Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
Age
CF-RAY
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-Served-By
CF-Ray
X-Xss-Protection
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Methods
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-Request-ID
P3p
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Upgrade
Content-Encoding
X-CDN
X-Template
X-Language
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-AH-Environment
X-Backend
X-Buckets
X-Hacker
X-Cache-Group
X-Robots-Tag
X-Server
X-UA-Device
X-Amz-Request-Id
EagleId
X-Amz-Id-2
X-Proxy-Cache
X-Dns-Prefetch-Control
X-Turbo-Charged-By
X-Server-Powered-By
Request-Context
Server-Timing
Host-Header
Grace
X-Nginx-Cache-Status
Xkey
Report-To
X-Page-Speed
X-Rq
Cf-Bgj
X-OneAgent-JS-Injection
X-Pingback
X-Varnish-Cache
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Ali-Swift-Global-Savetime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Amz-Version-Id
NEL
X-Vhost
X-Host
X-Dispatcher
X-Device
X-Backend-Server
X-Node
X-Cache-Lookup
Surrogate-Control
X-Ruxit-JS-Agent
X-Origin-Cache
X-Response-Time
Content-Location
X-Akam-SW-Version
Request-Id
X-ASPNET-VERSION
X-Ac
X-Country
X-Server-Id
X-Mod-Pagespeed
EagleEye-TraceId
X-HW
Rating
Accept-CH
Accept-CH-Lifetime
X-Readtime
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Cloud-Trace-Context
Pinterest-Generated-By
X-Application-Context
X-DataDome
Edge-Control
X-Url
X-Country-Code
X-Origin-Upstream-Status
X-PC
X-TtlSet
X-Vname
X-Varnish-TTL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Source
Fusion-Deployment-Id
X-Cnection
Akamai-Age-Ms
X-D2id
X-GitHub-Request-Id
X-ESI
X-MS-InvokeApp
X-Clacks-Overhead
X-Content-Type
X-Server-Name
X-Abt-Application-Version
X-FTR-Request-ID
X-Navigation-Version
Allow
Pinterest-Version
X-Pinterest-Rid
X-Vcap-Request-Id
X-Trace
Verso
X-Middleton-Response
X-Sol
X-Middleton-Display
Response
Display
Pagespeed
X-Server-ID
X-Px
X-Cached
X-DynaTrace
X-Rack-Cache
X-Element-Page-Cache
X-B3-TraceId
Service-Worker-Allowed
X-Fastly-Request-ID
X-Client-IP
Accept-Ch
X-Cache-TTL
X-TTL
MS-Author-Via
Arr-Disable-Session-Affinity
X-Powered-By-Plesk
X-Upstream
X-Version
X-Forwarded-Proto
Content-MD5
X-Dw-Request-Base-Id
X-T
X-NF-Request-ID
AR-CACHE
AR-PoweredBy
Ar-Sid
AR-ATIME
AR-Request-ID
Fastly-Restarts
SPRequestGuid
X-SharePointHealthScore
X-Debug
Accept-Ch-Lifetime
X-VARITI-CCR
X-Jurisdiction
X-XRDS-Location
X-Kinja-Build
X-Kinja
X-Cdn-Fetch
X-Use-Magma
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
X-Exp-Id
X-Exp-Variant
TP-L2-Cache
TP-Cache
X-Content-Digest
Access-Control-Request-Method
X-Powered-CMS
X-NWS-LOG-UUID
X-Goog-Hash
X-Edge
X-Release
X-MSEdge-Ref
X-PressLabs-Stats
TCN
X-Webkit-CSP
X-FastCGI-Cache
X-Ttl
S
SPRequestDuration
RTSS
SPIisLatency
Cache-Tag
X-Amz-Rid
Fastcgi-Cache
X-Request-Received
X-Request-Processing-Time
X-Yandex-Sdch-Disable
Public-Key-Pins
X-Ezoic-Cdn
X-Pinterest-Direct
X-Node-Name
X-Accel-Expires
Server-Node
X-Mid
X-MCACHE
X-Cache-Key
X-Ratelimit-Remaining
X-Cache-Hit
X-Logged-In
X-Amzn-Trace-Id
ServerID
Front-End-Https
X-CST
X-Request-Handler-Origin-Region
X-Microsite
X-Ser
Alternate-Protocol
X-Origin-Server
X-Page-Id
X-Recruiting
X-Kinsta-Cache
X-ECACHE
X-B
X-Ratelimit-Limit
Host
Accept-Charset
X-Mobile-URL
X-Hostname
X-FireWall-Port
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Expires
X-FTR-Backend
Nginx-Cache
X-Varnish-Age
X-Seen-By
X-Content-Security-Policy-Report-Only
X-Forwarded-For
MRF-Tech
Mrf-Cache-Status
X-SRCache-Store-Status
Filterid
X-SRCache-Fetch-Status
X-B3-TraceId-Primal
Realpath
X-Load-Cache
X-DIS-Request-ID
X-Daa-Tunnel
X-Content-Options
X-Jobs
X-Shield-Request-Id
X-AppVersion
X-Az
X-Id
X-Activity-Id
X-Correlation-ID
X-Git-Hash
X-Type
X-LB-Cache
X-App-Environment
X-Request-Guid
X-Varnish-Backend
X-F-Cache
Edge-Cache-Tag
X-Varnish-Grace
Paypal-Debug-Id
X-N
X-Rid
X-Zen-Fury
Fastcgi-Useragent
X-Hits
X-Proxy
X-Grace
X-Mg-S
X-FB-Debug
AMP-Access-Control-Allow-Source-Origin
X-App-Server
DC
X-Upgrade-Enabled
Cache-Tags
DynaTrace
Access-Control-Allow-Method
X-Akamai-Edgescape
Content-Disposition
X-WebKit-CSP-Report-Only
X-Content-Powered-By
X-Amz-Server-Side-Encryption
X-Cache-Rule
X-Cache-Operation
X-Geo-Country
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Cleartype
X-Endurance-Cache-Level
MicrosoftSharePointTeamServices
X-HP-Webp
X-Wix-Request-Id
X-Cached-By
X-Accel-Buffering
X-Response-Served-From
X-TEC-API-ORIGIN
X-Host-Name
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Original-Request-Id
X-VCache
X-B3-Sampled
NGB
X-IPLB-Instance
Refresh
X-HTML-Minification-Powered-By
MS-CV
X-User-Agent
X-Distributor
Healthy
X-UUID
Payment
X-Rule
X-Amz-Apigw-Id
X-FW-Dynamic
X-Is-Bot
X-Rendered-As
X-HS-Content-Id
X-Cache-Time
X-AOL-HN
X-FW-Server
X-FW-Type
X-Amzn-RequestId
X-HS-Hub-Id
X-HS-Combine-CSS
X-FW-Static
X-FW-Serve
X-HS-Cache-Config
X-FW-Hash
X-Cacheable-TTL
X-Hp-Webp
X-Whom
X-Tec-Api-Origin
X-Tec-Api-Version
X-Instance
X-Signature
X-B-Cache
X-Tec-Api-Root
X-Amz-Meta-S3cmd-Attrs
X-Tumblr-User
X-Tumblr-Pixel-0
X-Fastcgi-Cache
X-Region
X-Tumblr-Pixel-2
X-Tumblr-Pixel
X-Tumblr-Pixel-1
Countrycode
X-GUploader-UploadID
X-Mobile
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-Debug-Info
PB-RID
Datacenter
X-XRDS-LOCATION
Arc-Version
PB-PID
Powered
X-Ua
X-Cache-Age
X-Varnish-Server
X-App-Version
X-Frontend
X-Oneagent-Js-Injection
X-PHP-Backend
Powered-By-ChinaCache
Surrogate-Key
X-Backend-Name
S-Cnection
X-Respond-Thread
X-NewRelic-App-Data
X-FTR-Cache-Host
X-Azure-Ref
X-Cache-Server
X-Via-JSL
X-DynaTrace-JS-Agent
Cache
X-Litespeed-Cache
X-WA-Info
X-Protected-By
Liferay-Portal
X-Hyper-Cache
X-Cache-Control
Viewport
X-Cache-Expired-At
Referer-Policy
X-Proxy-Cache-Status
X-Acc-Debug-Context
Webserver
Retry-After
X-Time
X-EdgeConnect-Cache-Status
X-FB-TRIP-ID
X-Cache-Var
Meta-Geo
X-Debug-Cache
X-ProcessESI
X-Cache-Var-Map
X-R9-Blue-Green-Version
X-Source
X-ES-SERVER
X-Mode
X-RN-RSRV
X-RemovedCookies
X-Sucuri-ID
Filters
Section-Io-Cache
X-Device-Type
From-Origin
X-Locale
X-From
X-Qloud-Router
Ms-Operation-Id
X-RTag
X-Server-W
X-ProxyCache-Status
Mn-Server-Ip
X-Site-Version
X-Ratelimit-Reset
Eomportal-Instance
X-ProxyCache-Key
X-OCL
X-LJ-Flow-ID
X-VWS-Id
X-BYPASS-REASON
X-GeoIP
X-Cache-Host
X-PCL
X-Xfnlog-Site
X-AWS-Id
X-Via-Fastly
X-Time-Microsecs
Cache-Tv-Group
X-Cache-Action
TWC-Device-Class
Webcakes-Region
TWC-GeoIP-LatLong
X-Proxy-Build
TWC-Privacy
X-Zipkin-Id
TWC-Locale-Group
Webcakes-App-Name
TWC-GeoIP-Country
X-FW-Version
X-Real-IP
X-Human
X-Origin-Hint
X-Timing-Wait
Property-Id
X-Routing-Service
X-Hl-Ver
Selected-Fe
X-Cluster
Ec-Rule-Version
X-Framework
X-Proxied
X-Handled-By
TWC-Connection-Speed
Webcakes-App-Version
X-CSRF-Token
X-Generated-By
X-L-Path
X-Environment-Context
X-Be
X-Amzn-Remapped-Content-Length
X-BCube-Filmed-By
X-Labrador-Cache-Channel
X-Loop
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-TNCMS
X-Proto
X-PHP-Host
X-NYM-Debug-Backend
X-ServerID
Charset
DB-Nickname
X-SaId
X-Amz-Replication-Status
X-Access
Uber-Trace-Id
X-Section
X-Redis-Cache
X-JoinUs
X-Hosted-By
X-Format
X-Detected-As
X-Status
X-Revision
X-Cache-TTL-Remaining
X-Varnish-Cache-Hits
Cross-Origin-Window-Policy
FSS-Cache
X-NWS-UUID-VERIFY
X-No-Session
X-Air-Hostname
X-ATG-Version
Frame-Options
Version
X-Cache-PHP
X-Drupal-Cache-Contexts
X-Sucuri-Cache
X-TA-CDN-Provider
X-Origin
X-Contextid
X-NCache
GEO-INFO
X-Drupal-Cache-Tags
X-EIG-Tracking-Id
CF-Cached-On
X-Unique-Id
Server-Name
X-EC-Lua
X-IPS-LoggedIn
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Cache-Enabled
X-IP
X-Bc-Bl
OT-Force-Account-Verify
X-TIME
X-Akamai-Transformed
X-CACHE-AGE
X-Cache-Backend
X-GoCache-CacheStatus
Time
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Variations-Key
X-Backend-Host
Now
X-Oss-Hash-Crc64ecma
X-Tumblr-Pixel-3
X-Ruxit-Js-Agent
X-Adobe-Content
X-Adobe-Loc
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Object-Type
X-UA
X-Oss-Request-Id
X-TT
X-CDN-Forward
X-AIR-PT
Azure-InstanceId
Azure-Version
X-Cdn
X-URL
X-Instart-Request-ID
Azure-SiteName
Azure-RegionName
Azure-SlotName
Access-Control-Request-Headers
X-RCS-CacheZone
X-APP-VERSION
Node
X-Accel-Expires-Debug
X-Adobe-Source
X-A-Wwc
X-A-Dgt
X-A
X-A-Ccd
X-Date
X-A-Dam
X-A-Dcw
X-Connection-Hash
X-Cache-NE
X-CCM
SD-X-WS
X-ARC
X-B-Cookie
X-Destination
X-CF-Lambda-Fn
X-CF-Lambda-Version
Rendered-Blocks
X-Aed
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Application
X-D
Machine
X-Rojux
X-S
X-S-Cookie
X-ScT
X-Rewrite-Enabled
X-Request-UUID
Fastcgi-X-Cache-Version
DCR-Processing-Time-Ms
DCR-Decision-By
CloudFront-Viewer-Country
Apple-News-Services-Handled
Apple-News-Services-Host
X-Vdms-Path
X-Vdms-Version
X-NGENIX-Cache
X-VG-WebCache
X-Up
X-Twitter-Response-Tags
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Transaction
X-Trv-Group
X-Processor
X-Vtex-Processado-Em
X-Worker
X-Generation-Time
Host-ID
Xc-Version
X-Cache-2
X-G
X-PAYTM-SRV-ID
Meta-Geo-Continent
MD5-Digest
X-VG-WebServer
X-Vtex-Remote-Cache
Mobile-Detection-Method
X-PBS-Appsvrname
X-Minions-Version
X-External-Request-Id
Platform
CDN-EdgeStorageId
CDN-CachedAt
CDN-PullZone
CDN-RequestCountryCode
CDN-Uid
Fastly-SSL
NM-Fastcgi-Cache
Ufe-Result
Surrogated-Key
Fastly-SWR
Is-Eu
Fastly-SIE
CDN-RequestId
Mail-Subject
X-DPWN-IS-SECURE
X-Pubstack
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Req
X-Platform
X-PERF
X-OVcl
X-OVcl-Cache
X-Owner
X-Reqid
X-Servername
X-Variation
X-Varnishpool
X-VG-TLSProxy
X-Thanos
X-Storage
X-Skip-Cache
X-SN
X-Soup
X-Microcachable
X-Method
X-ApacheServer
X-Backend-TTL
X-Bip
X-Cache-Bucket
X-Agile-Age
X-Agile
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-Cache-Grace
X-Core-Value
X-Forwarded-Host
X-Generated-On
X-Level-Front-Cache
CDN-Cache
X-Envoy-Decorator-Operation
X-CUA
X-Dispatcher-Server
X-Edge-Location
We-Hiring
X-Agile-Id
X-Varnish-Ttl
Adler-Geo
X-NC
X-Correlation-Id
HostName
X-TX-ID
X-Cluster-Name
X-Fmm-Version
X-Fastly-Cache
X-Clientip
X-Csrf-Jwt
X-VHOST
X-Clara-WADP
X-Eu-Site
X-Cms-Context
X-Cache-Tags
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Alternate-Cache-Key
X-Varnish-Beresp-Ttl
X-Auto-Login
X-Backend-State
X-Cdn-Srv
X-Cache-NGX
X-Cache-Date
X-Cache-Config
X-CGP
X-HS-Content-Campaign-Id
X-Storefront-Renderer-Rendered
X-Varnish-Cacheable
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-VarnishDD-TTL
X-Viewer-Country
X-Ms-Version
X-Ms-Request-Id
X-Webstats-RespID
X-WADP-Cache
X-ShopId
X-ShardId
X-Li-Pop
X-Li-Fabric
PFcat
X-HN
X-LI-UUID
X-Micro-Cache
X-Request-Start
Cache-Status
X-Proxy-Upstream
X-Policy
X-Hash
X-Render-Time
L
HA-Ipaddr
Fastly-Backend-Name
CacheControlHeader
L5d-Success-Class
C-Via
Decoy-Debug-Status
Origin
Pagetype
AKAMAI
Gh-Request-Id
Ha-Gx-Prefs
Country-Code
Decoy-Debug-Key
Decoy-Debug-TTL
X-Gamma-Serve
X-Esi
X-Request-Host
X-Irp-Debug
X-Is-Gdpr
X-Gzip
X-Cache-Id
X-JWT-State
X-Geo-Header
X-Cache-URL
Country
X-Developers
Fastly-Drupal-HTML
X-SayCDN-TTL
Group
X-Esi-Check
Memcached
X-Say-Cacheable
X-Say-TTL
X-Fastly-Backend
X-Content-Age
X-Core-Mission
X-Has-Esi
Akamai-GRN
X-Wikidot-Backend
X-Web-Node
X-Wikidot-Static-Cache
X-Old-Content-Length
Rt-Fastcgi-Cache
UCS
X-Amz-Meta-Cb-Modifiedtime
X-Location
X-Cdn-Forward
Nel
X-Mvc-Supplant-Cachable
X-CS
FSS-Proxy
X-PF-Uncompressing
X-Slack-Backend
M-TraceId
X-Refresh
Backend
X-Wa
X-Dc
X-NODE
X-Platform-Server
X-Aicache-OS
X-ECache
X-ZONE
X-BC
X-DefHash
X-LAGOON
X-Varnish-CookieINHashed-On
X-DefElseHash
X-Varnish-CookieHashed-On
X-LB-ID
X-B3-Spanid
Arc-Country
X-Varnish-Remaining-TTL
Upgrade-Insecure-Requests
X-RateLimit-Remaining
Viewtype
X-Branch-Name
X-Via-Poph
VivaBuild
X-UPSTREAM-Address
X-B3-Traceid
X-Via-Popn
X-Cache-Debug
X-ORACLE-APMCS-REQUEST-ID
X-Session-Fingerprint
NGX
Actual-Object-TTL
X-Servedbyhost
X-Ua-Device
X-RunCloud-Cache
X-Via-Ucdn
X-LI-Proto
Srv
X-Mvc-Supplant-OutputCached
X-Aspnet-Duration-Ms
X-Providence-Cookie
Cdn-Host
Cdn-Request-Time
X-Edge-Server
X-Is-Crawler
X-Route-Name
X-Flags
CACHE
X-Unique-ID
Geo-Info
X-SERVER
X-Debug-Cache-Store
X-Debug-Cache-Fetch
Memory
X-Request-Time
X-Bc
X-Zone
X-Vgn-Hpd-Ssi
X-Srv
X-FPC
X-DC
X-APP
X-Action
X-NGINX-Cache
X-HS-Status
X-Varnish-Hostname
X-GEO
X-Nginx-Cache
X-CF-Powered-By
X-LiteSpeed-Cache-Control
Sid
X-Cs
X-RPS
X-Akamai-Request-ID2
WWW-Authenticate
X-Page-View
X-DB
X-DW
X-DI
X-RSL
X-RPM
X-DSS
Xserver
X-Geo
X-Epic-Correlation-Id
X-CSRF-TOKEN
NtCoent-Length
X-Cluster-Node
X-Check-Cacheable
X-Oss-Cdn-Auth
X-MP-GENERATED-AT
GeoIp-Country-Code
Geoip-Latitude
XServer
X-FC-Vary-Parameters
X-Vcache
X-Mobile-Rewrite
X-Hit
X-NU-AKA-ACS-Version
X-Dynatrace-Js-Agent
Hostname
X-VCL-Version
X-Ftr-Cache-Host
X-Via-Popv
Server-Info
X-Nc
User-Agent
SRV
ProcessTime
Processtime
Apigw-Requestid
GeoIP-Country-Code
X-SERVER-NAME
GeoIP-Latitude
X-FORWARDED-FOR
X-Webkit-CSP-Report-Only
X-Sql-Count
X-Vcl-Version
X-Via-CDN
X-Via-Edge
X-Via-SSL
W
Edge-Copy-Time
X-Sql-Duration-Ms
X-HOST
X-Fpc
S-Rt
Accept-Language
Esi-Enabled
X-We-Are-Hiring
X-Svr
On-Server
X-UnsetCookies
Origin-Cache-Control
X-Envoy-Upstream-Healthchecked-Cluster
X-Key
Origin-Edge-Control
SID
X-HITS
Proxy-Firewall
X-Tb
X-Dispatch
X-Www-Served-By
CF-IPCountry
X-Cache-Hm
Cdn
X-Cache-Hfrom
WebServer
LB
X-Fastly-Country-Code
N-Cache
CDN
Cache-Hits
X-SRV
Lb
X-S-Maxage
ServedBy
T-Server
A
X-COUNTRY
X-CACHE-KEY
HitType
X-MSEdge-Features
Server-Host
X-Pjax-Url
X-MSEdge-Flight
X-Cache-Remote
Cteonnt-Length
Ohc-File-Size
X-Pass-Why
X-Geo-Region
Amp-Access-Control-Allow-Source-Origin
X-Presslabs-Stats
X-App
Pics-Label
X-Amzn-Remapped-Connection
WZWS-RAY
Magicmarker
X-Amzn-Remapped-Date
X-Instart-Info
BehaviorPad-Version
X-Generated
X-RAMCache
Fastcgi-Cache-TTL
Powered-By
X-Newrelic-App-Data
X-Li-Proto
X-ServedByHost
X-Varnish-Hits
X-SB
X-VC
X-TrackingId
X-Path-Route
X-Newrelic-Synthetics
X-Dynatrace
X-Datadome
Cache-Key
X-Lb-Id
X-Info
X-Akamai-Pragma-Client-IP
Xet-Cookie
Server-Ttl
X-Served-From
X-TH-Server
X-StackifyID
X-Fastly-Request-Id
X-Via-PopN
Dnion-Transfer-Encoding
X-LiteSpeed-Tag
Ohc-Cache-HIT
X-Via-PopH
X-Via-PopV
Cache-Provider
X-Via-NSCOPI
X-Batcache
X-B3-SpanId
Protected
X-Cache-Tag
X-Tt-Logid
X-Uri
X-WA
X-TT-LOGID
X-Origin-Response-Time
X-ID
Content-Style-Type
Content-Script-Type
X-Agile-Brick-Ok
User-Cache-Control
Cf-Alt-Svc
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
Tcn
X-Vgn-Hpd-Reason
Ssr
X-Region-Sid
X-HostName
X-PJAX-URL
Who
X-Pf-Uncompressing
X-RateLimit-Limit
X-Pad
Inserted-Into-Cache-At
X-Tid
X-Yottaa-OS
X-Selected-Host-Header
Tracecode
X-Selected-Name
CountryCode
X-Selected-Scheme
DataCenter
X-Request-URL
X-Pinterest-Sli-Response-Type
X-Varnish-Beresp-TTL
X-Snapshot-Date
X-Pinterest-Sli-Latency-Threshold
X-Cache-Spec
X-Apw-Hits
Source
Lfy
X-Men
X-Pinterest-Sli-Endpoint-Name
PICS-Label
Pragrma
Mime-Version
X-DevSite-Last-Modified
X-C
X-Proxy-Cachei7
Cneonction
X-MiniProfiler-Ids
X-Dw-Trace-Id
X-Apw-Access-Action
X-Apw-Access-Object
Vha6-Origin
X-Magnolia-Registration
X-Nananana
X-Apw-Access-Token