Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
Age
CF-RAY
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-Served-By
CF-Ray
X-Xss-Protection
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Methods
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Permitted-Cross-Domain-Policies
P3p
X-Cache-Status
X-Generator
X-Request-ID
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Upgrade
Content-Encoding
X-CDN
X-Template
X-Language
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Ws-Request-Id
X-Age
Feature-Policy
X-Backend
X-AH-Environment
X-Buckets
X-Hacker
X-Cache-Group
X-Robots-Tag
X-Server
X-UA-Device
X-Amz-Request-Id
EagleId
X-Amz-Id-2
X-Proxy-Cache
X-Dns-Prefetch-Control
X-Turbo-Charged-By
X-Server-Powered-By
Request-Context
Server-Timing
Host-Header
Grace
X-Nginx-Cache-Status
Report-To
Xkey
X-Page-Speed
X-Rq
Cf-Bgj
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Cf-Railgun
Ali-Swift-Global-Savetime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Amz-Version-Id
X-Vhost
NEL
X-Host
X-Dispatcher
X-Device
X-Backend-Server
X-Node
X-Cache-Lookup
Surrogate-Control
X-Ruxit-JS-Agent
X-Origin-Cache
X-Response-Time
Content-Location
X-Akam-SW-Version
Request-Id
X-ASPNET-VERSION
X-Ac
X-Country
X-Server-Id
X-Mod-Pagespeed
EagleEye-TraceId
X-HW
Rating
Accept-CH
Accept-CH-Lifetime
X-Readtime
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Cloud-Trace-Context
Pinterest-Generated-By
X-Application-Context
X-DataDome
Edge-Control
X-Country-Code
X-Origin-Upstream-Status
X-TtlSet
X-Vname
X-PC
X-Url
X-Varnish-TTL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Deployment-Id
X-Cnection
Akamai-Age-Ms
X-D2id
X-GitHub-Request-Id
X-ESI
X-MS-InvokeApp
X-Clacks-Overhead
X-Content-Type
X-Server-Name
X-Abt-Application-Version
X-FTR-Request-ID
X-Navigation-Version
Allow
Pinterest-Version
X-Pinterest-Rid
X-Vcap-Request-Id
X-Trace
Verso
X-Sol
X-Middleton-Response
Display
Pagespeed
X-Middleton-Display
Response
X-Server-ID
X-Px
X-Cached
X-DynaTrace
X-Element-Page-Cache
X-Rack-Cache
X-B3-TraceId
X-Fastly-Request-ID
Service-Worker-Allowed
Accept-Ch
X-Client-IP
X-Cache-TTL
X-TTL
MS-Author-Via
Arr-Disable-Session-Affinity
X-Version
X-Powered-By-Plesk
X-Upstream
X-Forwarded-Proto
X-Dw-Request-Base-Id
Content-MD5
X-T
X-NF-Request-ID
AR-CACHE
AR-PoweredBy
Ar-Sid
AR-Request-ID
AR-ATIME
SPRequestGuid
X-Debug
Fastly-Restarts
X-SharePointHealthScore
X-VARITI-CCR
Accept-Ch-Lifetime
X-XRDS-Location
X-Jurisdiction
X-Kinja-Build
X-Kinja
X-Kinja-Revision
X-Use-Magma
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Kinja-Server
X-Cdn-Fetch
TP-Cache
TP-L2-Cache
Access-Control-Request-Method
X-Content-Digest
X-Powered-CMS
X-Goog-Hash
X-NWS-LOG-UUID
X-Edge
X-MSEdge-Ref
X-Release
X-PressLabs-Stats
TCN
X-Webkit-CSP
X-FastCGI-Cache
X-Ttl
S
Cache-Tag
RTSS
SPIisLatency
SPRequestDuration
X-Amz-Rid
Fastcgi-Cache
X-Request-Received
X-Request-Processing-Time
X-Yandex-Sdch-Disable
Public-Key-Pins
X-Ezoic-Cdn
X-Pinterest-Direct
X-Accel-Expires
X-Node-Name
Server-Node
X-Mid
X-MCACHE
X-Cache-Key
X-Ratelimit-Remaining
X-Cache-Hit
X-Logged-In
X-Amzn-Trace-Id
ServerID
Front-End-Https
X-Microsite
X-CST
X-Request-Handler-Origin-Region
Alternate-Protocol
X-Ser
X-Page-Id
X-Origin-Server
X-Recruiting
X-ECACHE
X-Kinsta-Cache
X-B
X-Ratelimit-Limit
Host
Accept-Charset
X-Mobile-URL
X-Hostname
X-FireWall-Port
X-FTR-Backend
X-FTR-Realm
X-FTR-Expires
X-Country-Code-Real
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Balancer
Nginx-Cache
X-Varnish-Age
X-Forwarded-For
X-SRCache-Fetch-Status
X-Content-Security-Policy-Report-Only
X-Seen-By
X-SRCache-Store-Status
X-B3-TraceId-Primal
Filterid
MRF-Tech
Mrf-Cache-Status
Realpath
X-Load-Cache
X-DIS-Request-ID
X-Daa-Tunnel
X-Jobs
X-Content-Options
X-Shield-Request-Id
X-Az
X-AppVersion
X-Id
X-Activity-Id
X-Correlation-ID
X-Varnish-Backend
X-App-Environment
X-F-Cache
X-LB-Cache
X-Git-Hash
X-Type
Paypal-Debug-Id
X-Request-Guid
X-Varnish-Grace
Edge-Cache-Tag
X-Rid
X-N
X-Zen-Fury
Fastcgi-Useragent
X-Hits
X-FB-Debug
X-Grace
X-Proxy
X-Mg-S
X-App-Server
AMP-Access-Control-Allow-Source-Origin
DC
Cache-Tags
Access-Control-Allow-Method
DynaTrace
X-Upgrade-Enabled
X-Content-Powered-By
X-WebKit-CSP-Report-Only
X-Akamai-Edgescape
Content-Disposition
X-Amz-Server-Side-Encryption
X-Cache-Operation
X-Cache-Rule
Cleartype
X-Geo-Country
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Endurance-Cache-Level
MicrosoftSharePointTeamServices
X-HP-Webp
X-Wix-Request-Id
X-Cached-By
X-VCache
X-TEC-API-ROOT
X-Host-Name
X-TEC-API-VERSION
X-Original-Request-Id
X-Accel-Buffering
X-TEC-API-ORIGIN
X-Response-Served-From
Refresh
X-IPLB-Instance
X-B3-Sampled
NGB
X-UUID
X-User-Agent
X-HTML-Minification-Powered-By
MS-CV
Healthy
X-Distributor
X-Rendered-As
X-AOL-HN
X-Cacheable-TTL
X-Rule
X-Is-Bot
Payment
X-Amz-Apigw-Id
X-FW-Dynamic
X-HS-Combine-CSS
X-Amzn-RequestId
X-FW-Type
X-FW-Hash
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-Signature
X-B-Cache
X-FW-Static
X-FW-Server
X-Cache-Time
X-FW-Serve
X-Instance
X-Hp-Webp
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Region
X-Amz-Meta-S3cmd-Attrs
Datacenter
X-Tumblr-Pixel-1
X-Goog-Generation
X-Tumblr-Pixel-0
X-Tumblr-Pixel-2
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Tumblr-User
X-Tumblr-Pixel
X-Fastcgi-Cache
X-Whom
Countrycode
X-Debug-Info
X-Mobile
PB-PID
Arc-Version
X-XRDS-LOCATION
PB-RID
X-Varnish-Server
Powered
X-Frontend
X-Ua
X-App-Version
X-Cache-Age
X-PHP-Backend
X-Oneagent-Js-Injection
Powered-By-ChinaCache
S-Cnection
X-Backend-Name
Surrogate-Key
X-Respond-Thread
X-NewRelic-App-Data
X-FTR-Cache-Host
X-Azure-Ref
X-Cache-Server
X-Via-JSL
X-Protected-By
Cache
X-Litespeed-Cache
X-DynaTrace-JS-Agent
X-Hyper-Cache
X-WA-Info
Liferay-Portal
X-Cache-Control
Viewport
X-Cache-Expired-At
Referer-Policy
Webserver
X-Proxy-Cache-Status
X-Acc-Debug-Context
Retry-After
X-EdgeConnect-Cache-Status
X-Time
X-FB-TRIP-ID
X-ProcessESI
X-Source
Meta-Geo
X-ES-SERVER
X-RN-RSRV
Filters
X-RemovedCookies
X-Debug-Cache
X-Mode
X-R9-Blue-Green-Version
X-Sucuri-ID
X-Cache-Var
X-Cache-Var-Map
From-Origin
Eomportal-Instance
X-Locale
X-From
X-Device-Type
X-Qloud-Router
Section-Io-Cache
X-Via-Fastly
X-ProxyCache-Key
X-Xfnlog-Site
X-BYPASS-REASON
X-Time-Microsecs
X-AWS-Id
Mn-Server-Ip
X-VWS-Id
X-PCL
X-Server-W
X-GeoIP
X-ProxyCache-Status
X-RTag
X-Site-Version
X-LJ-Flow-ID
X-OCL
Ms-Operation-Id
X-Ratelimit-Reset
X-Cache-Host
Charset
Cache-Tv-Group
X-Real-IP
X-Routing-Service
Cross-Origin-Window-Policy
Ec-Rule-Version
X-Proxied
TWC-GeoIP-Country
TWC-Device-Class
X-Cluster
X-Framework
X-Cache-Action
Webcakes-Region
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Name
X-Zipkin-Id
X-FW-Version
X-Handled-By
X-Proxy-Build
Selected-Fe
X-TNCMS
X-Timing-Wait
TWC-GeoIP-LatLong
TWC-Connection-Speed
X-Hl-Ver
X-Human
X-Loop
X-Origin-Hint
Property-Id
Webcakes-App-Version
X-CSRF-Token
X-L-Path
X-Labrador-Cache-Channel
X-NYM-Debug-Backend
X-BCube-Filmed-By
X-JoinUs
X-Hosted-By
X-Environment-Context
X-Be
X-Generated-By
X-Proto
X-Detected-As
X-PHP-Host
X-Status
X-SaId
X-ServerID
X-Yottaa-Optimizations
X-Amzn-Remapped-Content-Length
X-Yottaa-Metrics
DB-Nickname
X-Format
Uber-Trace-Id
X-Section
X-Amz-Replication-Status
X-Cache-TTL-Remaining
X-Access
X-Redis-Cache
X-Revision
X-Varnish-Cache-Hits
FSS-Cache
X-NWS-UUID-VERIFY
X-No-Session
X-Air-Hostname
X-ATG-Version
Frame-Options
X-Cache-PHP
Version
X-Drupal-Cache-Contexts
X-Sucuri-Cache
X-TA-CDN-Provider
X-Origin
X-Contextid
X-NCache
X-URL
GEO-INFO
X-Drupal-Cache-Tags
X-EIG-Tracking-Id
X-Unique-Id
CF-Cached-On
Server-Name
X-EC-Lua
X-IPS-LoggedIn
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Cache-Enabled
X-IP
OT-Force-Account-Verify
X-Bc-Bl
X-CACHE-AGE
X-Akamai-Transformed
X-TIME
Time
X-Cache-Backend
X-GoCache-CacheStatus
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
Now
X-Backend-Host
X-Tumblr-Pixel-3
X-Adobe-Loc
X-CDN-Forward
X-Ruxit-Js-Agent
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-UA
X-Adobe-Content
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Object-Type
X-AIR-PT
X-TT
X-Cdn
Azure-RegionName
X-Instart-Request-ID
Azure-Version
Azure-SlotName
Azure-SiteName
Azure-InstanceId
Access-Control-Request-Headers
X-RCS-CacheZone
X-APP-VERSION
Node
X-External-Request-Id
X-G
X-A-Dam
X-A-Wwc
X-Accel-Expires-Debug
X-A-Dcw
X-B-Cookie
X-ARC
X-Application
X-CF-Lambda-Fn
X-CCM
X-A-Ccd
X-Cache-NE
VIX-Pulpo-Upstream-Status
X-A-Dgt
X-D
X-Date
X-Destination
X-Aed
X-A
X-CF-Lambda-Version
X-Connection-Hash
X-Adobe-Source
Meta-Geo-Continent
Fastcgi-X-Cache-Version
Apple-News-Services-Request-Url
DCR-Processing-Time-Ms
DCR-Decision-By
CloudFront-Viewer-Country
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-S-Cookie
X-Generation-Time
Host-ID
Apple-News-Services-Handled
X-Transaction
X-Trv-Group
X-Vtex-Processado-Em
X-VG-WebServer
X-Vtex-Remote-Cache
X-Worker
Xc-Version
X-VG-WebCache
X-NGENIX-Cache
X-Twitter-Response-Tags
X-Up
X-Vdms-Path
X-Vdms-Version
X-S
X-ScT
Rendered-Blocks
X-PAYTM-SRV-ID
X-Rojux
Mobile-Detection-Method
X-Cache-2
X-Minions-Version
VIX-Pulpo-Node
Surrogated-Key
SD-X-WS
X-Processor
X-PBS-Appsvrname
Machine
X-Request-UUID
MD5-Digest
X-Rewrite-Enabled
Wxu-Next-Region
CDN-RequestCountryCode
Is-Eu
Ufe-Result
We-Hiring
Mail-Subject
Platform
Fastly-SSL
NM-Fastcgi-Cache
Fastly-SIE
Wxu-Next-Hostname
Wxu-Next-Commit
CDN-Uid
Fastly-SWR
CDN-RequestId
X-Level-Front-Cache
X-Servername
X-ShardId
X-ShopId
X-Shopify-Stage
X-Reqid
X-Req
X-Platform
X-Pubstack
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Skip-Cache
X-SN
X-Thanos
X-Variation
X-Varnishpool
X-VG-TLSProxy
X-Storefront-Renderer-Rendered
X-Storage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Soup
X-PERF
X-Owner
X-Cache-Grace
X-Core-Value
X-CUA
X-Dispatcher-Server
X-Cache-Bucket
X-Bip
X-Agile-Age
X-Agile-Id
X-ApacheServer
X-Backend-TTL
X-DPWN-IS-SECURE
X-Edge-Location
X-Method
X-Microcachable
X-OVcl
X-OVcl-Cache
CDN-PullZone
X-Hash
X-Envoy-Decorator-Operation
X-Forwarded-Host
X-Generated-On
X-Agile
X-Alternate-Cache-Key
X-NC
X-Varnish-Ttl
Adler-Geo
CDN-EdgeStorageId
CDN-CachedAt
CDN-Cache
X-Varnish-Beresp-Ttl
X-TX-ID
X-Correlation-Id
HostName
X-Cluster-Name
X-Clientip
X-Auto-Login
X-Backend-State
X-Core-Mission
X-Eu-Site
X-Csrf-Jwt
X-Clara-WADP
X-Cms-Context
X-CGP
X-Fastly-Backend
X-Cache-Tags
X-Cache-NGX
X-Varnish-Beresp-Grace
X-Cdn-Srv
X-Cache-Config
X-Cache-Date
X-Varnish-Beresp-Status
X-VHOST
X-VarnishDD-TTL
X-Varnish-Cacheable
X-Render-Time
X-Proxy-Upstream
X-Viewer-Country
X-WADP-Cache
X-Ms-Version
X-Ms-Request-Id
X-Webstats-RespID
X-Policy
X-Micro-Cache
Rt-Fastcgi-Cache
X-Gamma-Serve
X-Fmm-Version
X-HN
X-HS-Content-Campaign-Id
X-LI-UUID
X-Li-Pop
X-Li-Fabric
X-Fastly-Cache
X-Request-Start
HA-Ipaddr
Ha-Gx-Prefs
Group
Decoy-Debug-Status
C-Via
Decoy-Debug-TTL
L5d-Success-Class
CacheControlHeader
Origin
Cache-Status
Fastly-Backend-Name
Gh-Request-Id
AKAMAI
Fastly-Drupal-HTML
Decoy-Debug-Key
L
PFcat
Pagetype
X-Cache-Id
X-SayCDN-TTL
Country-Code
X-Slack-Backend
X-Esi
X-Developers
Akamai-GRN
X-Request-Host
X-Cache-URL
Memcached
Backend
X-Has-Esi
X-Gzip
UCS
X-Irp-Debug
X-JWT-State
X-Is-Gdpr
X-Geo-Header
X-Location
X-Say-TTL
X-Esi-Check
X-Old-Content-Length
X-Web-Node
X-Wikidot-Backend
X-Say-Cacheable
X-Wikidot-Static-Cache
Country
X-Cdn-Forward
X-CS
Nel
M-TraceId
X-Wa
X-Mvc-Supplant-Cachable
X-Amz-Meta-Cb-Modifiedtime
X-Refresh
X-PF-Uncompressing
FSS-Proxy
X-Content-Age
X-NODE
X-Dc
X-Aicache-OS
X-Platform-Server
X-ECache
X-ZONE
X-BC
X-Varnish-CookieHashed-On
X-Via-Poph
X-Via-Popn
X-DefHash
X-DefElseHash
Upgrade-Insecure-Requests
X-LAGOON
X-RateLimit-Remaining
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-LB-ID
X-B3-Spanid
Arc-Country
X-Branch-Name
VivaBuild
X-UPSTREAM-Address
X-B3-Traceid
Viewtype
X-Session-Fingerprint
X-Cache-Debug
X-Ua-Device
X-LI-Proto
X-Via-Ucdn
NGX
X-ORACLE-APMCS-REQUEST-ID
X-RunCloud-Cache
Actual-Object-TTL
X-Servedbyhost
Srv
X-Flags
X-Is-Crawler
X-Route-Name
Cdn-Request-Time
Cdn-Host
X-Mvc-Supplant-OutputCached
X-Edge-Server
X-Providence-Cookie
X-Aspnet-Duration-Ms
Geo-Info
X-Unique-ID
X-SERVER
CACHE
X-Debug-Cache-Fetch
X-Request-Time
X-Debug-Cache-Store
Memory
X-Bc
X-Zone
X-Vgn-Hpd-Ssi
X-Srv
X-DC
X-APP
X-NGINX-Cache
X-HS-Status
X-Action
X-Varnish-Hostname
X-FPC
X-GEO
X-Nginx-Cache
X-CF-Powered-By
X-LiteSpeed-Cache-Control
Sid
X-RSL
X-Cs
X-RPM
X-DI
X-DSS
X-DW
X-DB
X-Page-View
X-RPS
X-Akamai-Request-ID2
WWW-Authenticate
X-Geo
Xserver
X-CSRF-TOKEN
X-Cluster-Node
X-Check-Cacheable
NtCoent-Length
GeoIp-Country-Code
X-Oss-Cdn-Auth
X-Via-Popv
Geoip-Latitude
X-Epic-Correlation-Id
X-MP-GENERATED-AT
XServer
X-Hit
X-FC-Vary-Parameters
Hostname
X-Vcache
X-Mobile-Rewrite
X-Nc
X-VCL-Version
Server-Info
ProcessTime
X-Ftr-Cache-Host
X-Dynatrace-Js-Agent
X-NU-AKA-ACS-Version
User-Agent
SRV
GeoIP-Country-Code
X-SERVER-NAME
Apigw-Requestid
GeoIP-Latitude
Processtime
X-Webkit-CSP-Report-Only
X-FORWARDED-FOR
X-Via-SSL
X-Vcl-Version
X-Via-Edge
X-Sql-Duration-Ms
W
X-UnsetCookies
X-Sql-Count
Edge-Copy-Time
X-Via-CDN
X-HOST
SID
X-Fpc
Esi-Enabled
X-We-Are-Hiring
X-Key
On-Server
Accept-Language
X-Envoy-Upstream-Healthchecked-Cluster
S-Rt
Origin-Cache-Control
X-Svr
Origin-Edge-Control
X-HITS
X-Tb
X-Cache-Hm
Cdn
CF-IPCountry
X-Www-Served-By
Proxy-Firewall
X-Cache-Hfrom
X-Dispatch
WebServer
LB
X-Fastly-Country-Code
A
X-S-Maxage
CDN
Lb
T-Server
Cache-Hits
X-SRV
ServedBy
N-Cache
HitType
X-COUNTRY
X-CACHE-KEY
X-Pjax-Url
Ohc-File-Size
Server-Host
Amp-Access-Control-Allow-Source-Origin
X-Pass-Why
X-Geo-Region
X-Cache-Remote
Cteonnt-Length
X-MSEdge-Flight
X-MSEdge-Features
X-App
X-Presslabs-Stats
WZWS-RAY
Powered-By
Magicmarker
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-RAMCache
Fastcgi-Cache-TTL
X-Newrelic-App-Data
Pics-Label
X-Instart-Info
BehaviorPad-Version
X-Generated
X-Path-Route
X-SB
X-VC
X-Newrelic-Synthetics
X-Li-Proto
X-ServedByHost
X-Varnish-Hits
X-TrackingId
X-Dynatrace
X-Datadome
X-Lb-Id
Cache-Key
X-Served-From
X-Info
X-StackifyID
Server-Ttl
Xet-Cookie
X-TH-Server
X-Akamai-Pragma-Client-IP
X-B3-SpanId
X-Via-PopV
Protected
Ohc-Cache-HIT
X-LiteSpeed-Tag
X-Via-PopN
X-Via-PopH
Cache-Provider
Dnion-Transfer-Encoding
X-Batcache
X-Via-NSCOPI
X-Cache-Tag
X-TT-LOGID
X-WA
X-Tt-Logid
X-Uri
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
Content-Script-Type
Cf-Alt-Svc
X-Agile-Brick-Ok
Content-Style-Type
X-ID
X-Planisys-CDN-TTL
User-Cache-Control
X-Origin-Response-Time
X-Vgn-Hpd-Reason
Tcn
Who
X-HostName
X-RateLimit-Limit
X-Pad
Ssr
X-PJAX-URL
Inserted-Into-Cache-At
X-Pf-Uncompressing
X-Region-Sid
X-Tid
X-Yottaa-OS
Tracecode
CountryCode
X-Selected-Host-Header
X-Selected-Scheme
X-Selected-Name
Lfy
X-C
Mime-Version
X-Request-URL
X-Varnish-Beresp-TTL
Source
X-Cache-Spec
X-Pinterest-Sli-Response-Type
X-Snapshot-Date
X-Pinterest-Sli-Latency-Threshold
X-Pinterest-Sli-Endpoint-Name
X-Men
X-MiniProfiler-Ids
X-Apw-Access-Token
X-Nananana
Pragrma
Cneonction
PICS-Label
X-Magnolia-Registration
X-Proxy-Cachei7
Vha6-Origin
X-Apw-Access-Object
X-Apw-Access-Action
X-DevSite-Last-Modified
X-Dw-Trace-Id
X-Apw-Hits