Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
Age
CF-RAY
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-Served-By
CF-Ray
X-Xss-Protection
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Methods
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-Request-ID
X-Cacheable
P3p
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
Upgrade
X-CDN
X-Template
X-Language
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Backend
X-AH-Environment
X-Hacker
X-Cache-Group
X-Buckets
X-Robots-Tag
X-Server
X-Amz-Request-Id
X-UA-Device
EagleId
X-Amz-Id-2
X-Proxy-Cache
X-Turbo-Charged-By
X-Server-Powered-By
Request-Context
X-Dns-Prefetch-Control
Server-Timing
Host-Header
X-Nginx-Cache-Status
Grace
Xkey
Report-To
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
Cf-Bgj
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Cf-Railgun
Ali-Swift-Global-Savetime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Amz-Version-Id
X-Vhost
NEL
X-Host
X-Dispatcher
X-Device
X-Backend-Server
X-Node
Surrogate-Control
X-Ruxit-JS-Agent
X-Cache-Lookup
X-Response-Time
X-Origin-Cache
Content-Location
X-Akam-SW-Version
Request-Id
X-Ac
X-ASPNET-VERSION
X-Server-Id
X-Country
X-Mod-Pagespeed
EagleEye-TraceId
X-HW
Accept-CH
Rating
Accept-CH-Lifetime
X-Readtime
X-ORACLE-DMS-ECID
X-Cloud-Trace-Context
X-ORACLE-DMS-RID
X-Application-Context
Pinterest-Generated-By
X-DataDome
Edge-Control
X-Url
X-Country-Code
X-PC
X-TtlSet
X-Vname
X-Origin-Upstream-Status
X-Varnish-TTL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cnection
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Component-Id
X-D2id
X-GitHub-Request-Id
Akamai-Age-Ms
X-ESI
X-MS-InvokeApp
X-Content-Type
X-Clacks-Overhead
X-Server-Name
Allow
X-Abt-Application-Version
X-Navigation-Version
X-FTR-Request-ID
Pinterest-Version
X-Pinterest-Rid
X-Vcap-Request-Id
X-Trace
Pagespeed
X-Middleton-Display
X-Sol
Response
X-Middleton-Response
Verso
Display
X-B3-TraceId
X-Px
X-Server-ID
X-Cached
X-Rack-Cache
X-Element-Page-Cache
X-Fastly-Request-ID
X-DynaTrace
Service-Worker-Allowed
X-Client-IP
MS-Author-Via
X-Cache-TTL
Arr-Disable-Session-Affinity
Accept-Ch
X-Version
X-Powered-By-Plesk
X-Upstream
X-Forwarded-Proto
X-Dw-Request-Base-Id
Content-MD5
X-TTL
X-T
X-NF-Request-ID
AR-PoweredBy
AR-CACHE
AR-ATIME
AR-Request-ID
Fastly-Restarts
X-Debug
Ar-Sid
SPRequestGuid
X-SharePointHealthScore
X-VARITI-CCR
X-Webkit-CSP
X-Jurisdiction
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja-Build
X-Use-Magma
X-Kinja
X-Kinja-Server
X-Kinja-Revision
Accept-Ch-Lifetime
TP-Cache
TP-L2-Cache
X-Goog-Hash
Access-Control-Request-Method
X-Powered-CMS
X-XRDS-Location
X-Content-Digest
X-Release
X-Edge
X-MSEdge-Ref
X-NWS-LOG-UUID
X-Ttl
TCN
RTSS
X-PressLabs-Stats
S
SPIisLatency
SPRequestDuration
X-Amz-Rid
X-FastCGI-Cache
Fastcgi-Cache
Cache-Tag
X-Request-Received
X-Request-Processing-Time
Public-Key-Pins
X-Pinterest-Direct
X-Yandex-Sdch-Disable
X-Ezoic-Cdn
X-MCACHE
X-Mid
X-Node-Name
X-Accel-Expires
Server-Node
X-Cache-Key
X-Ratelimit-Remaining
X-CST
X-Logged-In
X-Cache-Hit
X-Amzn-Trace-Id
Front-End-Https
ServerID
X-Ser
X-Microsite
X-Request-Handler-Origin-Region
Alternate-Protocol
X-Recruiting
X-Page-Id
X-Origin-Server
X-Kinsta-Cache
X-ECACHE
Host
X-B
X-Ratelimit-Limit
Accept-Charset
X-Hostname
X-Mobile-URL
X-FireWall-Port
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Realm
X-FTR-DC
X-FTR-Expires
X-Varnish-Age
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Mrf-Cache-Status
X-Forwarded-For
MRF-Tech
X-Content-Security-Policy-Report-Only
X-B3-TraceId-Primal
Nginx-Cache
Filterid
X-DIS-Request-ID
X-Id
X-Seen-By
X-Load-Cache
Realpath
X-Shield-Request-Id
X-Content-Options
X-Jobs
X-Daa-Tunnel
X-LB-Cache
X-Git-Hash
X-Type
X-F-Cache
X-App-Environment
X-Varnish-Backend
X-N
Edge-Cache-Tag
Paypal-Debug-Id
X-Correlation-ID
X-Varnish-Grace
X-AppVersion
X-Activity-Id
X-Az
X-Request-Guid
X-Rid
X-Grace
Fastcgi-Useragent
X-Mg-S
X-Zen-Fury
X-FB-Debug
X-Proxy
X-Amz-Server-Side-Encryption
X-Hits
DynaTrace
X-App-Server
Access-Control-Allow-Method
Cache-Tags
DC
X-Upgrade-Enabled
X-WebKit-CSP-Report-Only
X-Akamai-Edgescape
X-Content-Powered-By
Content-Disposition
Cleartype
X-HP-Webp
X-Kong-Upstream-Latency
X-Geo-Country
X-Kong-Proxy-Latency
X-Cache-Operation
X-Cache-Rule
MicrosoftSharePointTeamServices
AMP-Access-Control-Allow-Source-Origin
X-TEC-API-ROOT
X-Cached-By
X-TEC-API-VERSION
X-Fastcgi-Cache
X-Wix-Request-Id
X-TEC-API-ORIGIN
X-Endurance-Cache-Level
X-VCache
X-Response-Served-From
X-Accel-Buffering
X-Original-Request-Id
X-User-Agent
X-XRDS-LOCATION
X-B3-Sampled
X-Host-Name
X-Amz-Meta-S3cmd-Attrs
Refresh
X-IPLB-Instance
NGB
Healthy
Payment
X-AOL-HN
X-Rendered-As
X-HTML-Minification-Powered-By
X-Distributor
X-Is-Bot
X-Cacheable-TTL
X-Ua
X-UUID
X-Goog-Storage-Class
X-Region
X-Whom
X-B-Cache
X-Goog-Metageneration
X-FW-Dynamic
X-FW-Hash
X-Cache-Time
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-FW-Type
X-FW-Server
X-FW-Static
X-FW-Serve
X-Signature
X-HS-Content-Id
X-Instance
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Cache-Config
Datacenter
X-Rule
MS-CV
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Tumblr-Pixel-0
X-Tumblr-User
X-Debug-Info
Countrycode
X-Tec-Api-Origin
Powered-By-ChinaCache
X-Tec-Api-Version
X-Tec-Api-Root
X-Hp-Webp
X-Mobile
X-Frontend
PB-PID
Arc-Version
PB-RID
X-Varnish-Server
X-Respond-Thread
X-PHP-Backend
X-Cache-Age
Surrogate-Key
Powered
X-App-Version
S-Cnection
X-Backend-Name
Cache
X-Oneagent-Js-Injection
X-Protected-By
X-Via-JSL
X-Cache-Server
X-NewRelic-App-Data
X-Azure-Ref
X-DynaTrace-JS-Agent
X-Hyper-Cache
Liferay-Portal
X-FTR-Cache-Host
Viewport
X-WA-Info
X-Cache-Expired-At
X-Acc-Debug-Context
X-Litespeed-Cache
X-Cache-Control
Referer-Policy
X-Proxy-Cache-Status
Retry-After
X-Time
X-CSRF-Token
X-EdgeConnect-Cache-Status
X-Source
Webserver
X-FB-TRIP-ID
Charset
Section-Io-Cache
X-Sucuri-ID
X-Mode
X-Cache-Var
X-Cache-Var-Map
X-ES-SERVER
X-Debug-Cache
Meta-Geo
X-RN-RSRV
X-RemovedCookies
Filters
X-ProcessESI
X-Real-IP
X-R9-Blue-Green-Version
X-GeoIP
X-Locale
X-Device-Type
X-From
X-Xfnlog-Site
X-Cache-Action
X-ProxyCache-Status
X-LJ-Flow-ID
X-ProxyCache-Key
X-Qloud-Router
X-Amz-Replication-Status
X-BYPASS-REASON
Mn-Server-Ip
Eomportal-Instance
X-Server-W
X-Site-Version
X-Time-Microsecs
X-Framework
X-VWS-Id
X-Ratelimit-Reset
X-Via-Fastly
X-AWS-Id
X-Proxied
X-Environment-Context
X-Proxy-Build
X-Zipkin-Id
X-TNCMS
X-Routing-Service
X-Timing-Wait
X-FW-Version
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Privacy
TWC-Connection-Speed
Selected-Fe
Cache-Tv-Group
Cross-Origin-Window-Policy
Ec-Rule-Version
Property-Id
Webcakes-App-Name
Webcakes-App-Version
X-Human
X-Loop
X-OCL
X-Origin-Hint
X-Hl-Ver
X-Handled-By
X-L-Path
Webcakes-Region
X-Cache-Host
X-Cluster
X-PCL
TWC-Locale-Group
From-Origin
X-Hosted-By
X-Generated-By
X-JoinUs
X-Labrador-Cache-Channel
X-NYM-Debug-Backend
X-Detected-As
X-Proto
X-Revision
X-Amzn-Remapped-Content-Length
X-BCube-Filmed-By
X-Be
DB-Nickname
X-PHP-Host
Uber-Trace-Id
X-Status
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-SaId
X-ServerID
X-Section
X-Redis-Cache
X-Access
Ms-Operation-Id
X-RTag
X-Format
X-Cache-TTL-Remaining
FSS-Cache
Version
X-Air-Hostname
Frame-Options
X-Varnish-Cache-Hits
X-No-Session
X-ATG-Version
X-Cache-PHP
X-Drupal-Cache-Contexts
X-NWS-UUID-VERIFY
GEO-INFO
X-Sucuri-Cache
X-TA-CDN-Provider
X-Contextid
X-Origin
X-Unique-Id
Server-Name
X-NCache
CF-Cached-On
X-Drupal-Cache-Tags
X-EC-Lua
X-EIG-Tracking-Id
X-IPS-LoggedIn
X-Tt-Trace-Host
X-Tt-Trace-Tag
OT-Force-Account-Verify
X-CACHE-AGE
X-Akamai-Transformed
X-Cache-Enabled
X-IP
X-Vgn-Hpd-Cached
X-Bc-Bl
X-Vgn-Hpd-Variations-Key
X-GoCache-CacheStatus
X-Adobe-Loc
X-Cache-Backend
X-Adobe-Content
X-Backend-Host
X-APP-VERSION
X-TIME
X-Tumblr-Pixel-3
X-TT
X-Oss-Request-Id
X-AIR-PT
Time
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
Azure-InstanceId
Azure-SiteName
Azure-SlotName
Azure-Version
Now
Azure-RegionName
X-CDN-Forward
X-Ruxit-Js-Agent
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Access-Control-Request-Headers
X-Correlation-Id
X-RCS-CacheZone
X-Instart-Request-ID
X-CCM
X-Cache-2
X-Adobe-Source
X-Cdn
Node
SD-X-WS
X-URL
X-Vdms-Version
X-A
X-External-Request-Id
X-S
X-G
Surrogated-Key
X-Rewrite-Enabled
X-ARC
X-Vdms-Path
X-D
X-Rojux
X-Minions-Version
X-Request-UUID
X-Destination
X-Date
Rendered-Blocks
X-Vtex-Remote-Cache
X-CF-Lambda-Fn
X-A-Wwc
X-NGENIX-Cache
X-Cache-NE
DCR-Decision-By
Xc-Version
X-Worker
X-PBS-Appsvrname
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-A-Dcw
X-NC
DCR-Processing-Time-Ms
MD5-Digest
Machine
Meta-Geo-Continent
Mobile-Detection-Method
X-Processor
X-B-Cookie
X-Accel-Expires-Debug
X-Aed
Fastcgi-X-Cache-Version
Host-ID
X-ScT
Apple-News-Services-Host
X-A-Dgt
X-A-Ccd
X-Transaction
X-CF-Lambda-Version
X-PAYTM-SRV-ID
X-Vtex-Processado-Em
X-VG-WebServer
X-Connection-Hash
X-Up
X-VG-WebCache
Apple-News-Services-Handled
X-Application
X-S-Cookie
X-Twitter-Response-Tags
X-A-Dam
X-Trv-Group
X-Pubstack
X-Forwarded-Host
X-PERF
X-Backend-TTL
X-Cache-Grace
X-Soup
X-ApacheServer
Mail-Subject
X-DPWN-IS-SECURE
X-Core-Value
X-CUA
X-Envoy-Decorator-Operation
Platform
NM-Fastcgi-Cache
CloudFront-Viewer-Country
X-Edge-Location
X-Cache-Bucket
X-Bip
X-Dispatcher-Server
X-Generation-Time
Is-Eu
Adler-Geo
We-Hiring
Wxu-Next-Hostname
Wxu-Next-Region
X-Microcachable
X-Method
Wxu-Next-Commit
X-OVcl
X-Varnishpool
X-OVcl-Cache
X-Owner
X-Req
X-VG-TLSProxy
X-Variation
X-SN
X-Thanos
Ufe-Result
X-Hash
X-Servername
X-Skip-Cache
HostName
Fastly-SSL
X-Viewer-Country
Cache-Status
X-TX-ID
X-Cache-Config
X-Cluster-Name
X-Storage
X-UA
CDN-RequestCountryCode
CDN-PullZone
CDN-RequestId
Ha-Gx-Prefs
X-Cache-Tags
CDN-Uid
X-Auto-Login
CDN-CachedAt
HA-Ipaddr
X-Platform
X-Rebelmouse-Cache-Control
X-Proxy-Upstream
C-Via
CacheControlHeader
X-ShardId
CDN-Cache
PFcat
CDN-EdgeStorageId
X-Cache-NGX
X-Shopify-Stage
Fastly-SIE
X-ShopId
Fastly-Drupal-HTML
Gh-Request-Id
Fastly-SWR
X-Sorting-Hat-ShopId
L
L5d-Success-Class
Origin
X-Storefront-Renderer-Rendered
X-Policy
X-Sorting-Hat-PodId
X-Backend-State
Country-Code
X-Ms-Version
X-Rebelmouse-Surrogate-Control
X-Cache-Date
Group
X-Ms-Request-Id
X-Clientip
X-Varnish-Beresp-Grace
X-VarnishDD-TTL
X-Core-Mission
X-Varnish-Beresp-Status
X-Varnish-Cacheable
X-Fastly-Backend
X-Csrf-Jwt
X-Render-Time
X-Micro-Cache
X-LI-UUID
X-Li-Fabric
X-Level-Front-Cache
X-Eu-Site
Rt-Fastcgi-Cache
X-Request-Start
X-Fastly-Cache
X-Generated-On
X-Clara-WADP
X-CGP
AKAMAI
X-Varnish-Ttl
X-Webstats-RespID
X-Alternate-Cache-Key
X-Cms-Context
X-Fmm-Version
X-Reqid
X-HN
X-Gamma-Serve
X-WADP-Cache
X-Li-Pop
Decoy-Debug-TTL
X-ECache
Backend
X-Say-Cacheable
X-Web-Node
X-Say-TTL
X-Cdn-Forward
Country
Decoy-Debug-Key
Decoy-Debug-Status
X-SayCDN-TTL
X-Agile-Id
X-Amz-Meta-Cb-Modifiedtime
Pagetype
X-Agile
X-Agile-Age
UCS
X-Has-Esi
X-JWT-State
X-Location
X-Varnish-Beresp-Ttl
X-Is-Gdpr
Memcached
X-Old-Content-Length
X-Request-Host
X-Slack-Backend
X-VHOST
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-HS-Content-Campaign-Id
X-Irp-Debug
X-Cdn-Srv
X-Cache-URL
X-Cache-Id
Fastly-Backend-Name
Akamai-GRN
X-Content-Age
X-Geo-Header
X-Gzip
X-Esi-Check
X-Developers
X-Mvc-Supplant-Cachable
X-Esi
FSS-Proxy
X-PF-Uncompressing
X-CS
Nel
X-Dc
Upgrade-Insecure-Requests
X-Platform-Server
X-Wa
X-LB-ID
M-TraceId
X-Aicache-OS
X-Refresh
X-NODE
X-LAGOON
X-Varnish-CookieINHashed-On
X-DefElseHash
X-Via-Popn
X-Varnish-Remaining-TTL
X-Via-Poph
X-DefHash
X-Varnish-CookieHashed-On
X-UPSTREAM-Address
X-ZONE
X-BC
X-Branch-Name
X-RateLimit-Remaining
X-B3-Spanid
Arc-Country
X-Flags
NGX
X-Aspnet-Duration-Ms
X-Is-Crawler
VivaBuild
Viewtype
X-Route-Name
X-Session-Fingerprint
X-Providence-Cookie
Actual-Object-TTL
X-LI-Proto
X-RunCloud-Cache
X-Servedbyhost
X-ORACLE-APMCS-REQUEST-ID
X-Via-Ucdn
X-Ua-Device
X-Mvc-Supplant-OutputCached
X-Cache-Debug
Srv
X-Request-Time
X-Bc
X-Zone
Cdn-Request-Time
CACHE
X-Debug-Cache-Fetch
X-Edge-Server
X-Debug-Cache-Store
Cdn-Host
X-SERVER
X-Unique-ID
Geo-Info
Memory
Xserver
X-Varnish-Hostname
X-GEO
X-Vgn-Hpd-Ssi
X-Srv
X-Nginx-Cache
X-Page-View
X-DC
X-Cs
X-APP
X-NGINX-Cache
X-FPC
X-Action
Sid
X-HS-Status
X-RPS
X-DB
X-RPM
X-MP-GENERATED-AT
X-Akamai-Request-ID2
X-Ftr-Cache-Host
X-DW
X-Via-Popv
X-DSS
WWW-Authenticate
X-CF-Powered-By
X-Cluster-Node
X-LiteSpeed-Cache-Control
X-B3-Traceid
X-RSL
X-Check-Cacheable
X-DI
SRV
X-Geo
Server-Info
GeoIp-Country-Code
Geoip-Latitude
X-Epic-Correlation-Id
X-NU-AKA-ACS-Version
NtCoent-Length
X-Oss-Cdn-Auth
X-Vcache
X-FC-Vary-Parameters
Hostname
X-Hit
X-Mobile-Rewrite
X-VCL-Version
X-Dynatrace-Js-Agent
X-HITS
X-Nc
Processtime
Apigw-Requestid
GeoIP-Country-Code
ProcessTime
GeoIP-Latitude
X-UnsetCookies
X-Via-CDN
User-Agent
X-CSRF-TOKEN
XServer
X-Sql-Count
X-Sql-Duration-Ms
W
X-Vcl-Version
X-SERVER-NAME
X-Webkit-CSP-Report-Only
X-FORWARDED-FOR
X-Via-SSL
X-We-Are-Hiring
X-Fpc
X-Via-Edge
X-Svr
Edge-Copy-Time
S-Rt
SID
X-HOST
LB
WebServer
CF-IPCountry
X-SRV
Accept-Language
X-Pinterest-Sli-Endpoint-Name
X-Pinterest-Sli-Latency-Threshold
X-Fastly-Country-Code
X-Pinterest-Sli-Response-Type
X-Www-Served-By
X-Presslabs-Stats
Origin-Cache-Control
X-Key
Origin-Edge-Control
On-Server
X-Tb
X-Dynatrace
X-Envoy-Upstream-Healthchecked-Cluster
Esi-Enabled
ServedBy
Ohc-File-Size
X-S-Maxage
Amp-Access-Control-Allow-Source-Origin
Cache-Hits
Cdn
Proxy-Firewall
X-Dispatch
X-Cache-Remote
X-Cache-Hfrom
T-Server
X-Cache-Hm
X-MSEdge-Features
X-Pass-Why
A
Server-Host
X-MSEdge-Flight
X-Pjax-Url
N-Cache
Cteonnt-Length
X-CACHE-KEY
HitType
X-COUNTRY
X-Geo-Region
CDN
Magicmarker
Lb
X-App
X-Oracle-Dms-Rid
WZWS-RAY
X-SB
Pics-Label
X-VC
X-ServedByHost
X-Amzn-Remapped-Date
X-Li-Proto
X-Amzn-Remapped-Connection
X-Instart-Info
X-RAMCache
Powered-By
X-Varnish-Hits
BehaviorPad-Version
Fastcgi-Cache-TTL
X-Newrelic-App-Data
X-Generated
Ohc-Cache-HIT
X-Info
X-Path-Route
X-Newrelic-Synthetics
X-TrackingId
X-StackifyID
X-Datadome
Protected
X-Cache-Tag
X-Served-From
X-Via-NSCOPI
X-Akamai-Pragma-Client-IP
Cache-Key
X-B3-SpanId
Xet-Cookie
X-TH-Server
X-Via-PopV
Dnion-Transfer-Encoding
X-Uri
X-Via-PopH
X-LiteSpeed-Tag
X-Via-PopN
Server-Ttl
X-WA
X-TT-LOGID
X-Lb-Id
Cache-Provider
X-Batcache
X-Varnish-Beresp-TTL
X-Tt-Logid
X-Agile-Brick-Ok
Content-Script-Type
Tracecode
Content-Style-Type
Ssr
Cf-Alt-Svc
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Origin-Response-Time
X-Planisys-CDN-TTL
User-Cache-Control
X-Vgn-Hpd-Reason
Tcn
X-Men
X-Pad
X-Scheme
X-Pf-Uncompressing
PICS-Label
X-Tid
X-Cc-Via
D-Cc-Upstream
Inserted-Into-Cache-At
Lfy
X-Cache-Spec
X-Cc-Req-Id
X-Yottaa-OS
Mime-Version
Who
X-Region-Sid
X-Erf-Bev-Bev
X-HostName
X-Magnolia-Registration
X-Erf-Bev-Bev-Is-Generated
X-RateLimit-Limit
X-Selected-Scheme
CountryCode
DSUID
X-Selected-Host-Header
X-Selected-Name
Odigeo-Trace-Id
X-Provided-By
X-Nyt-Route
X-Origin-TTL
X-Origin-Expires
X-Origin-CC
X-Origin-Date
X-Origin-Time
X-Generated-In
X-ElasticPress-Query
X-Fetched-On
X-Device-Os
X-Developer
X-Cdn-Origin
X-Contensis-Viewer-Groups
X-Gdpr
X-Parent-Response-Time
X-Nginx-Cache-Key
X-Node-Id
X-Matched-Rule
X-Loc
X-GeoIP-City
X-Goog-Meta-Goog-Reserved-File-Mtime
X-NodeID
X-SIPLIST1
X-Trace-Id
X-Thinkindot-L3
X-VServer
X-Swa-Ws
X-UA-Device-Type
X-User
X-VC-Cache
X-Varnish-Url
X-Varnish-Authentication
X-Var-Ttl
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-ServiceProvider
X-SD-PageType
X-Rocket-Build-Number
X-Response-By
X-Sigma
X-Sigma-Backend
X-SRCache-Key
X-Cache-Info
X-Sn-Servicetimems
X-Request-URI
Section-Io-Id
X-Proxy-Cachei7
X-Request-URL
X-Apw-Hits
X-Apw-Access-Token
Source
X-Snapshot-Date
IsBot
Instruction
Cache-Name
Cache-Host
X-Apw-Access-Object
X-Apw-Access-Action
X-Dw-Trace-Id
Pragrma
X-MiniProfiler-Ids
X-C
X-PJAX-URL
X-DevSite-Last-Modified
Cneonction
Vha6-Origin
X-Nananana
Kp-EeAlive
Locid
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
SR-User-Adfree
True-Client-Country-4JS
V-Age
X-Cache-ASPX
X-Azure-Ref-OriginShield
X-API-Version
Vix-Hermes-Req-Id
Sever-Int
Server-Id
Resin-Trace
Release
Pramga
Path
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Server-Hostname
Server-Ext
Section-Origin-Responded
X-Cache-Expires