-Status
X-Be
X-Cache-TTL-Remaining
X-Proto
X-Site-Version
X-Via-Fastly
X-ServerID
X-Section
X-SaId
Uber-Trace-Id
X-GeoIP
X-Framework
X-Hl-Ver
X-Varnish-Cache-Hits
X-Revision
X-Redis-Cache
FSS-Cache
X-NWS-UUID-VERIFY
Frame-Options
Version
X-Air-Hostname
X-ATG-Version
X-Cache-PHP
X-Drupal-Cache-Contexts
X-No-Session
X-TA-CDN-Provider
X-Origin
X-Sucuri-Cache
X-Contextid
X-NCache
X-Unique-Id
Nel
X-Drupal-Cache-Tags
GEO-INFO
CF-Cached-On
X-EC-Lua
X-IPS-LoggedIn
X-EIG-Tracking-Id
Server-Name
X-Tt-Trace-Host
X-Tt-Trace-Tag
OT-Force-Account-Verify
X-IP
X-Bc-Bl
X-CACHE-AGE
X-Cache-Enabled
X-Vgn-Hpd-Variations-Key
Time
X-Vgn-Hpd-Cached
X-Akamai-Transformed
X-GoCache-CacheStatus
Now
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Server-Time
X-Cache-Backend
X-Oss-Storage-Class
X-Ruxit-Js-Agent
X-CDN-Forward
X-Adobe-Content
X-Tumblr-Pixel-3
X-Adobe-Loc
X-Backend-Host
X-TT
X-Cdn
Azure-Version
X-URL
Azure-SlotName
X-Correlation-Id
Azure-RegionName
X-Instart-Request-ID
Azure-SiteName
Azure-InstanceId
X-TIME
X-RCS-CacheZone
Access-Control-Request-Headers
X-APP-VERSION
Node
X-AIR-PT
Machine
X-B-Cookie
X-ARC
X-Application
DCR-Processing-Time-Ms
DCR-Decision-By
X-A
SD-X-WS
Surrogated-Key
VIX-Pulpo-Node
Rendered-Blocks
Mobile-Detection-Method
MD5-Digest
Meta-Geo-Continent
VIX-Pulpo-Upstream-Status
X-A-Ccd
X-Accel-Expires-Debug
X-Adobe-Source
X-A-Wwc
X-A-Dgt
X-A-Dam
X-A-Dcw
X-Aed
X-G
Apple-News-Services-Host
Apple-News-Services-Handled
X-Transaction
X-Trv-Group
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-S
X-Cache-NE
X-ScT
X-Twitter-Response-Tags
X-Vdms-Path
X-Vtex-Remote-Cache
X-Worker
Xc-Version
X-Vtex-Processado-Em
X-VG-WebServer
X-NGENIX-Cache
X-Vdms-Version
X-VG-WebCache
X-Rojux
X-S-Cookie
X-Destination
X-External-Request-Id
X-Rewrite-Enabled
X-Generation-Time
X-Date
X-D
X-CCM
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Connection-Hash
X-Minions-Version
Fastcgi-X-Cache-Version
X-Request-UUID
X-PAYTM-SRV-ID
X-Processor
X-PBS-Appsvrname
X-UA
X-Cache-2
CloudFront-Viewer-Country
CDN-PullZone
CDN-RequestCountryCode
CDN-Uid
CDN-RequestId
Adler-Geo
CDN-EdgeStorageId
CDN-Cache
CDN-CachedAt
X-Core-Value
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-ShardId
X-Sorting-Hat-ShopId
X-Storage
X-VG-TLSProxy
X-Variation
X-Up
X-Storefront-Renderer-Rendered
X-Servername
X-Req
Is-Eu
Host-ID
Fastly-SWR
Fastly-SSL
Platform
X-Cache-Bucket
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Envoy-Decorator-Operation
X-DPWN-IS-SECURE
Fastly-SIE
X-Alternate-Cache-Key
X-Varnish-Ttl
X-NC
X-TX-ID
HostName
X-Bip
X-SN
X-Backend-TTL
X-Backend-State
X-Auto-Login
X-VHOST
X-Thanos
X-Cache-Grace
X-Clientip
X-Cms-Context
X-Clara-WADP
X-Skip-Cache
X-Cache-NGX
X-Cdn-Srv
X-ApacheServer
X-Agile-Id
X-Varnish-Beresp-Grace
Rt-Fastcgi-Cache
X-Varnish-Beresp-Status
PFcat
NM-Fastcgi-Cache
Origin
X-Soup
Ufe-Result
X-Agile
X-Agile-Age
Wxu-Next-Region
Wxu-Next-Hostname
We-Hiring
Wxu-Next-Commit
X-Core-Mission
X-CUA
X-Microcachable
X-OVcl
X-Method
X-LI-UUID
X-Li-Fabric
X-Li-Pop
X-OVcl-Cache
X-Owner
X-VarnishDD-TTL
X-Varnish-Cacheable
X-Varnishpool
X-Pubstack
X-PERF
X-Platform
X-Level-Front-Cache
X-HS-Content-Campaign-Id
X-Fastly-Backend
X-Fastly-Cache
X-Edge-Location
X-Dispatcher-Server
X-WADP-Cache
X-Varnish-Beresp-Ttl
X-Fmm-Version
X-Forwarded-Host
X-Hash
X-HN
X-Generated-On
X-Gamma-Serve
X-Viewer-Country
X-Reqid
X-Cache-Date
Decoy-Debug-Key
C-Via
L
Decoy-Debug-Status
Fastly-Backend-Name
Group
Fastly-Drupal-HTML
Cache-Status
Decoy-Debug-TTL
Country-Code
Mail-Subject
X-Content-Age
X-CGP
X-Amz-Meta-Cb-Modifiedtime
CacheControlHeader
X-Is-Gdpr
X-JWT-State
X-Wikidot-Static-Cache
X-Location
X-Eu-Site
X-Esi
X-Csrf-Jwt
X-Webstats-RespID
X-Cache-Config
X-Wikidot-Backend
X-Cache-Id
X-Cache-URL
Akamai-GRN
X-Cluster-Name
X-Cache-Tags
X-Has-Esi
X-Gzip
Backend
X-Micro-Cache
X-Developers
X-Request-Start
HA-Ipaddr
UCS
Ha-Gx-Prefs
X-Ms-Request-Id
X-Ms-Version
X-SayCDN-TTL
L5d-Success-Class
X-Say-TTL
X-Say-Cacheable
X-Web-Node
Pagetype
X-Request-Host
Memcached
AKAMAI
X-Old-Content-Length
X-Esi-Check
X-Render-Time
X-Policy
X-Proxy-Upstream
X-Slack-Backend
Gh-Request-Id
X-Cdn-Forward
X-CS
Country
M-TraceId
X-Geo-Header
X-Wa
X-PF-Uncompressing
X-Irp-Debug
X-Refresh
X-NODE
X-Dc
X-Platform-Server
X-Aicache-OS
X-Mvc-Supplant-Cachable
FSS-Proxy
X-BC
X-ZONE
X-ECache
X-Varnish-CookieHashed-On
X-LAGOON
X-Via-Popn
X-Varnish-CookieINHashed-On
Upgrade-Insecure-Requests
X-Varnish-Remaining-TTL
X-Via-Poph
X-LB-ID
Arc-Country
X-RateLimit-Remaining
X-DefHash
X-DefElseHash
Viewtype
X-B3-Spanid
VivaBuild
X-UPSTREAM-Address
X-Via-Ucdn
X-Cache-Debug
X-Ua-Device
X-LI-Proto
Actual-Object-TTL
X-Session-Fingerprint
X-RunCloud-Cache
X-Branch-Name
NGX
X-Servedbyhost
X-ORACLE-APMCS-REQUEST-ID
Srv
X-Providence-Cookie
Cdn-Host
X-Route-Name
X-Aspnet-Duration-Ms
X-Flags
X-Is-Crawler
Cdn-Request-Time
X-Edge-Server
CACHE
Geo-Info
X-Unique-ID
X-SERVER
X-Debug-Cache-Store
X-Mvc-Supplant-OutputCached
Memory
X-Debug-Cache-Fetch
X-Bc
X-Zone
X-Request-Time
X-Vgn-Hpd-Ssi
X-Srv
X-DC
X-Varnish-Hostname
X-Action
X-APP
Xserver
X-Nginx-Cache
X-GEO
WWW-Authenticate
X-RPM
X-RSL
Sid
X-RPS
X-CF-Powered-By
X-Akamai-Request-ID2
X-Cs
X-Page-View
X-LiteSpeed-Cache-Control
X-FPC
X-HS-Status
X-DB
X-DI
X-B3-Traceid
X-DSS
X-DW
X-Geo
X-Ftr-Cache-Host
X-NGINX-Cache
NtCoent-Length
X-Cluster-Node
X-Check-Cacheable
X-Oss-Cdn-Auth
X-Via-Popv
X-Epic-Correlation-Id
X-Hit
X-FC-Vary-Parameters
X-Mobile-Rewrite
X-Vcache
Hostname
X-NU-AKA-ACS-Version
X-MP-GENERATED-AT
Geoip-Latitude
GeoIp-Country-Code
Server-Info
X-Nc
ProcessTime
X-Dynatrace-Js-Agent
X-VCL-Version
X-CSRF-TOKEN
SRV
User-Agent
Apigw-Requestid
GeoIP-Latitude
XServer
X-SERVER-NAME
Processtime
GeoIP-Country-Code
X-Webkit-CSP-Report-Only
X-FORWARDED-FOR
X-Via-Edge
W
X-Via-CDN
X-UnsetCookies
X-Sql-Count
X-Sql-Duration-Ms
Edge-Copy-Time
X-Vcl-Version
X-Via-SSL
X-HOST
SID
On-Server
X-We-Are-Hiring
Esi-Enabled
Origin-Edge-Control
X-Envoy-Upstream-Healthchecked-Cluster
Accept-Language
X-Fpc
Origin-Cache-Control
X-Svr
WebServer
X-Key
X-HITS
Cdn
X-Tb
Proxy-Firewall
Amp-Access-Control-Allow-Source-Origin
X-Cache-Hfrom
X-Cache-Hm
CF-IPCountry
X-Dispatch
S-Rt
LB
X-Www-Served-By
X-SRV
X-S-Maxage
X-Fastly-Country-Code
A
T-Server
HitType
X-CACHE-KEY
X-COUNTRY
X-Pass-Why
X-Cache-Remote
Ohc-File-Size
CDN
Cteonnt-Length
N-Cache
Cache-Hits
Lb
X-Pjax-Url
X-MSEdge-Flight
ServedBy
X-Geo-Region
X-MSEdge-Features
Server-Host
X-Presslabs-Stats
X-App
Pics-Label
Magicmarker
WZWS-RAY
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
BehaviorPad-Version
X-Instart-Info
X-Generated
Powered-By
Fastcgi-Cache-TTL
X-Newrelic-App-Data
X-RAMCache
X-Li-Proto
X-Newrelic-Synthetics
X-Varnish-Hits
X-ServedByHost
X-TrackingId
X-Path-Route
X-Dynatrace
X-Datadome
X-SB
Cache-Key
X-StackifyID
X-Info
X-Akamai-Pragma-Client-IP
X-Served-From
X-VC
X-TH-Server
Xet-Cookie
X-Via-PopH
X-Via-NSCOPI
X-Via-PopN
X-Via-PopV
X-Batcache
Server-Ttl
Cache-Provider
X-LiteSpeed-Tag
X-B3-SpanId
Dnion-Transfer-Encoding
X-Lb-Id
Protected
Ohc-Cache-HIT
X-Cache-Tag
X-WA
Content-Script-Type
X-TT-LOGID
Cf-Alt-Svc
X-Uri
Content-Style-Type
X-Planisys-CDN-TTL
X-Origin-Response-Time
X-Planisys-CDN-Rules
X-Tt-Logid
User-Cache-Control
X-ID
X-Planisys-CDN-Cache
X-Agile-Brick-Ok
X-Vgn-Hpd-Reason
Tcn
Who
X-Region-Sid
X-HostName
X-RateLimit-Limit
X-Pad
X-Pf-Uncompressing
Ssr
X-Yottaa-OS
Inserted-Into-Cache-At
X-Tid
X-Selected-Host-Header
X-Selected-Name
CountryCode
X-Pinterest-Sli-Latency-Threshold
X-Pinterest-Sli-Response-Type
X-Pinterest-Sli-Endpoint-Name
X-Selected-Scheme
Tracecode
X-Varnish-Beresp-TTL
X-Snapshot-Date
X-Apw-Access-Token
X-Apw-Access-Action
X-Request-URL
X-Men
X-Apw-Access-Object
X-Apw-Hits
X-Magnolia-Registration
X-Dw-Trace-Id
X-MiniProfiler-Ids
Vha6-Origin
X-Proxy-Cachei7
Cneonction
Mime-Version
X-C
X-DevSite-Last-Modified
X-PJAX-URL
Pragrma
X-Nananana
PICS-Label