Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
CF-Ray
Alt-Svc
X-Served-By
X-Xss-Protection
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Methods
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-Cacheable
P3p
X-Request-ID
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Upgrade
Content-Encoding
X-Template
X-Language
X-CDN
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Backend
X-AH-Environment
X-Buckets
X-Hacker
X-Cache-Group
X-Robots-Tag
X-Server
X-UA-Device
X-Amz-Request-Id
EagleId
X-Amz-Id-2
X-Proxy-Cache
X-Turbo-Charged-By
X-Server-Powered-By
X-Dns-Prefetch-Control
Request-Context
Server-Timing
Host-Header
Grace
X-Nginx-Cache-Status
Xkey
Report-To
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
Cf-Bgj
X-Swift-CacheTime
X-Swift-SaveTime
X-LiteSpeed-Cache
Cf-Railgun
Ali-Swift-Global-Savetime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Amz-Version-Id
X-Vhost
NEL
X-Host
X-Dispatcher
X-Device
X-Backend-Server
X-Node
X-Ruxit-JS-Agent
Surrogate-Control
X-Cache-Lookup
X-Origin-Cache
X-Response-Time
Content-Location
X-Akam-SW-Version
Request-Id
X-Ac
X-ASPNET-VERSION
X-Country
X-Server-Id
X-Mod-Pagespeed
X-HW
EagleEye-TraceId
Rating
X-Readtime
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
Akamai-Age-Ms
X-Cloud-Trace-Context
Accept-CH
Accept-CH-Lifetime
Pinterest-Generated-By
X-Application-Context
X-DataDome
Edge-Control
X-Country-Code
X-Origin-Upstream-Status
X-TtlSet
X-PC
X-Vname
X-Varnish-TTL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Url
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Source
Fusion-Content-Source
X-Cnection
X-D2id
X-ESI
X-GitHub-Request-Id
X-MS-InvokeApp
X-Clacks-Overhead
X-Content-Type
X-Server-Name
X-Navigation-Version
X-Abt-Application-Version
X-FTR-Request-ID
Accept-Ch
Allow
X-Vcap-Request-Id
X-Pinterest-Rid
Pinterest-Version
X-Trace
Verso
Response
X-Middleton-Response
X-Middleton-Display
Pagespeed
X-Sol
Display
X-B3-TraceId
X-Px
X-Cached
X-Server-ID
X-Element-Page-Cache
X-Rack-Cache
Accept-Ch-Lifetime
X-Fastly-Request-ID
X-DynaTrace
Service-Worker-Allowed
X-Client-IP
X-TTL
X-Cache-TTL
MS-Author-Via
Arr-Disable-Session-Affinity
X-Version
X-Powered-By-Plesk
X-Upstream
X-Forwarded-Proto
X-T
Content-MD5
X-Dw-Request-Base-Id
X-NF-Request-ID
X-Debug
AR-ATIME
AR-PoweredBy
Fastly-Restarts
AR-CACHE
AR-Request-ID
Ar-Sid
SPRequestGuid
X-SharePointHealthScore
X-VARITI-CCR
X-Webkit-CSP
X-Jurisdiction
X-Kinja
X-Kinja-Revision
X-Use-Magma
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Server
TP-Cache
TP-L2-Cache
X-Content-Digest
Access-Control-Request-Method
X-XRDS-Location
X-Powered-CMS
X-Goog-Hash
X-Edge
X-Release
X-NWS-LOG-UUID
X-MSEdge-Ref
X-PressLabs-Stats
RTSS
S
Cache-Tag
SPIisLatency
TCN
Fastcgi-Cache
SPRequestDuration
X-FastCGI-Cache
X-Amz-Rid
X-Request-Received
X-Request-Processing-Time
X-Ttl
X-Yandex-Sdch-Disable
Public-Key-Pins
X-Ezoic-Cdn
X-Accel-Expires
X-MCACHE
X-Mid
X-Ratelimit-Remaining
X-Node-Name
X-Pinterest-Direct
Server-Node
X-Cache-Key
X-Logged-In
X-Cache-Hit
ServerID
X-Amzn-Trace-Id
Front-End-Https
X-Microsite
X-Request-Handler-Origin-Region
Alternate-Protocol
X-Ser
X-CST
X-Recruiting
X-ECACHE
X-Page-Id
X-Origin-Server
X-Kinsta-Cache
X-B
X-Ratelimit-Limit
Host
X-Mobile-URL
Accept-Charset
X-Hostname
X-Country-Code-Real
X-FTR-Expires
X-FTR-DC
X-FTR-Balancer
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FireWall-Port
X-FTR-Backend
Nginx-Cache
X-Forwarded-For
X-Varnish-Age
X-Seen-By
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Realpath
X-Load-Cache
X-Id
X-Content-Security-Policy-Report-Only
X-B3-TraceId-Primal
X-DIS-Request-ID
Mrf-Cache-Status
MRF-Tech
Filterid
X-Jobs
X-Content-Options
X-Shield-Request-Id
X-Activity-Id
X-Az
X-AppVersion
X-Daa-Tunnel
X-LB-Cache
X-Varnish-Backend
X-Git-Hash
X-F-Cache
Paypal-Debug-Id
X-Type
X-App-Environment
X-Request-Guid
X-N
X-Varnish-Grace
X-Rid
Edge-Cache-Tag
X-Correlation-ID
X-Zen-Fury
Fastcgi-Useragent
X-Hits
X-FB-Debug
X-Grace
X-Proxy
AMP-Access-Control-Allow-Source-Origin
X-App-Server
X-Mg-S
DynaTrace
DC
X-Content-Powered-By
Cache-Tags
Content-Disposition
Access-Control-Allow-Method
X-Cdn
X-Akamai-Edgescape
X-Litespeed-Cache
X-WebKit-CSP-Report-Only
X-Amz-Server-Side-Encryption
X-Cache-Rule
X-Upgrade-Enabled
X-Cache-Operation
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Endurance-Cache-Level
Cleartype
X-Wix-Request-Id
X-Geo-Country
X-Cached-By
X-VCache
X-TEC-API-VERSION
MicrosoftSharePointTeamServices
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Original-Request-Id
X-Response-Served-From
X-Fastcgi-Cache
X-Accel-Buffering
X-HP-Webp
X-Host-Name
X-IPLB-Instance
X-XRDS-LOCATION
X-Hp-Webp
Refresh
X-B3-Sampled
NGB
X-Rule
Healthy
MS-CV
X-AOL-HN
X-User-Agent
X-Distributor
X-FW-Server
X-FW-Serve
X-UUID
X-FW-Hash
X-FW-Static
X-Signature
X-HS-Cache-Config
X-HS-Content-Id
X-FW-Type
X-B-Cache
X-FW-Dynamic
X-HS-Hub-Id
Payment
X-HS-Combine-CSS
X-HTML-Minification-Powered-By
X-Cacheable-TTL
X-Cache-Time
Datacenter
X-Whom
X-Instance
X-Amzn-RequestId
X-Rendered-As
X-Amz-Apigw-Id
X-Is-Bot
X-Region
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Amz-Meta-S3cmd-Attrs
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Countrycode
PB-PID
PB-RID
Arc-Version
X-Mobile
X-Tec-Api-Origin
X-Tec-Api-Root
Powered
X-Tec-Api-Version
X-Debug-Info
X-Ua
X-App-Version
X-Frontend
X-Varnish-Server
X-DynaTrace-JS-Agent
X-PHP-Backend
Cache
Surrogate-Key
Powered-By-ChinaCache
X-Backend-Name
X-Oneagent-Js-Injection
X-NewRelic-App-Data
S-Cnection
X-Azure-Ref
X-Cache-Server
X-Respond-Thread
X-Via-JSL
X-Cache-Age
X-Protected-By
X-WA-Info
X-Time
X-FTR-Cache-Host
X-Hyper-Cache
Liferay-Portal
X-Cache-Control
Viewport
Referer-Policy
Webserver
X-Cache-Expired-At
X-Proxy-Cache-Status
Retry-After
X-CSRF-Token
X-Acc-Debug-Context
X-FB-TRIP-ID
X-EdgeConnect-Cache-Status
Filters
X-Cache-Var-Map
X-ES-SERVER
X-RemovedCookies
X-Cache-Var
X-Source
X-RN-RSRV
X-R9-Blue-Green-Version
X-Debug-Cache
Meta-Geo
From-Origin
X-Mode
X-ProcessESI
X-Sucuri-ID
X-Locale
X-Qloud-Router
X-URL
Eomportal-Instance
X-Device-Type
Section-Io-Cache
X-From
Mn-Server-Ip
X-Time-Microsecs
X-Site-Version
X-Via-Fastly
X-AWS-Id
X-ProxyCache-Key
X-Cache-Host
X-RTag
Ms-Operation-Id
X-VWS-Id
X-Server-W
X-BYPASS-REASON
X-ProxyCache-Status
X-LJ-Flow-ID
X-GeoIP
X-Ratelimit-Reset
Ec-Rule-Version
TWC-Connection-Speed
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-Country
Webcakes-Region
Cache-Tv-Group
Webcakes-App-Name
TWC-GeoIP-LatLong
Property-Id
Charset
Selected-Fe
Cross-Origin-Window-Policy
Webcakes-App-Version
X-Hl-Ver
X-Loop
X-Proxy-Build
X-PCL
X-TNCMS
X-OCL
X-Timing-Wait
X-Origin-Hint
X-Proxied
X-Zipkin-Id
X-Human
X-Cluster
X-Xfnlog-Site
X-Cache-Action
X-Routing-Service
X-Handled-By
TWC-Device-Class
X-Framework
X-FW-Version
DB-Nickname
X-Real-IP
X-PHP-Host
X-Proto
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-ServerID
X-Generated-By
X-Hosted-By
X-Environment-Context
X-Amzn-Remapped-Content-Length
X-BCube-Filmed-By
X-Status
X-JoinUs
X-Be
X-L-Path
X-SaId
X-NYM-Debug-Backend
X-Labrador-Cache-Channel
X-Redis-Cache
Uber-Trace-Id
X-Revision
X-Amz-Replication-Status
X-Format
X-Access
X-Cache-TTL-Remaining
X-Varnish-Cache-Hits
X-Section
X-TA-CDN-Provider
X-Detected-As
X-No-Session
Frame-Options
FSS-Cache
Version
X-Air-Hostname
X-NWS-UUID-VERIFY
X-ATG-Version
X-Drupal-Cache-Contexts
X-Cache-PHP
X-NCache
X-Sucuri-Cache
X-Origin
X-CACHE-AGE
CF-Cached-On
X-Contextid
X-EIG-Tracking-Id
Server-Name
X-Drupal-Cache-Tags
X-EC-Lua
X-IPS-LoggedIn
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Unique-Id
X-Cache-Enabled
GEO-INFO
OT-Force-Account-Verify
X-Akamai-Transformed
X-Bc-Bl
X-Vgn-Hpd-Cached
X-Instart-Request-ID
X-Cache-Backend
X-IP
X-Vgn-Hpd-Variations-Key
Now
X-GoCache-CacheStatus
X-Tumblr-Pixel-3
X-Backend-Host
X-Adobe-Content
X-Adobe-Loc
X-TT
Time
X-Oss-Request-Id
X-Oss-Server-Time
X-RCS-CacheZone
X-Oss-Storage-Class
Azure-InstanceId
X-Oss-Hash-Crc64ecma
Azure-RegionName
Azure-Version
Azure-SlotName
Azure-SiteName
X-Ruxit-Js-Agent
X-Oss-Object-Type
Access-Control-Request-Headers
X-UA
X-AIR-PT
X-NGENIX-Cache
X-Correlation-Id
HostName
X-TIME
Node
X-Vdms-Version
X-CF-Lambda-Version
X-Connection-Hash
X-CF-Lambda-Fn
X-B-Cookie
X-Cache-NE
X-CCM
Xc-Version
X-Cache-2
X-Worker
X-Vtex-Processado-Em
X-VG-WebServer
X-Generation-Time
X-VG-WebCache
X-G
X-External-Request-Id
X-Date
X-Destination
X-ARC
X-D
CloudFront-Viewer-Country
VIX-Pulpo-Node
Machine
VIX-Pulpo-Upstream-Status
Host-ID
X-A
MD5-Digest
Surrogated-Key
Rendered-Blocks
SD-X-WS
Mobile-Detection-Method
Meta-Geo-Continent
X-A-Ccd
X-A-Dam
X-Aed
DCR-Processing-Time-Ms
DCR-Decision-By
X-Vdms-Path
X-Adobe-Source
X-Accel-Expires-Debug
X-A-Dcw
X-A-Dgt
X-A-Wwc
Fastcgi-X-Cache-Version
X-Application
X-Vtex-Remote-Cache
X-PBS-Appsvrname
X-Rewrite-Enabled
X-PAYTM-SRV-ID
X-Request-UUID
X-Processor
X-Transaction
X-Twitter-Response-Tags
X-Rojux
X-Up
X-S-Cookie
X-Minions-Version
X-ScT
X-S
X-Trv-Group
X-CDN-Forward
X-APP-VERSION
X-Cdn-Forward
CDN-RequestCountryCode
CDN-Uid
CDN-RequestId
X-Alternate-Cache-Key
X-Storage
X-ApacheServer
X-Pubstack
X-Backend-TTL
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-Cache-Bucket
X-Bip
CDN-EdgeStorageId
CDN-CachedAt
CDN-Cache
X-Agile-Id
CDN-PullZone
X-TX-ID
Wxu-Next-Commit
Is-Eu
Wxu-Next-Hostname
Wxu-Next-Region
X-Reqid
We-Hiring
Mail-Subject
X-ShopId
NM-Fastcgi-Cache
X-Servername
X-Shopify-Stage
X-Req
Fastly-SWR
X-Sorting-Hat-PodId
X-Cache-Grace
X-Agile
X-Sorting-Hat-ShopId
X-Soup
X-SN
X-Skip-Cache
Fastly-SSL
Fastly-SIE
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Agile-Age
Adler-Geo
X-DPWN-IS-SECURE
X-Envoy-Decorator-Operation
X-Forwarded-Host
X-Dispatcher-Server
X-ShardId
X-Owner
X-OVcl-Cache
X-OVcl
X-Microcachable
X-Method
X-Variation
X-Varnishpool
Platform
X-Hash
X-Varnish-Beresp-Grace
X-Generated-On
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-CUA
X-Edge-Location
X-Thanos
X-PERF
X-Level-Front-Cache
X-Storefront-Renderer-Rendered
X-Platform
X-Core-Value
Ufe-Result
X-Cache-Config
X-LI-UUID
X-Viewer-Country
X-Li-Fabric
X-Li-Pop
X-Cache-Tags
X-HN
Rt-Fastcgi-Cache
X-HS-Content-Campaign-Id
X-VarnishDD-TTL
X-Cache-Date
X-Request-Start
X-Varnish-Cacheable
X-VG-TLSProxy
X-Micro-Cache
X-Clientip
X-Proxy-Upstream
X-Policy
X-Cluster-Name
X-WADP-Cache
X-Core-Mission
X-Cms-Context
X-Webstats-RespID
X-Auto-Login
X-Eu-Site
X-Gamma-Serve
X-Render-Time
X-Csrf-Jwt
X-Backend-State
X-Clara-WADP
X-Fastly-Backend
X-Fastly-Cache
X-Fmm-Version
X-CGP
X-Cdn-Srv
Fastly-Backend-Name
AKAMAI
Fastly-Drupal-HTML
Gh-Request-Id
Group
Decoy-Debug-Status
Decoy-Debug-Key
C-Via
X-Varnish-Ttl
Cache-Status
CacheControlHeader
Country-Code
Ha-Gx-Prefs
Decoy-Debug-TTL
PFcat
L5d-Success-Class
Pagetype
HA-Ipaddr
L
X-Dc
X-NC
X-JWT-State
X-Cache-NGX
X-Content-Age
X-Ms-Version
X-Location
X-Slack-Backend
X-Ms-Request-Id
X-Say-Cacheable
X-VHOST
X-Cache-URL
X-SayCDN-TTL
Origin
X-CS
X-Web-Node
X-Geo-Header
X-Gzip
X-Has-Esi
X-Irp-Debug
X-Is-Gdpr
X-Old-Content-Length
X-Esi-Check
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Developers
X-Say-TTL
Backend
X-Amz-Meta-Cb-Modifiedtime
X-Request-Host
Country
UCS
Memcached
X-Cache-Id
Akamai-GRN
X-Esi
M-TraceId
X-PF-Uncompressing
X-Refresh
X-Mvc-Supplant-Cachable
Nel
X-Aicache-OS
X-LB-ID
X-Wa
FSS-Proxy
X-NODE
X-Via-Popn
X-B3-Spanid
Arc-Country
X-Via-Poph
X-Platform-Server
X-ECache
X-ZONE
Geo-Info
X-BC
X-RateLimit-Remaining
Viewtype
VivaBuild
Srv
X-LAGOON
X-DefHash
X-DefElseHash
X-ORACLE-APMCS-REQUEST-ID
X-Varnish-CookieHashed-On
Actual-Object-TTL
Upgrade-Insecure-Requests
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
NGX
X-RunCloud-Cache
X-Branch-Name
X-Via-Ucdn
X-Unique-ID
X-UPSTREAM-Address
X-Servedbyhost
X-Cache-Debug
X-Ua-Device
X-Session-Fingerprint
X-Mvc-Supplant-OutputCached
X-LI-Proto
X-Route-Name
X-Aspnet-Duration-Ms
X-Bc
X-Zone
X-Providence-Cookie
X-Is-Crawler
X-Flags
Cdn-Host
Cdn-Request-Time
X-Edge-Server
X-Request-Time
X-SERVER
X-Debug-Cache-Fetch
X-Srv
X-Debug-Cache-Store
X-Vgn-Hpd-Ssi
Memory
Xserver
X-Varnish-Hostname
Sid
X-Nginx-Cache
X-APP
X-Action
X-NGINX-Cache
X-FPC
X-LiteSpeed-Cache-Control
X-HS-Status
X-Geo
X-Mobile-Rewrite
CACHE
X-GEO
X-RPM
X-RPS
X-RSL
X-DB
X-CF-Powered-By
X-Akamai-Request-ID2
X-Page-View
WWW-Authenticate
X-FC-Vary-Parameters
X-DSS
X-DI
X-DW
X-Ftr-Cache-Host
X-Cs
X-DC
NtCoent-Length
X-MP-GENERATED-AT
X-Epic-Correlation-Id
X-Cluster-Node
X-B3-Traceid
X-Hit
Server-Info
X-Nc
X-Check-Cacheable
Geoip-Latitude
GeoIp-Country-Code
X-Via-Popv
X-Oss-Cdn-Auth
X-Vcache
X-NU-AKA-ACS-Version
ProcessTime
Apigw-Requestid
GeoIP-Latitude
GeoIP-Country-Code
Processtime
X-Vcl-Version
X-CSRF-TOKEN
User-Agent
Hostname
X-SERVER-NAME
XServer
X-VCL-Version
X-Webkit-CSP-Report-Only
X-FORWARDED-FOR
X-Sql-Duration-Ms
X-UnsetCookies
Edge-Copy-Time
X-Fpc
X-Sql-Count
X-Dynatrace-Js-Agent
SRV
X-Via-CDN
X-Via-Edge
Origin-Cache-Control
X-Via-SSL
Origin-Edge-Control
W
X-HOST
S-Rt
X-We-Are-Hiring
Cdn
Accept-Language
X-Svr
X-Dynatrace
CF-IPCountry
X-Dispatch
On-Server
X-Key
Esi-Enabled
X-Tb
X-Envoy-Upstream-Healthchecked-Cluster
LB
SID
X-HITS
Proxy-Firewall
X-Www-Served-By
X-Cache-Hfrom
X-Cache-Hm
HitType
WebServer
N-Cache
A
T-Server
X-Pjax-Url
X-Fastly-Country-Code
Cache-Hits
X-SRV
ServedBy
CDN
X-S-Maxage
X-App
X-COUNTRY
X-CACHE-KEY
X-Pass-Why
X-Cache-Remote
X-MSEdge-Features
X-Geo-Region
Amp-Access-Control-Allow-Source-Origin
Cteonnt-Length
Ohc-File-Size
Fastcgi-Cache-TTL
BehaviorPad-Version
X-MSEdge-Flight
X-RAMCache
X-Generated
Lb
Server-Host
X-Path-Route
X-Presslabs-Stats
X-TrackingId
X-ServedByHost
Powered-By
WZWS-RAY
X-Li-Proto
X-Amzn-Remapped-Date
X-Newrelic-App-Data
Pics-Label
X-Instart-Info
Magicmarker
X-Amzn-Remapped-Connection
Tcn
Xet-Cookie
X-Varnish-Hits
X-SB
X-VC
X-Newrelic-Synthetics
X-Datadome
X-StackifyID
Server-Ttl
X-Served-From
X-TH-Server
X-Akamai-Pragma-Client-IP
Cache-Key
X-Info
X-HostName
X-Lb-Id
X-WA
Cache-Provider
X-Via-PopN
X-Origin-Response-Time
X-Via-PopV
X-Via-PopH
X-Via-NSCOPI
Ohc-Cache-HIT
X-LiteSpeed-Tag
Content-Script-Type
Dnion-Transfer-Encoding
Protected
X-B3-SpanId
Content-Style-Type
X-Batcache
X-Cache-Tag
X-Tt-Logid
X-Uri
X-Agile-Brick-Ok
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Region-Sid
X-Planisys-CDN-Cache
Cf-Alt-Svc
X-TT-LOGID
User-Cache-Control
X-Vgn-Hpd-Reason
Inserted-Into-Cache-At
X-DevSite-Last-Modified
Odigeo-Trace-Id
Who
X-RateLimit-Limit
X-Pad
X-Tid
Ssr
X-Yottaa-OS
X-Pf-Uncompressing
CountryCode
Load-Balancing
X-Selected-Scheme
X-Selected-Host-Header
Tracecode
X-Selected-Name
X-Apw-Hits
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Access-Action
X-Developer
X-MiniProfiler-Ids
X-Fastly-Cache-Hits
X-Request-URL
Source
X-Men
X-Snapshot-Date
Lfy
GEO-REGION-INFO
X-Akamai-ERPolicy
X-Dw-Trace-Id
X-Varnish-Beresp-TTL
X-C
X-Parent-Response-Time
X-SRCache-Key
X-Origin-TTL
Pragrma
X-Compress-Hint
X-Proxy-Cachei7
X-PJAX-URL
AsisCache
Cneonction
X-Nananana
Mime-Version
X-Origin-CC
PICS-Label
X-Magnolia-Registration
Vha6-Origin
X-Akamai-ERRuleID