Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
CF-Ray
X-Xss-Protection
Alt-Svc
X-Served-By
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Methods
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
P3p
X-Cacheable
X-Request-ID
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Upgrade
Content-Encoding
X-CDN
X-Template
X-Language
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Backend
X-AH-Environment
X-Buckets
X-Hacker
X-Cache-Group
X-Robots-Tag
X-Server
X-Amz-Request-Id
X-UA-Device
EagleId
X-Amz-Id-2
X-Proxy-Cache
X-Dns-Prefetch-Control
X-Turbo-Charged-By
X-Server-Powered-By
Request-Context
Host-Header
Server-Timing
X-Nginx-Cache-Status
Grace
Xkey
Report-To
X-Page-Speed
X-Rq
Cf-Bgj
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Ali-Swift-Global-Savetime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Amz-Version-Id
X-Vhost
X-Host
NEL
X-Dispatcher
X-Device
X-Backend-Server
X-Node
X-Cache-Lookup
Surrogate-Control
X-Ruxit-JS-Agent
X-Origin-Cache
X-Response-Time
Content-Location
X-Akam-SW-Version
Request-Id
X-ASPNET-VERSION
X-Ac
X-Country
X-Mod-Pagespeed
X-Server-Id
X-HW
Rating
EagleEye-TraceId
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Readtime
Accept-CH
Accept-CH-Lifetime
X-Cloud-Trace-Context
X-Application-Context
Pinterest-Generated-By
X-DataDome
Edge-Control
X-Url
X-Country-Code
X-Origin-Upstream-Status
X-TtlSet
X-PC
X-Vname
X-Varnish-TTL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Deployment-Id
Fusion-Template-Id
X-Cnection
Akamai-Age-Ms
X-D2id
X-GitHub-Request-Id
X-ESI
X-MS-InvokeApp
X-Content-Type
X-Clacks-Overhead
X-Server-Name
X-Server-ID
X-Abt-Application-Version
X-Navigation-Version
X-FTR-Request-ID
Allow
X-Vcap-Request-Id
X-Trace
Verso
X-Pinterest-Rid
Pinterest-Version
Pagespeed
X-Middleton-Display
X-Middleton-Response
Response
X-Sol
Display
X-Px
Accept-Ch
X-B3-TraceId
X-Cached
X-DynaTrace
X-Element-Page-Cache
X-Rack-Cache
X-Fastly-Request-ID
Service-Worker-Allowed
X-Client-IP
Accept-Ch-Lifetime
X-Cache-TTL
MS-Author-Via
X-TTL
X-Version
Arr-Disable-Session-Affinity
X-Powered-By-Plesk
X-Upstream
X-Forwarded-Proto
X-Dw-Request-Base-Id
Content-MD5
X-T
X-NF-Request-ID
AR-CACHE
AR-ATIME
AR-Request-ID
Ar-Sid
X-SharePointHealthScore
Fastly-Restarts
AR-PoweredBy
SPRequestGuid
X-Debug
X-VARITI-CCR
X-Jurisdiction
X-XRDS-Location
X-Exp-Variant
X-Exp-Id
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja
X-Use-Magma
X-Kinja-Revision
X-Cdn-Fetch
X-Kinja-Server
TP-Cache
TP-L2-Cache
Access-Control-Request-Method
X-Content-Digest
X-Powered-CMS
X-Goog-Hash
X-NWS-LOG-UUID
X-MSEdge-Ref
X-Edge
X-Release
X-PressLabs-Stats
X-Webkit-CSP
TCN
X-Ttl
X-FastCGI-Cache
S
RTSS
Cache-Tag
SPIisLatency
SPRequestDuration
X-Amz-Rid
Fastcgi-Cache
X-Request-Received
X-Request-Processing-Time
X-Yandex-Sdch-Disable
Public-Key-Pins
X-Ezoic-Cdn
X-Accel-Expires
X-Node-Name
Server-Node
X-Mid
X-MCACHE
X-Ratelimit-Remaining
X-Cache-Key
X-Logged-In
X-Pinterest-Direct
X-Amzn-Trace-Id
X-Cache-Hit
ServerID
Front-End-Https
X-Request-Handler-Origin-Region
X-CST
X-Microsite
Alternate-Protocol
X-Ser
X-Page-Id
X-Recruiting
X-Origin-Server
X-ECACHE
X-Kinsta-Cache
X-B
X-Ratelimit-Limit
Accept-Charset
Host
X-Mobile-URL
X-Hostname
X-FireWall-Port
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Balancer
X-FTR-Expires
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
Nginx-Cache
X-Varnish-Age
X-Seen-By
X-Content-Security-Policy-Report-Only
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Filterid
X-Forwarded-For
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Load-Cache
X-Content-Options
X-Daa-Tunnel
X-DIS-Request-ID
X-Jobs
Realpath
X-Activity-Id
X-AppVersion
X-Id
X-Az
X-Shield-Request-Id
X-App-Environment
X-LB-Cache
X-F-Cache
X-Varnish-Backend
X-Type
X-Request-Guid
X-Varnish-Grace
Edge-Cache-Tag
X-Git-Hash
X-N
X-Rid
Paypal-Debug-Id
X-Zen-Fury
X-Hits
Fastcgi-Useragent
X-Correlation-ID
X-Grace
X-FB-Debug
X-Mg-S
X-Proxy
X-App-Server
DynaTrace
Access-Control-Allow-Method
Cache-Tags
Content-Disposition
X-Upgrade-Enabled
X-Content-Powered-By
X-Akamai-Edgescape
X-WebKit-CSP-Report-Only
DC
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Amz-Server-Side-Encryption
X-Cache-Rule
X-Cache-Operation
AMP-Access-Control-Allow-Source-Origin
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Geo-Country
Cleartype
MicrosoftSharePointTeamServices
X-Endurance-Cache-Level
X-HP-Webp
X-Wix-Request-Id
X-Cached-By
X-VCache
X-Accel-Buffering
X-Response-Served-From
X-Original-Request-Id
X-Host-Name
X-IPLB-Instance
NGB
X-Rendered-As
X-HTML-Minification-Powered-By
X-User-Agent
X-UUID
X-Rule
MS-CV
Healthy
X-AOL-HN
Payment
X-Is-Bot
X-Amzn-RequestId
X-Amz-Apigw-Id
X-HS-Content-Id
X-HS-Hub-Id
X-FW-Dynamic
Refresh
X-HS-Combine-CSS
X-FW-Static
X-Cache-Time
X-B3-Sampled
X-Cacheable-TTL
X-FW-Hash
X-Distributor
X-B-Cache
X-FW-Serve
X-FW-Type
X-HS-Cache-Config
X-Signature
X-FW-Server
X-Ua
Datacenter
X-Instance
X-Hp-Webp
X-Whom
X-GUploader-UploadID
X-Tumblr-Pixel-2
X-Tumblr-User
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Amz-Meta-S3cmd-Attrs
X-Goog-Generation
X-Goog-Storage-Class
X-Tumblr-Pixel-1
X-Goog-Metageneration
X-Tumblr-Pixel
X-Fastcgi-Cache
X-Tumblr-Pixel-0
X-Region
Countrycode
X-Debug-Info
X-XRDS-LOCATION
X-Mobile
X-Varnish-Server
PB-RID
Powered
PB-PID
X-Frontend
Arc-Version
X-Cache-Age
Powered-By-ChinaCache
X-App-Version
X-Tec-Api-Root
X-Oneagent-Js-Injection
X-Tec-Api-Origin
X-Tec-Api-Version
Surrogate-Key
X-PHP-Backend
X-Backend-Name
S-Cnection
X-Respond-Thread
X-NewRelic-App-Data
X-Azure-Ref
X-Via-JSL
X-Protected-By
X-Cache-Server
Cache
X-DynaTrace-JS-Agent
X-Litespeed-Cache
X-Hyper-Cache
X-WA-Info
X-FTR-Cache-Host
Liferay-Portal
X-Cache-Control
Viewport
X-Time
Referer-Policy
X-Cache-Expired-At
X-Proxy-Cache-Status
X-Acc-Debug-Context
Retry-After
X-EdgeConnect-Cache-Status
X-FB-TRIP-ID
X-CSRF-Token
Filters
X-Cache-Var-Map
Meta-Geo
X-Source
X-ES-SERVER
X-Cache-Var
Webserver
X-RN-RSRV
X-R9-Blue-Green-Version
Section-Io-Cache
X-Mode
Eomportal-Instance
From-Origin
X-Sucuri-ID
X-Debug-Cache
X-From
X-Qloud-Router
X-Device-Type
X-Server-W
X-Xfnlog-Site
X-ProxyCache-Status
X-Cache-Host
X-Time-Microsecs
X-AWS-Id
Mn-Server-Ip
X-RTag
X-Ratelimit-Reset
X-GeoIP
X-BYPASS-REASON
X-OCL
X-PCL
X-ProxyCache-Key
X-LJ-Flow-ID
X-VWS-Id
Ms-Operation-Id
X-Cache-Action
X-ProcessESI
Cross-Origin-Window-Policy
TWC-Privacy
Selected-Fe
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Property-Id
Webcakes-App-Name
Charset
Cache-Tv-Group
Ec-Rule-Version
X-Proxy-Build
Webcakes-App-Version
Webcakes-Region
X-Real-IP
X-Loop
X-Origin-Hint
X-TNCMS
X-Human
X-Hl-Ver
X-FW-Version
X-Handled-By
TWC-Locale-Group
X-Timing-Wait
X-RemovedCookies
X-Cluster
X-Locale
X-Zipkin-Id
X-NYM-Debug-Backend
X-Labrador-Cache-Channel
X-ServerID
X-SaId
X-Be
X-Framework
X-Hosted-By
X-JoinUs
X-PHP-Host
X-L-Path
DB-Nickname
X-Environment-Context
X-BCube-Filmed-By
X-Proto
X-Yottaa-Optimizations
X-Amzn-Remapped-Content-Length
X-Yottaa-Metrics
X-Status
X-Detected-As
X-Routing-Service
X-Proxied
X-Via-Fastly
X-Generated-By
Uber-Trace-Id
X-Section
X-Format
X-Cache-TTL-Remaining
X-Amz-Replication-Status
X-Site-Version
X-Revision
X-Access
FSS-Cache
X-Redis-Cache
X-Varnish-Cache-Hits
X-NWS-UUID-VERIFY
Frame-Options
Version
X-Air-Hostname
X-No-Session
X-ATG-Version
X-Cache-PHP
X-Drupal-Cache-Contexts
X-TA-CDN-Provider
X-NCache
X-Sucuri-Cache
Nel
X-Origin
X-Contextid
GEO-INFO
CF-Cached-On
X-Unique-Id
X-Drupal-Cache-Tags
X-EIG-Tracking-Id
X-EC-Lua
X-IPS-LoggedIn
Server-Name
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Cache-Enabled
OT-Force-Account-Verify
X-IP
X-Bc-Bl
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-CACHE-AGE
X-GoCache-CacheStatus
X-Akamai-Transformed
Time
Now
X-Backend-Host
X-Cache-Backend
X-Ruxit-Js-Agent
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-CDN-Forward
X-Oss-Storage-Class
X-Tumblr-Pixel-3
X-Adobe-Loc
X-Adobe-Content
X-TT
X-AIR-PT
X-Correlation-Id
X-Cdn
Azure-RegionName
X-Instart-Request-ID
Azure-SiteName
Azure-Version
Azure-SlotName
Azure-InstanceId
X-URL
X-TIME
X-RCS-CacheZone
Access-Control-Request-Headers
Node
X-APP-VERSION
X-G
X-A
X-A-Dcw
X-PBS-Appsvrname
X-Generation-Time
X-Adobe-Source
X-A-Ccd
Surrogated-Key
X-Aed
Fastcgi-X-Cache-Version
X-External-Request-Id
X-PAYTM-SRV-ID
DCR-Decision-By
X-Connection-Hash
DCR-Processing-Time-Ms
X-Accel-Expires-Debug
VIX-Pulpo-Upstream-Status
X-A-Wwc
X-A-Dgt
X-Date
X-Vtex-Remote-Cache
X-D
X-A-Dam
VIX-Pulpo-Node
X-Cache-NE
Meta-Geo-Continent
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
Rendered-Blocks
X-B-Cookie
X-Processor
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Up
Mobile-Detection-Method
X-VG-WebCache
X-VG-WebServer
X-Vtex-Processado-Em
X-Vdms-Version
X-Vdms-Path
X-ARC
X-Application
X-NGENIX-Cache
Apple-News-Services-Handled
Apple-News-Services-Host
MD5-Digest
X-Destination
X-Request-UUID
X-Rewrite-Enabled
X-Rojux
X-CCM
X-Cache-2
SD-X-WS
X-CF-Lambda-Version
Machine
X-CF-Lambda-Fn
X-S
Xc-Version
X-ScT
X-Worker
X-S-Cookie
X-UA
CDN-Uid
X-Alternate-Cache-Key
X-Cache-Bucket
CDN-CachedAt
CDN-PullZone
CDN-Cache
X-CUA
CDN-RequestCountryCode
CDN-RequestId
X-Backend-TTL
CloudFront-Viewer-Country
Adler-Geo
X-Core-Value
X-OVcl
X-Servername
X-ShardId
X-ShopId
X-Shopify-Stage
X-Reqid
X-Req
X-Dispatcher-Server
X-Rebelmouse-Surrogate-Control
Mail-Subject
X-SN
X-Sorting-Hat-PodId
Platform
X-Varnishpool
X-VG-TLSProxy
NM-Fastcgi-Cache
X-Variation
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-Soup
X-Storage
X-Varnish-Ttl
X-Rebelmouse-Cache-Control
Fastly-SSL
Fastly-SIE
We-Hiring
Wxu-Next-Commit
Wxu-Next-Hostname
Fastly-SWR
Wxu-Next-Region
X-NC
Host-ID
X-Minions-Version
Ufe-Result
X-DPWN-IS-SECURE
X-Platform
X-Edge-Location
X-Envoy-Decorator-Operation
CDN-EdgeStorageId
X-OVcl-Cache
Is-Eu
X-Hash
HostName
X-TX-ID
PFcat
X-Agile
X-Agile-Id
Rt-Fastcgi-Cache
X-Agile-Age
X-HN
X-Microcachable
X-Owner
X-PERF
X-Policy
X-Method
X-LI-UUID
Pagetype
X-Level-Front-Cache
X-Li-Fabric
X-Li-Pop
X-Proxy-Upstream
X-Pubstack
X-Varnish-Cacheable
X-VarnishDD-TTL
X-Viewer-Country
X-WADP-Cache
X-Webstats-RespID
X-Thanos
X-Render-Time
X-Request-Start
X-Skip-Cache
X-HS-Content-Campaign-Id
X-Generated-On
X-Cache-Tags
X-Cdn-Srv
X-CGP
X-Clara-WADP
X-Cache-NGX
X-Cache-Date
X-Auto-Login
X-Backend-State
X-Bip
X-Cache-Config
X-Clientip
X-Cluster-Name
X-Fastly-Cache
X-Fmm-Version
X-Forwarded-Host
X-Gamma-Serve
X-Fastly-Backend
X-Eu-Site
X-Cms-Context
X-Core-Mission
X-Csrf-Jwt
X-ApacheServer
X-Cache-Grace
Group
Gh-Request-Id
Ha-Gx-Prefs
HA-Ipaddr
Decoy-Debug-Key
CacheControlHeader
Decoy-Debug-Status
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Fastly-Backend-Name
Fastly-Drupal-HTML
Country-Code
L
Decoy-Debug-TTL
X-VHOST
Origin
C-Via
Cache-Status
L5d-Success-Class
X-Varnish-Beresp-Ttl
Backend
AKAMAI
Akamai-GRN
X-Esi
X-Cache-Id
X-SayCDN-TTL
X-Say-TTL
X-Content-Age
X-Slack-Backend
X-Developers
X-Say-Cacheable
X-Esi-Check
X-Wikidot-Backend
X-Web-Node
X-Cache-URL
X-Request-Host
X-Wikidot-Static-Cache
X-Ms-Version
X-Ms-Request-Id
X-JWT-State
X-Is-Gdpr
Memcached
X-Old-Content-Length
X-Micro-Cache
X-Location
X-Irp-Debug
UCS
X-Amz-Meta-Cb-Modifiedtime
X-Has-Esi
X-Gzip
X-CS
X-Cdn-Forward
X-Mvc-Supplant-Cachable
FSS-Proxy
M-TraceId
X-Geo-Header
X-Refresh
Country
X-Wa
X-Dc
X-NODE
X-Platform-Server
X-PF-Uncompressing
X-LB-ID
X-Aicache-OS
X-ZONE
X-BC
X-ECache
X-RateLimit-Remaining
X-Via-Poph
X-DefHash
X-DefElseHash
X-LAGOON
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Via-Popn
Arc-Country
Upgrade-Insecure-Requests
X-B3-Spanid
Viewtype
X-Branch-Name
VivaBuild
X-UPSTREAM-Address
X-ORACLE-APMCS-REQUEST-ID
X-Ua-Device
NGX
X-LI-Proto
X-Session-Fingerprint
X-Cache-Debug
Actual-Object-TTL
X-RunCloud-Cache
X-Servedbyhost
X-Via-Ucdn
Srv
X-Aspnet-Duration-Ms
Cdn-Request-Time
CACHE
X-Mvc-Supplant-OutputCached
X-Route-Name
Cdn-Host
X-Is-Crawler
X-Providence-Cookie
X-Flags
X-Edge-Server
X-Unique-ID
X-SERVER
Geo-Info
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Request-Time
Memory
X-Zone
X-Bc
X-Vgn-Hpd-Ssi
X-Srv
X-Nginx-Cache
X-DC
X-APP
X-Action
X-HS-Status
Xserver
X-Varnish-Hostname
X-GEO
X-DSS
X-DI
X-B3-Traceid
X-Akamai-Request-ID2
WWW-Authenticate
X-CF-Powered-By
X-Ftr-Cache-Host
X-Page-View
X-LiteSpeed-Cache-Control
X-Cs
X-DB
X-DW
X-RSL
X-RPM
X-FPC
X-RPS
Sid
X-NGINX-Cache
X-Geo
X-Oss-Cdn-Auth
X-Via-Popv
X-Epic-Correlation-Id
X-MP-GENERATED-AT
X-Check-Cacheable
X-Cluster-Node
NtCoent-Length
X-Vcache
X-Hit
X-Mobile-Rewrite
X-FC-Vary-Parameters
Hostname
X-Dynatrace-Js-Agent
X-NU-AKA-ACS-Version
GeoIp-Country-Code
GeoIP-Country-Code
GeoIP-Latitude
Geoip-Latitude
ProcessTime
Server-Info
X-VCL-Version
X-Nc
SRV
User-Agent
X-CSRF-TOKEN
Apigw-Requestid
Processtime
X-SERVER-NAME
XServer
X-FORWARDED-FOR
X-Webkit-CSP-Report-Only
X-UnsetCookies
Edge-Copy-Time
X-Vcl-Version
X-Via-CDN
X-Via-Edge
W
X-Via-SSL
X-Sql-Count
X-Sql-Duration-Ms
X-HOST
WebServer
SID
X-Key
X-Envoy-Upstream-Healthchecked-Cluster
Origin-Edge-Control
On-Server
Accept-Language
X-Fpc
Origin-Cache-Control
X-Svr
Esi-Enabled
X-We-Are-Hiring
Amp-Access-Control-Allow-Source-Origin
LB
X-HITS
X-Cache-Hfrom
X-Dispatch
CF-IPCountry
S-Rt
Proxy-Firewall
Cdn
X-Fastly-Country-Code
X-Cache-Hm
X-Tb
N-Cache
A
T-Server
X-SRV
X-Www-Served-By
ServedBy
X-S-Maxage
X-COUNTRY
HitType
X-CACHE-KEY
X-Geo-Region
X-MSEdge-Flight
X-Cache-Remote
CDN
Ohc-File-Size
Cteonnt-Length
X-Pass-Why
Lb
Server-Host
Cache-Hits
X-Pjax-Url
X-MSEdge-Features
X-App
X-Presslabs-Stats
Magicmarker
Fastcgi-Cache-TTL
Pics-Label
X-Generated
WZWS-RAY
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Instart-Info
BehaviorPad-Version
X-Newrelic-App-Data
X-RAMCache
Powered-By
X-Newrelic-Synthetics
X-ServedByHost
X-Path-Route
X-TrackingId
X-Li-Proto
X-Datadome
X-Dynatrace
X-Varnish-Hits
X-SB
X-VC
X-TH-Server
X-Akamai-Pragma-Client-IP
Cache-Key
X-Served-From
X-Info
Xet-Cookie
X-StackifyID
X-Via-PopV
X-Via-PopN
X-B3-SpanId
X-Batcache
Dnion-Transfer-Encoding
Ohc-Cache-HIT
X-Via-PopH
X-Via-NSCOPI
Server-Ttl
X-Lb-Id
X-LiteSpeed-Tag
Cache-Provider
Protected
X-Cache-Tag
X-WA
Cf-Alt-Svc
X-TT-LOGID
X-Planisys-CDN-TTL
Content-Script-Type
X-ID
X-Origin-Response-Time
X-Tt-Logid
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
User-Cache-Control
Content-Style-Type
X-Uri
X-Agile-Brick-Ok
X-Vgn-Hpd-Reason
Tcn
Who
X-Varnish-Beresp-TTL
X-Region-Sid
Ssr
X-HostName
Inserted-Into-Cache-At
X-Pad
X-Tid
X-Yottaa-OS
X-Pf-Uncompressing
X-RateLimit-Limit
X-Pinterest-Sli-Response-Type
CountryCode
X-Selected-Host-Header
X-Pinterest-Sli-Latency-Threshold
X-Selected-Name
X-Pinterest-Sli-Endpoint-Name
X-Selected-Scheme
X-Cc-Via
X-Snapshot-Date
X-Men
X-Request-URL
X-Cc-Req-Id
Tracecode
Source
Lfy
X-Apw-Hits
D-Cc-Upstream
X-Cache-Spec
X-PJAX-URL
X-Nananana
X-Magnolia-Registration
X-C
Mime-Version
X-Dw-Trace-Id
X-MiniProfiler-Ids
Pragrma
Vha6-Origin
X-Apw-Access-Action
X-Apw-Access-Object
Cneonction
X-DevSite-Last-Modified
X-Proxy-Cachei7
PICS-Label
X-Apw-Access-Token