Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
Age
CF-RAY
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-Served-By
CF-Ray
X-Xss-Protection
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Methods
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
P3p
X-Cacheable
X-Request-ID
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Upgrade
Content-Encoding
X-CDN
X-Template
X-Language
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Backend
X-AH-Environment
X-Buckets
X-Hacker
X-Cache-Group
X-Robots-Tag
X-Server
X-Amz-Request-Id
X-UA-Device
EagleId
X-Amz-Id-2
X-Proxy-Cache
X-Dns-Prefetch-Control
X-Turbo-Charged-By
X-Server-Powered-By
Request-Context
Server-Timing
Host-Header
Grace
X-Nginx-Cache-Status
Report-To
Xkey
X-Page-Speed
X-Rq
Cf-Bgj
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Ali-Swift-Global-Savetime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Amz-Version-Id
X-Vhost
NEL
X-Host
X-Dispatcher
X-Device
X-Backend-Server
X-Node
X-Cache-Lookup
Surrogate-Control
X-Ruxit-JS-Agent
X-Response-Time
X-Origin-Cache
Content-Location
X-Akam-SW-Version
Request-Id
X-ASPNET-VERSION
X-Ac
X-Country
X-Mod-Pagespeed
X-Server-Id
EagleEye-TraceId
X-HW
Rating
Accept-CH
Accept-CH-Lifetime
X-Readtime
X-ORACLE-DMS-ECID
X-Cloud-Trace-Context
X-ORACLE-DMS-RID
Pinterest-Generated-By
X-Application-Context
X-DataDome
Edge-Control
X-Url
X-Country-Code
X-Origin-Upstream-Status
X-PC
X-TtlSet
X-Vname
X-Varnish-TTL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
X-Cnection
Akamai-Age-Ms
X-D2id
X-GitHub-Request-Id
X-ESI
X-MS-InvokeApp
X-Clacks-Overhead
X-Content-Type
X-Server-ID
X-Server-Name
X-Abt-Application-Version
X-FTR-Request-ID
X-Navigation-Version
Allow
Pinterest-Version
X-Vcap-Request-Id
X-Pinterest-Rid
X-Trace
Verso
X-Sol
X-Middleton-Response
Display
Response
Pagespeed
X-Middleton-Display
X-Px
X-Cached
X-Element-Page-Cache
X-Rack-Cache
X-Fastly-Request-ID
X-B3-TraceId
X-DynaTrace
Service-Worker-Allowed
Accept-Ch
X-Client-IP
X-Cache-TTL
X-Version
Arr-Disable-Session-Affinity
X-Powered-By-Plesk
X-Upstream
MS-Author-Via
X-Dw-Request-Base-Id
X-Forwarded-Proto
Content-MD5
X-T
X-NF-Request-ID
AR-ATIME
Ar-Sid
AR-CACHE
AR-Request-ID
AR-PoweredBy
SPRequestGuid
X-SharePointHealthScore
Fastly-Restarts
X-Debug
X-TTL
X-VARITI-CCR
Accept-Ch-Lifetime
X-Jurisdiction
X-XRDS-Location
X-Cdn-Fetch
X-Kinja-Build
X-Kinja-Revision
X-GoogleNews-Bot
X-Use-Magma
X-Exp-Variant
X-Exp-Id
X-Kinja
X-Kinja-Server
X-Content-Digest
Access-Control-Request-Method
X-Ttl
TP-Cache
X-Powered-CMS
TP-L2-Cache
X-Goog-Hash
X-NWS-LOG-UUID
X-Edge
X-Release
X-MSEdge-Ref
X-PressLabs-Stats
TCN
X-Webkit-CSP
X-FastCGI-Cache
S
SPIisLatency
SPRequestDuration
Cache-Tag
RTSS
X-Amz-Rid
Fastcgi-Cache
X-Request-Received
X-Request-Processing-Time
X-Yandex-Sdch-Disable
Public-Key-Pins
X-Ezoic-Cdn
X-Node-Name
Server-Node
X-Accel-Expires
X-Mid
X-MCACHE
X-Pinterest-Direct
X-Cache-Key
X-Logged-In
X-Cache-Hit
X-Amzn-Trace-Id
ServerID
X-Ratelimit-Remaining
Front-End-Https
X-Request-Handler-Origin-Region
X-CST
X-Microsite
X-Ser
Alternate-Protocol
X-Page-Id
X-Origin-Server
X-Recruiting
X-Kinsta-Cache
X-ECACHE
Accept-Charset
X-Ratelimit-Limit
Host
X-B
X-Mobile-URL
X-Hostname
X-FireWall-Port
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Expires
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
Nginx-Cache
X-Varnish-Age
X-Seen-By
X-Content-Security-Policy-Report-Only
X-Forwarded-For
Filterid
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-B3-TraceId-Primal
X-DIS-Request-ID
Realpath
Mrf-Cache-Status
MRF-Tech
X-Load-Cache
X-Content-Options
X-Daa-Tunnel
X-Jobs
X-Shield-Request-Id
X-Az
X-AppVersion
X-Activity-Id
X-Id
X-Correlation-ID
X-LB-Cache
X-Git-Hash
X-F-Cache
X-Varnish-Backend
X-App-Environment
X-Type
X-Varnish-Grace
Paypal-Debug-Id
Edge-Cache-Tag
X-Request-Guid
X-Rid
X-N
X-Zen-Fury
Fastcgi-Useragent
X-Hits
X-FB-Debug
X-Grace
X-Proxy
X-Mg-S
X-App-Server
AMP-Access-Control-Allow-Source-Origin
DynaTrace
Access-Control-Allow-Method
X-Upgrade-Enabled
DC
X-Content-Powered-By
Cache-Tags
Content-Disposition
X-WebKit-CSP-Report-Only
X-Akamai-Edgescape
X-Amz-Server-Side-Encryption
X-Cache-Operation
X-Cache-Rule
X-Kong-Upstream-Latency
Cleartype
X-Geo-Country
X-Kong-Proxy-Latency
MicrosoftSharePointTeamServices
X-Endurance-Cache-Level
X-Cached-By
X-Wix-Request-Id
X-HP-Webp
X-VCache
X-TEC-API-VERSION
X-Response-Served-From
X-Original-Request-Id
X-Host-Name
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Accel-Buffering
Refresh
X-B3-Sampled
X-IPLB-Instance
NGB
X-HTML-Minification-Powered-By
X-Cacheable-TTL
X-Is-Bot
X-Rule
X-AOL-HN
X-User-Agent
Healthy
MS-CV
X-UUID
X-Rendered-As
Payment
X-Distributor
X-FW-Static
X-FW-Dynamic
X-FW-Hash
X-FW-Serve
X-FW-Server
X-FW-Type
X-Amz-Apigw-Id
X-B-Cache
X-HS-Hub-Id
X-Amzn-RequestId
X-Signature
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Region
X-Instance
X-Tec-Api-Root
Datacenter
X-Cache-Time
X-Hp-Webp
X-Tec-Api-Version
X-Tec-Api-Origin
X-Amz-Meta-S3cmd-Attrs
X-Goog-Stored-Content-Length
X-Fastcgi-Cache
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Whom
X-Tumblr-User
X-GUploader-UploadID
X-Tumblr-Pixel-0
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
Countrycode
X-Debug-Info
X-Mobile
PB-PID
Arc-Version
PB-RID
X-XRDS-LOCATION
X-Frontend
X-Ua
Powered
X-Varnish-Server
X-Cache-Age
X-App-Version
X-PHP-Backend
X-Oneagent-Js-Injection
Powered-By-ChinaCache
S-Cnection
Surrogate-Key
X-Respond-Thread
X-Backend-Name
X-NewRelic-App-Data
X-FTR-Cache-Host
X-Azure-Ref
X-Cache-Server
X-Via-JSL
X-DynaTrace-JS-Agent
X-Protected-By
X-Litespeed-Cache
Cache
X-WA-Info
X-Hyper-Cache
Liferay-Portal
X-Cache-Control
Viewport
Referer-Policy
X-Cache-Expired-At
X-Proxy-Cache-Status
Webserver
X-Acc-Debug-Context
Retry-After
X-EdgeConnect-Cache-Status
X-Time
X-FB-TRIP-ID
X-Debug-Cache
X-RN-RSRV
X-RemovedCookies
X-Sucuri-ID
Filters
X-Mode
X-ProcessESI
X-Cache-Var-Map
X-ES-SERVER
X-Cache-Var
X-R9-Blue-Green-Version
Meta-Geo
X-Source
From-Origin
X-Locale
X-Qloud-Router
Eomportal-Instance
X-From
Section-Io-Cache
X-Device-Type
X-ProxyCache-Key
Mn-Server-Ip
X-PCL
X-GeoIP
X-Site-Version
X-Server-W
X-LJ-Flow-ID
Ms-Operation-Id
X-RTag
X-Via-Fastly
X-AWS-Id
X-VWS-Id
X-BYPASS-REASON
X-ProxyCache-Status
X-OCL
X-Xfnlog-Site
Cross-Origin-Window-Policy
Ec-Rule-Version
Webcakes-App-Version
Charset
Webcakes-Region
Webcakes-App-Name
Property-Id
X-Cache-Host
Selected-Fe
X-Proxy-Build
TWC-Connection-Speed
X-Time-Microsecs
X-Timing-Wait
X-TNCMS
TWC-Device-Class
X-CSRF-Token
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Routing-Service
X-Loop
X-Framework
X-Origin-Hint
TWC-Locale-Group
X-Ratelimit-Reset
X-Real-IP
X-Hl-Ver
X-Handled-By
X-Proxied
X-FW-Version
X-Zipkin-Id
X-Human
TWC-Privacy
X-Generated-By
X-JoinUs
Cache-Tv-Group
X-Hosted-By
X-SaId
DB-Nickname
X-Status
X-Proto
X-Cluster
X-Detected-As
X-Cache-Action
X-Yottaa-Optimizations
X-NYM-Debug-Backend
X-Yottaa-Metrics
X-Be
X-Amzn-Remapped-Content-Length
X-Cache-TTL-Remaining
X-Environment-Context
X-ServerID
X-Section
X-Labrador-Cache-Channel
X-L-Path
X-Revision
X-Format
X-Amz-Replication-Status
X-BCube-Filmed-By
X-PHP-Host
X-Redis-Cache
X-Access
Uber-Trace-Id
X-Varnish-Cache-Hits
X-NWS-UUID-VERIFY
Frame-Options
X-No-Session
Version
X-Air-Hostname
FSS-Cache
X-Cache-PHP
X-ATG-Version
X-Drupal-Cache-Contexts
X-TA-CDN-Provider
X-Sucuri-Cache
X-NCache
X-Contextid
GEO-INFO
X-Origin
CF-Cached-On
X-Drupal-Cache-Tags
X-Unique-Id
X-EIG-Tracking-Id
Server-Name
X-EC-Lua
X-IPS-LoggedIn
X-Tt-Trace-Tag
X-Tt-Trace-Host
OT-Force-Account-Verify
X-IP
X-Cache-Enabled
X-Bc-Bl
X-Akamai-Transformed
X-TIME
X-CACHE-AGE
Time
X-GoCache-CacheStatus
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-Cache-Backend
Now
X-Backend-Host
X-UA
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Tumblr-Pixel-3
X-Ruxit-Js-Agent
X-Oss-Object-Type
X-CDN-Forward
X-Adobe-Content
X-Adobe-Loc
X-AIR-PT
X-TT
Azure-RegionName
Azure-InstanceId
Azure-SiteName
Azure-Version
X-URL
X-Instart-Request-ID
Azure-SlotName
X-Cdn
Access-Control-Request-Headers
X-RCS-CacheZone
Node
X-APP-VERSION
X-Cache-2
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Vtex-Processado-Em
Meta-Geo-Continent
X-CCM
X-Vtex-Remote-Cache
X-Connection-Hash
X-Destination
X-Generation-Time
X-Worker
X-Date
X-D
Xc-Version
X-G
X-Cache-NE
Apple-News-Services-Host
Fastcgi-X-Cache-Version
VIX-Pulpo-Upstream-Status
X-A
DCR-Processing-Time-Ms
X-A-Ccd
DCR-Decision-By
VIX-Pulpo-Node
SD-X-WS
MD5-Digest
Mobile-Detection-Method
Machine
Host-ID
Rendered-Blocks
X-A-Dam
X-A-Dcw
X-B-Cookie
X-ARC
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-VG-WebServer
X-Application
X-Aed
X-A-Wwc
X-A-Dgt
CloudFront-Viewer-Country
X-Accel-Expires-Debug
X-Adobe-Source
Apple-News-Services-Handled
X-External-Request-Id
X-PAYTM-SRV-ID
X-Minions-Version
X-PBS-Appsvrname
X-S-Cookie
X-Twitter-Response-Tags
X-NGENIX-Cache
X-Trv-Group
X-Vdms-Version
X-Transaction
X-Up
X-ScT
X-Rewrite-Enabled
X-Vdms-Path
X-Request-UUID
X-VG-WebCache
X-Rojux
X-S
X-Processor
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
We-Hiring
X-Thanos
X-Varnishpool
X-ShopId
X-Shopify-Stage
Fastly-SIE
X-Pubstack
X-Cache-Bucket
X-ApacheServer
X-Reqid
X-Backend-TTL
X-Alternate-Cache-Key
X-Agile-Id
X-Agile
X-Agile-Age
X-Bip
X-Req
X-Rebelmouse-Cache-Control
X-Servername
X-Cache-Grace
Fastly-SSL
X-Rebelmouse-Surrogate-Control
X-Varnish-Ttl
X-ShardId
Ufe-Result
X-Level-Front-Cache
X-Method
X-Storage
X-Core-Value
X-Storefront-Renderer-Rendered
X-Forwarded-Host
X-Generated-On
X-OVcl
Mail-Subject
X-Microcachable
X-Hash
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-VG-TLSProxy
X-SN
X-PERF
X-Owner
X-Platform
Surrogated-Key
Fastly-SWR
X-CUA
X-OVcl-Cache
X-Skip-Cache
X-NC
X-Sorting-Hat-ShopId
X-Envoy-Decorator-Operation
X-Edge-Location
X-DPWN-IS-SECURE
X-Soup
X-Sorting-Hat-PodId
HostName
X-TX-ID
X-Correlation-Id
Rt-Fastcgi-Cache
Platform
Pagetype
Origin
NM-Fastcgi-Cache
PFcat
X-Variation
X-Fastly-Backend
X-Fastly-Cache
X-Fmm-Version
X-Eu-Site
X-Dispatcher-Server
X-Proxy-Upstream
X-Policy
X-Gamma-Serve
X-Ms-Version
X-Viewer-Country
X-HN
X-Micro-Cache
X-WADP-Cache
X-Ms-Request-Id
X-Webstats-RespID
X-Csrf-Jwt
X-Core-Mission
X-Cache-NGX
X-Cache-Tags
X-HS-Content-Campaign-Id
X-Cache-Date
X-Render-Time
X-Auto-Login
X-Backend-State
X-Cdn-Srv
X-Varnish-Cacheable
X-Cluster-Name
X-Cms-Context
X-Clientip
X-Clara-WADP
X-VarnishDD-TTL
X-CGP
X-Request-Start
X-Cache-Config
CDN-Uid
CDN-RequestId
CDN-RequestCountryCode
X-VHOST
Decoy-Debug-Key
Fastly-Backend-Name
Decoy-Debug-TTL
Decoy-Debug-Status
CDN-PullZone
CDN-EdgeStorageId
C-Via
AKAMAI
Adler-Geo
Cache-Status
CacheControlHeader
CDN-CachedAt
CDN-Cache
Fastly-Drupal-HTML
Country-Code
Is-Eu
Gh-Request-Id
L
L5d-Success-Class
Group
Ha-Gx-Prefs
HA-Ipaddr
X-Amz-Meta-Cb-Modifiedtime
X-Location
X-Wikidot-Backend
Akamai-GRN
X-Wikidot-Static-Cache
Memcached
X-JWT-State
X-Li-Fabric
X-LI-UUID
X-Li-Pop
Backend
X-Irp-Debug
X-Developers
UCS
X-Slack-Backend
X-Geo-Header
X-Request-Host
X-RateLimit-Remaining
X-Say-TTL
X-SayCDN-TTL
X-Is-Gdpr
Country
X-Say-Cacheable
X-Web-Node
X-Dc
X-Content-Age
X-Esi
X-Cache-URL
X-Has-Esi
Nel
X-Cdn-Forward
X-Esi-Check
X-Wa
X-Refresh
X-PF-Uncompressing
X-Gzip
X-Mvc-Supplant-Cachable
X-Old-Content-Length
M-TraceId
X-Cache-Id
X-NODE
X-Aicache-OS
FSS-Proxy
X-Platform-Server
X-CS
X-ECache
X-BC
X-ZONE
X-B3-Spanid
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-DefElseHash
X-DefHash
X-LB-ID
X-LAGOON
Upgrade-Insecure-Requests
Arc-Country
X-UPSTREAM-Address
X-Via-Popn
X-Via-Poph
VivaBuild
Viewtype
X-B3-Traceid
X-ORACLE-APMCS-REQUEST-ID
X-Cache-Debug
X-Via-Ucdn
X-Ua-Device
NGX
X-Session-Fingerprint
Actual-Object-TTL
X-Branch-Name
X-RunCloud-Cache
X-Servedbyhost
Srv
Cdn-Host
X-Mvc-Supplant-OutputCached
Cdn-Request-Time
X-Edge-Server
X-Flags
X-Providence-Cookie
X-Is-Crawler
X-LI-Proto
X-Route-Name
X-Aspnet-Duration-Ms
X-SERVER
Geo-Info
X-Unique-ID
X-Request-Time
X-Debug-Cache-Fetch
X-Debug-Cache-Store
Memory
CACHE
X-Bc
X-Zone
X-Srv
X-Vgn-Hpd-Ssi
X-Cs
X-HS-Status
X-APP
X-NGINX-Cache
X-Action
X-Varnish-Hostname
Sid
X-FPC
X-Nginx-Cache
X-RPM
X-RSL
X-RPS
X-DB
X-CF-Powered-By
X-LiteSpeed-Cache-Control
WWW-Authenticate
X-DC
X-Akamai-Request-ID2
X-Page-View
X-DI
X-DW
X-DSS
X-GEO
Xserver
X-Geo
X-MP-GENERATED-AT
X-Cluster-Node
X-Oss-Cdn-Auth
X-Epic-Correlation-Id
GeoIp-Country-Code
X-CSRF-TOKEN
NtCoent-Length
Geoip-Latitude
X-Vcache
X-FC-Vary-Parameters
X-Mobile-Rewrite
XServer
Hostname
X-Hit
X-VCL-Version
X-Check-Cacheable
X-Ftr-Cache-Host
Server-Info
X-Via-Popv
X-NU-AKA-ACS-Version
X-Nc
Processtime
SRV
User-Agent
X-Dynatrace-Js-Agent
ProcessTime
X-SERVER-NAME
Apigw-Requestid
GeoIP-Latitude
GeoIP-Country-Code
X-Webkit-CSP-Report-Only
X-FORWARDED-FOR
Edge-Copy-Time
X-Sql-Count
X-Vcl-Version
X-Via-SSL
W
X-Via-Edge
X-Sql-Duration-Ms
X-UnsetCookies
X-Via-CDN
X-HOST
X-Envoy-Upstream-Healthchecked-Cluster
X-Key
Esi-Enabled
Accept-Language
Origin-Edge-Control
X-We-Are-Hiring
Origin-Cache-Control
X-Fpc
On-Server
X-Svr
X-Dynatrace
S-Rt
SID
X-HITS
X-Tb
Cdn
X-Cache-Hm
X-Cache-Hfrom
Proxy-Firewall
CF-IPCountry
X-Dispatch
LB
WebServer
X-Fastly-Country-Code
Lb
ServedBy
X-Www-Served-By
N-Cache
CDN
A
T-Server
X-COUNTRY
X-SRV
HitType
X-S-Maxage
X-CACHE-KEY
Cteonnt-Length
X-Geo-Region
X-Pjax-Url
Amp-Access-Control-Allow-Source-Origin
Ohc-File-Size
X-MSEdge-Features
X-Pass-Why
Cache-Hits
X-MSEdge-Flight
X-Cache-Remote
X-App
X-Oracle-Dms-Rid
X-Presslabs-Stats
X-RAMCache
Pics-Label
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
Server-Host
X-Generated
BehaviorPad-Version
Fastcgi-Cache-TTL
X-Instart-Info
X-Newrelic-App-Data
Magicmarker
WZWS-RAY
Powered-By
X-VC
X-ServedByHost
X-Li-Proto
X-SB
X-Path-Route
X-Varnish-Hits
X-TrackingId
X-Newrelic-Synthetics
X-Datadome
X-Via-PopV
X-Via-PopH
X-Via-PopN
X-Served-From
Server-Ttl
Xet-Cookie
Cache-Key
X-Akamai-Pragma-Client-IP
X-Info
X-TH-Server
X-StackifyID
X-Lb-Id
Ohc-Cache-HIT
Cache-Provider
X-B3-SpanId
Dnion-Transfer-Encoding
X-Via-NSCOPI
X-Batcache
X-LiteSpeed-Tag
Protected
X-Cache-Tag
X-ID
X-Tt-Logid
X-Uri
X-TT-LOGID
X-Agile-Brick-Ok
Content-Style-Type
X-WA
Content-Script-Type
X-Origin-Response-Time
X-Planisys-CDN-Cache
User-Cache-Control
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
Cf-Alt-Svc
Tcn
X-Vgn-Hpd-Reason
X-Yottaa-OS
X-Tid
Ssr
X-RateLimit-Limit
Who
X-Pf-Uncompressing
Inserted-Into-Cache-At
X-HostName
X-PJAX-URL
X-Pad
X-Region-Sid
X-Selected-Host-Header
Tracecode
X-Selected-Scheme
X-Selected-Name
CountryCode
X-Request-URL
X-Apw-Hits
X-Varnish-Beresp-TTL
Lfy
X-Men
X-Snapshot-Date
Source
X-Apw-Access-Token
X-Proxy-Cachei7
X-Magnolia-Registration
X-Nananana
PICS-Label
X-DevSite-Last-Modified
Mime-Version
X-MiniProfiler-Ids
X-C
X-Dw-Trace-Id
X-Apw-Access-Action
Vha6-Origin
Pragrma
Cneonction
X-Apw-Access-Object