Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
Age
CF-RAY
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-Served-By
CF-Ray
X-Xss-Protection
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Methods
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Permitted-Cross-Domain-Policies
P3p
X-Cache-Status
X-Generator
X-Request-ID
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Upgrade
Content-Encoding
X-CDN
X-Template
X-Language
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Backend
X-AH-Environment
X-Buckets
X-Hacker
X-Cache-Group
X-Robots-Tag
X-Server
X-UA-Device
X-Amz-Request-Id
EagleId
X-Amz-Id-2
X-Proxy-Cache
X-Dns-Prefetch-Control
X-Turbo-Charged-By
X-Server-Powered-By
Request-Context
Server-Timing
Host-Header
Grace
X-Nginx-Cache-Status
Report-To
Xkey
X-Page-Speed
X-Rq
Cf-Bgj
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Ali-Swift-Global-Savetime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Amz-Version-Id
X-Vhost
NEL
X-Host
X-Dispatcher
X-Device
X-Backend-Server
X-Node
X-Cache-Lookup
Surrogate-Control
X-Ruxit-JS-Agent
X-Origin-Cache
X-Response-Time
Content-Location
X-Akam-SW-Version
Request-Id
X-ASPNET-VERSION
X-Ac
X-Country
X-Server-Id
X-Mod-Pagespeed
EagleEye-TraceId
X-HW
Rating
Accept-CH
Accept-CH-Lifetime
X-Readtime
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Cloud-Trace-Context
Pinterest-Generated-By
X-Application-Context
X-DataDome
Edge-Control
X-Country-Code
X-Origin-Upstream-Status
X-TtlSet
X-PC
X-Vname
X-Url
X-Varnish-TTL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Fusion-Content-Source
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
X-Cnection
Akamai-Age-Ms
X-D2id
X-GitHub-Request-Id
X-ESI
X-MS-InvokeApp
X-Content-Type
X-Clacks-Overhead
X-Server-Name
X-Abt-Application-Version
X-Navigation-Version
X-FTR-Request-ID
Allow
Pinterest-Version
X-Pinterest-Rid
X-Vcap-Request-Id
X-Trace
Verso
X-Sol
Display
Pagespeed
X-Middleton-Display
X-Middleton-Response
Response
X-Server-ID
X-Px
X-Cached
X-DynaTrace
X-Element-Page-Cache
X-Rack-Cache
X-Fastly-Request-ID
X-B3-TraceId
Service-Worker-Allowed
Accept-Ch
X-Client-IP
X-Cache-TTL
X-TTL
MS-Author-Via
X-Version
Arr-Disable-Session-Affinity
X-Powered-By-Plesk
X-Upstream
X-Forwarded-Proto
Content-MD5
X-Dw-Request-Base-Id
X-T
X-NF-Request-ID
AR-PoweredBy
Ar-Sid
AR-ATIME
AR-CACHE
AR-Request-ID
X-SharePointHealthScore
SPRequestGuid
Fastly-Restarts
X-Debug
X-VARITI-CCR
Accept-Ch-Lifetime
X-Jurisdiction
X-XRDS-Location
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
X-Use-Magma
TP-L2-Cache
TP-Cache
X-Content-Digest
Access-Control-Request-Method
X-Powered-CMS
X-Goog-Hash
X-NWS-LOG-UUID
X-Edge
X-Release
X-MSEdge-Ref
X-PressLabs-Stats
TCN
X-Webkit-CSP
X-FastCGI-Cache
X-Ttl
S
SPIisLatency
Cache-Tag
SPRequestDuration
RTSS
X-Amz-Rid
Fastcgi-Cache
X-Request-Processing-Time
X-Request-Received
X-Yandex-Sdch-Disable
Public-Key-Pins
X-Ezoic-Cdn
X-Pinterest-Direct
X-Node-Name
X-Accel-Expires
X-Mid
Server-Node
X-MCACHE
X-Cache-Key
X-Ratelimit-Remaining
X-Logged-In
X-Cache-Hit
X-Amzn-Trace-Id
ServerID
Front-End-Https
X-Microsite
X-Request-Handler-Origin-Region
X-CST
Alternate-Protocol
X-Ser
X-Page-Id
X-Origin-Server
X-Recruiting
X-ECACHE
X-Kinsta-Cache
X-B
X-Ratelimit-Limit
Host
Accept-Charset
X-Mobile-URL
X-Hostname
X-FireWall-Port
X-FTR-Backend
X-FTR-Realm
X-FTR-Expires
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
Nginx-Cache
X-Varnish-Age
X-Forwarded-For
X-Seen-By
X-Content-Security-Policy-Report-Only
X-SRCache-Fetch-Status
X-SRCache-Store-Status
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
Filterid
X-DIS-Request-ID
X-Load-Cache
Realpath
X-Daa-Tunnel
X-Content-Options
X-Jobs
X-Shield-Request-Id
X-Activity-Id
X-Az
X-AppVersion
X-Id
X-Correlation-ID
X-F-Cache
X-Varnish-Backend
X-App-Environment
X-Git-Hash
X-Type
X-LB-Cache
X-Varnish-Grace
Paypal-Debug-Id
X-Request-Guid
Edge-Cache-Tag
X-Rid
X-N
X-Zen-Fury
Fastcgi-Useragent
X-Hits
X-FB-Debug
X-Grace
X-Mg-S
X-Proxy
X-App-Server
AMP-Access-Control-Allow-Source-Origin
DynaTrace
X-Upgrade-Enabled
Access-Control-Allow-Method
DC
Cache-Tags
X-Content-Powered-By
Content-Disposition
X-WebKit-CSP-Report-Only
X-Akamai-Edgescape
X-Amz-Server-Side-Encryption
X-Cache-Rule
X-Cache-Operation
Cleartype
X-Kong-Proxy-Latency
X-Geo-Country
X-Kong-Upstream-Latency
X-Endurance-Cache-Level
MicrosoftSharePointTeamServices
X-HP-Webp
X-Wix-Request-Id
X-Cached-By
X-VCache
X-Accel-Buffering
X-Host-Name
X-Response-Served-From
X-Original-Request-Id
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-IPLB-Instance
X-B3-Sampled
Refresh
NGB
X-Cacheable-TTL
X-Distributor
X-HTML-Minification-Powered-By
X-Is-Bot
X-Rendered-As
X-Rule
X-UUID
Healthy
Payment
X-AOL-HN
MS-CV
X-User-Agent
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-FW-Type
X-HS-Cache-Config
X-FW-Static
X-FW-Serve
X-Signature
X-Amzn-RequestId
X-B-Cache
X-FW-Server
X-Amz-Apigw-Id
X-Cache-Time
X-FW-Hash
X-FW-Dynamic
X-Tec-Api-Origin
Datacenter
X-Tec-Api-Root
X-Whom
X-Instance
X-Tec-Api-Version
X-Hp-Webp
X-Region
X-Amz-Meta-S3cmd-Attrs
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-Pixel-2
X-Tumblr-User
X-Fastcgi-Cache
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Tumblr-Pixel-1
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Generation
Countrycode
X-Debug-Info
X-Mobile
X-XRDS-LOCATION
PB-RID
PB-PID
Arc-Version
Powered
X-Frontend
X-Ua
X-Varnish-Server
X-Cache-Age
X-App-Version
Powered-By-ChinaCache
X-PHP-Backend
X-Oneagent-Js-Injection
Surrogate-Key
S-Cnection
X-Backend-Name
X-Respond-Thread
X-NewRelic-App-Data
X-FTR-Cache-Host
X-Cache-Server
X-Azure-Ref
X-Via-JSL
X-Litespeed-Cache
X-DynaTrace-JS-Agent
Cache
X-Protected-By
X-WA-Info
X-Hyper-Cache
Liferay-Portal
X-Cache-Control
Viewport
X-Cache-Expired-At
Referer-Policy
X-Proxy-Cache-Status
X-Acc-Debug-Context
Webserver
Retry-After
X-EdgeConnect-Cache-Status
X-Time
X-FB-TRIP-ID
Filters
X-ES-SERVER
X-RemovedCookies
Meta-Geo
X-Cache-Var-Map
X-Mode
X-Sucuri-ID
X-RN-RSRV
X-Source
X-Cache-Var
X-Debug-Cache
X-R9-Blue-Green-Version
X-ProcessESI
Eomportal-Instance
X-Device-Type
X-Qloud-Router
X-Locale
Section-Io-Cache
From-Origin
X-From
X-LJ-Flow-ID
X-ProxyCache-Key
X-ProxyCache-Status
X-PCL
X-Via-Fastly
X-Site-Version
Mn-Server-Ip
Ms-Operation-Id
X-GeoIP
X-AWS-Id
X-BYPASS-REASON
X-Xfnlog-Site
X-VWS-Id
X-Cache-Host
X-RTag
X-Server-W
X-OCL
X-Ratelimit-Reset
X-Time-Microsecs
TWC-Privacy
Ec-Rule-Version
X-TNCMS
Cross-Origin-Window-Policy
Charset
X-Hl-Ver
X-Handled-By
Cache-Tv-Group
X-Routing-Service
Webcakes-Region
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Connection-Speed
Webcakes-App-Name
Webcakes-App-Version
Property-Id
Selected-Fe
X-Human
X-FW-Version
X-Cache-Action
X-Real-IP
X-Proxy-Build
X-Proxied
X-Framework
X-Cluster
X-Origin-Hint
X-Timing-Wait
X-Loop
X-CSRF-Token
X-Zipkin-Id
X-Yottaa-Optimizations
X-NYM-Debug-Backend
X-Generated-By
X-SaId
X-Environment-Context
X-ServerID
X-Detected-As
DB-Nickname
X-Proto
X-Status
X-Hosted-By
X-Yottaa-Metrics
X-PHP-Host
X-JoinUs
X-L-Path
X-Be
X-BCube-Filmed-By
X-Amzn-Remapped-Content-Length
X-Labrador-Cache-Channel
X-Format
X-Cache-TTL-Remaining
X-Redis-Cache
Uber-Trace-Id
X-Revision
X-Section
X-Amz-Replication-Status
X-Access
FSS-Cache
X-Varnish-Cache-Hits
X-NWS-UUID-VERIFY
X-Air-Hostname
X-No-Session
Frame-Options
Version
X-ATG-Version
X-Cache-PHP
X-Drupal-Cache-Contexts
X-Sucuri-Cache
X-TA-CDN-Provider
X-Origin
X-URL
X-NCache
X-Contextid
GEO-INFO
X-EIG-Tracking-Id
CF-Cached-On
X-Drupal-Cache-Tags
X-Unique-Id
Server-Name
X-EC-Lua
X-IPS-LoggedIn
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-IP
OT-Force-Account-Verify
X-Cache-Enabled
X-Vgn-Hpd-Cached
X-Bc-Bl
X-Vgn-Hpd-Variations-Key
X-CACHE-AGE
X-Akamai-Transformed
X-TIME
X-GoCache-CacheStatus
X-Cache-Backend
Time
Now
X-Backend-Host
X-Tumblr-Pixel-3
X-Ruxit-Js-Agent
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Adobe-Loc
X-CDN-Forward
X-Oss-Request-Id
X-UA
X-Adobe-Content
X-Oss-Object-Type
X-TT
X-AIR-PT
X-Instart-Request-ID
X-Cdn
Azure-SlotName
Azure-Version
Azure-RegionName
Azure-SiteName
Azure-InstanceId
X-RCS-CacheZone
Access-Control-Request-Headers
Node
X-APP-VERSION
Rendered-Blocks
Mobile-Detection-Method
X-Cache-2
Meta-Geo-Continent
Machine
Apple-News-Services-Parsed-Url
DCR-Processing-Time-Ms
DCR-Decision-By
Apple-News-Services-Request-Url
Fastcgi-X-Cache-Version
Apple-News-Services-Host
CloudFront-Viewer-Country
Host-ID
Apple-News-Services-Handled
MD5-Digest
X-Aed
X-Rojux
X-S
X-S-Cookie
X-ScT
X-Rewrite-Enabled
X-Request-UUID
X-Minions-Version
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Processor
X-Transaction
X-Trv-Group
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Worker
Xc-Version
X-VG-WebServer
X-VG-WebCache
X-Twitter-Response-Tags
X-Up
X-Vdms-Path
X-Vdms-Version
X-Generation-Time
X-G
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-Accel-Expires-Debug
X-A-Dam
X-A-Ccd
Surrogated-Key
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-A
X-Adobe-Source
X-Application
X-D
X-Date
X-Destination
X-External-Request-Id
X-Connection-Hash
X-CF-Lambda-Version
X-ARC
X-B-Cookie
X-CCM
X-CF-Lambda-Fn
SD-X-WS
X-Cache-NE
X-NGENIX-Cache
X-Hash
Is-Eu
X-Generated-On
X-ApacheServer
X-Backend-TTL
Platform
X-Forwarded-Host
X-Alternate-Cache-Key
X-Level-Front-Cache
X-Method
X-Microcachable
X-OVcl
X-Agile
Adler-Geo
X-Agile-Id
X-Agile-Age
X-Envoy-Decorator-Operation
CDN-Cache
X-Core-Value
X-Bip
X-CUA
X-Cache-Bucket
Fastly-SWR
X-Cache-Grace
Fastly-SIE
Fastly-SSL
X-Dispatcher-Server
X-DPWN-IS-SECURE
CDN-PullZone
CDN-EdgeStorageId
CDN-CachedAt
CDN-RequestCountryCode
CDN-RequestId
X-Edge-Location
CDN-Uid
X-Owner
X-OVcl-Cache
X-Storage
X-Storefront-Renderer-Rendered
X-Thanos
X-Soup
X-Sorting-Hat-ShopId
X-PERF
X-NC
X-Variation
Wxu-Next-Commit
NM-Fastcgi-Cache
X-Varnish-Ttl
X-Varnish-Beresp-Ttl
Ufe-Result
X-VG-TLSProxy
We-Hiring
X-Varnishpool
X-SN
X-Sorting-Hat-PodId
Wxu-Next-Region
X-Req
X-Rebelmouse-Cache-Control
X-Pubstack
X-Platform
Mail-Subject
X-Reqid
X-Rebelmouse-Surrogate-Control
X-Shopify-Stage
Wxu-Next-Hostname
X-ShopId
X-Skip-Cache
X-ShardId
X-Servername
HostName
X-Correlation-Id
X-TX-ID
X-Cache-NGX
X-Cache-Date
X-Cache-Config
X-Auto-Login
X-Backend-State
Rt-Fastcgi-Cache
X-Fmm-Version
X-Render-Time
X-Request-Start
X-Proxy-Upstream
X-Policy
X-Li-Pop
X-LI-UUID
X-Varnish-Cacheable
X-VarnishDD-TTL
X-Ms-Request-Id
X-Ms-Version
X-Webstats-RespID
X-WADP-Cache
X-Viewer-Country
X-Li-Fabric
X-HS-Content-Campaign-Id
X-Cluster-Name
X-Cms-Context
X-Clientip
X-Clara-WADP
X-Cdn-Srv
X-CGP
X-Core-Mission
X-Csrf-Jwt
X-Gamma-Serve
X-HN
X-Fastly-Cache
X-Fastly-Backend
X-Eu-Site
X-Cache-Tags
X-Micro-Cache
Country-Code
L
Decoy-Debug-Key
AKAMAI
Decoy-Debug-Status
Fastly-Drupal-HTML
L5d-Success-Class
X-VHOST
CacheControlHeader
Cache-Status
C-Via
Decoy-Debug-TTL
HA-Ipaddr
Origin
Pagetype
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
PFcat
Fastly-Backend-Name
Gh-Request-Id
Ha-Gx-Prefs
Group
X-Cache-Id
Country
X-Cache-URL
X-Content-Age
X-Esi-Check
X-Developers
X-Geo-Header
X-SayCDN-TTL
X-Say-TTL
X-Request-Host
X-Slack-Backend
X-Web-Node
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Old-Content-Length
X-Location
X-Has-Esi
X-Gzip
X-Irp-Debug
X-Is-Gdpr
Akamai-GRN
X-JWT-State
Backend
X-Say-Cacheable
X-Amz-Meta-Cb-Modifiedtime
Memcached
UCS
X-Esi
X-CS
X-Cdn-Forward
Nel
M-TraceId
FSS-Proxy
X-PF-Uncompressing
X-Wa
X-Refresh
X-Mvc-Supplant-Cachable
X-NODE
X-Dc
X-Aicache-OS
X-Platform-Server
X-ZONE
X-ECache
X-BC
Arc-Country
Upgrade-Insecure-Requests
X-B3-Spanid
X-DefHash
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-LB-ID
X-Varnish-CookieHashed-On
X-LAGOON
X-RateLimit-Remaining
X-DefElseHash
X-Via-Poph
X-Via-Popn
Viewtype
VivaBuild
X-Branch-Name
X-UPSTREAM-Address
X-B3-Traceid
Actual-Object-TTL
X-Ua-Device
X-Via-Ucdn
X-Cache-Debug
X-RunCloud-Cache
X-LI-Proto
X-ORACLE-APMCS-REQUEST-ID
X-Session-Fingerprint
X-Servedbyhost
NGX
Srv
X-Is-Crawler
X-Flags
Cdn-Request-Time
Cdn-Host
X-Edge-Server
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Mvc-Supplant-OutputCached
X-Route-Name
CACHE
X-SERVER
X-Unique-ID
Geo-Info
X-Debug-Cache-Fetch
Memory
X-Request-Time
X-Debug-Cache-Store
X-Bc
X-Zone
X-Srv
X-Vgn-Hpd-Ssi
X-DC
X-Varnish-Hostname
X-Action
X-FPC
X-NGINX-Cache
X-APP
X-HS-Status
X-GEO
X-Nginx-Cache
Sid
X-DB
X-DW
X-Page-View
X-DI
X-CF-Powered-By
X-DSS
WWW-Authenticate
X-RPM
X-LiteSpeed-Cache-Control
X-RPS
X-Cs
X-RSL
X-Akamai-Request-ID2
X-CSRF-TOKEN
X-Geo
Xserver
X-Epic-Correlation-Id
NtCoent-Length
X-Oss-Cdn-Auth
X-Cluster-Node
X-MP-GENERATED-AT
X-Via-Popv
GeoIp-Country-Code
X-Check-Cacheable
Geoip-Latitude
X-Vcache
X-Mobile-Rewrite
X-Hit
Hostname
X-FC-Vary-Parameters
XServer
X-VCL-Version
Server-Info
ProcessTime
X-Nc
X-Ftr-Cache-Host
X-NU-AKA-ACS-Version
X-Dynatrace-Js-Agent
SRV
User-Agent
GeoIP-Country-Code
Processtime
Apigw-Requestid
GeoIP-Latitude
X-SERVER-NAME
X-Webkit-CSP-Report-Only
X-FORWARDED-FOR
X-Sql-Count
X-Via-Edge
W
X-Via-SSL
X-Vcl-Version
X-UnsetCookies
X-Via-CDN
X-Sql-Duration-Ms
Edge-Copy-Time
X-HOST
SID
X-Svr
X-Fpc
S-Rt
Esi-Enabled
X-We-Are-Hiring
Origin-Cache-Control
On-Server
Accept-Language
X-Key
Origin-Edge-Control
X-Envoy-Upstream-Healthchecked-Cluster
X-HITS
X-Cache-Hm
X-Www-Served-By
Cdn
X-Cache-Hfrom
X-Dispatch
X-Tb
CF-IPCountry
Proxy-Firewall
WebServer
LB
X-SRV
Lb
N-Cache
A
X-S-Maxage
Cache-Hits
X-Fastly-Country-Code
CDN
ServedBy
T-Server
HitType
X-CACHE-KEY
X-COUNTRY
Server-Host
X-Geo-Region
Ohc-File-Size
X-MSEdge-Flight
Cteonnt-Length
X-Pass-Why
X-Cache-Remote
X-MSEdge-Features
Amp-Access-Control-Allow-Source-Origin
X-Pjax-Url
X-App
X-Presslabs-Stats
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
WZWS-RAY
X-RAMCache
Powered-By
Pics-Label
BehaviorPad-Version
Fastcgi-Cache-TTL
Magicmarker
X-Newrelic-App-Data
X-Generated
X-Instart-Info
X-Path-Route
X-Varnish-Hits
X-TrackingId
X-ServedByHost
X-Li-Proto
X-Newrelic-Synthetics
X-SB
X-VC
X-Datadome
X-Dynatrace
X-Lb-Id
X-Akamai-Pragma-Client-IP
X-StackifyID
Server-Ttl
X-Served-From
Xet-Cookie
Cache-Key
X-Info
X-TH-Server
Cache-Provider
X-Via-PopN
X-Via-PopH
X-Via-PopV
Protected
X-B3-SpanId
X-Via-NSCOPI
X-Batcache
X-LiteSpeed-Tag
Dnion-Transfer-Encoding
Ohc-Cache-HIT
X-Cache-Tag
X-WA
Content-Script-Type
X-Uri
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Tt-Logid
X-ID
Content-Style-Type
X-Planisys-CDN-TTL
X-Origin-Response-Time
X-TT-LOGID
X-Agile-Brick-Ok
Cf-Alt-Svc
User-Cache-Control
Tcn
X-Vgn-Hpd-Reason
X-Tid
X-Yottaa-OS
Who
X-Pad
Inserted-Into-Cache-At
X-Region-Sid
X-Pf-Uncompressing
X-HostName
Ssr
X-RateLimit-Limit
X-PJAX-URL
X-Selected-Scheme
X-Selected-Host-Header
X-Selected-Name
Tracecode
CountryCode
Source
D-Cc-Upstream
Cneonction
X-DevSite-Last-Modified
Lfy
X-Cache-Spec
X-Pinterest-Sli-Latency-Threshold
X-Pinterest-Sli-Response-Type
X-Snapshot-Date
X-Pinterest-Sli-Endpoint-Name
X-Men
X-Cc-Req-Id
X-Cc-Via
X-Request-URL
X-Apw-Hits
X-MiniProfiler-Ids
X-Dw-Trace-Id
PICS-Label
Mime-Version
X-Magnolia-Registration
X-C
Vha6-Origin
X-Proxy-Cachei7
X-Apw-Access-Token
Pragrma
X-Apw-Access-Object
X-Apw-Access-Action
X-Nananana
X-Varnish-Beresp-TTL