Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
Age
CF-RAY
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-Served-By
CF-Ray
X-Xss-Protection
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Methods
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-Request-ID
P3p
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Upgrade
Content-Encoding
X-Template
X-Language
X-CDN
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Ws-Request-Id
X-Age
Feature-Policy
X-Buckets
X-Backend
X-Dns-Prefetch-Control
X-AH-Environment
X-Hacker
X-UA-Device
X-Cache-Group
X-Robots-Tag
X-Amz-Request-Id
EagleId
X-Amz-Id-2
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
X-Server-Powered-By
Request-Context
Server-Timing
Host-Header
X-Nginx-Cache-Status
Grace
Xkey
Report-To
X-Page-Speed
X-Rq
Cf-Bgj
X-Varnish-Cache
X-OneAgent-JS-Injection
X-Pingback
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Ali-Swift-Global-Savetime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Amz-Version-Id
X-Vhost
X-Dispatcher
X-Host
NEL
X-Device
X-Backend-Server
X-Node
X-Cache-Lookup
Surrogate-Control
X-Ruxit-JS-Agent
X-Origin-Cache
X-Response-Time
Content-Location
X-Akam-SW-Version
Request-Id
X-ASPNET-VERSION
X-Ac
X-Country
X-Server-Id
X-Mod-Pagespeed
X-HW
Rating
EagleEye-TraceId
Akamai-Age-Ms
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Readtime
Accept-CH-Lifetime
X-Cloud-Trace-Context
Pinterest-Generated-By
X-Application-Context
Edge-Control
Accept-CH
X-Origin-Upstream-Status
X-Country-Code
X-DataDome
X-Vname
X-TtlSet
X-Url
X-PC
X-Varnish-TTL
Fusion-Component-Id
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Deployment-Id
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cnection
X-D2id
X-ESI
X-GitHub-Request-Id
X-MS-InvokeApp
X-Clacks-Overhead
X-Server-Name
X-Content-Type
Accept-Ch
X-Abt-Application-Version
X-FTR-Request-ID
X-Navigation-Version
X-Vcap-Request-Id
Verso
X-Trace
Pinterest-Version
X-Pinterest-Rid
Allow
X-Server-ID
X-Middleton-Response
Pagespeed
Display
X-Middleton-Display
Response
X-Sol
X-Px
X-B3-TraceId
X-Cached
X-DynaTrace
X-Element-Page-Cache
X-Rack-Cache
X-Fastly-Request-ID
Service-Worker-Allowed
X-TTL
Accept-Ch-Lifetime
X-Client-IP
X-Cache-TTL
X-Powered-By-Plesk
X-Version
Arr-Disable-Session-Affinity
MS-Author-Via
X-Upstream
X-Forwarded-Proto
X-T
Content-MD5
X-NF-Request-ID
X-Dw-Request-Base-Id
X-Debug
Fastly-Restarts
AR-Request-ID
Ar-Sid
AR-PoweredBy
AR-CACHE
X-SharePointHealthScore
AR-ATIME
SPRequestGuid
X-VARITI-CCR
X-Jurisdiction
X-XRDS-Location
X-Cdn-Fetch
X-Kinja
X-GoogleNews-Bot
X-Kinja-Revision
X-Exp-Variant
X-Use-Magma
X-Kinja-Server
X-Kinja-Build
X-Exp-Id
TP-Cache
TP-L2-Cache
Access-Control-Request-Method
X-Content-Digest
X-Powered-CMS
X-Goog-Hash
X-PressLabs-Stats
X-NWS-LOG-UUID
X-Edge
X-Release
X-MSEdge-Ref
TCN
X-Webkit-CSP
X-FastCGI-Cache
RTSS
Fastcgi-Cache
Cache-Tag
SPRequestDuration
S
SPIisLatency
X-Amz-Rid
X-Request-Processing-Time
X-Request-Received
Public-Key-Pins
X-Yandex-Sdch-Disable
X-Accel-Expires
X-MCACHE
X-Ezoic-Cdn
X-Mid
X-Ttl
Server-Node
X-Ratelimit-Remaining
X-Cache-Hit
X-Logged-In
X-Cache-Key
X-Node-Name
X-Amzn-Trace-Id
ServerID
X-Pinterest-Direct
Front-End-Https
Alternate-Protocol
X-Request-Handler-Origin-Region
X-Microsite
X-Ser
X-Recruiting
X-Page-Id
X-Origin-Server
X-ECACHE
X-Kinsta-Cache
X-B
X-Ratelimit-Limit
X-CST
Host
X-Hostname
X-Mobile-URL
Accept-Charset
X-FTR-Expires
X-Country-Code-Real
X-FTR-Realm
X-FireWall-Port
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-Forwarded-For
X-Seen-By
Realpath
Nginx-Cache
X-Content-Security-Policy-Report-Only
X-Varnish-Age
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Load-Cache
Filterid
X-Jobs
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-DIS-Request-ID
X-Daa-Tunnel
X-Content-Options
X-Id
X-Az
X-AppVersion
X-Shield-Request-Id
X-Activity-Id
X-Correlation-ID
X-Type
X-Varnish-Backend
X-LB-Cache
X-Git-Hash
X-F-Cache
Paypal-Debug-Id
X-N
X-Request-Guid
X-Rid
X-App-Environment
X-Varnish-Grace
X-Zen-Fury
Edge-Cache-Tag
Fastcgi-Useragent
X-FB-Debug
X-Hits
X-Grace
X-Proxy
X-App-Server
AMP-Access-Control-Allow-Source-Origin
DC
Content-Disposition
DynaTrace
X-Content-Powered-By
Cache-Tags
X-Akamai-Edgescape
X-Amz-Server-Side-Encryption
X-Cache-Operation
X-WebKit-CSP-Report-Only
Access-Control-Allow-Method
X-Cache-Rule
X-Mg-S
X-Endurance-Cache-Level
X-TEC-API-ORIGIN
X-Upgrade-Enabled
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Geo-Country
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Wix-Request-Id
Cleartype
X-VCache
MicrosoftSharePointTeamServices
X-Hp-Webp
X-Cached-By
X-Response-Served-From
X-Accel-Buffering
X-Original-Request-Id
X-IPLB-Instance
Refresh
NGB
X-Host-Name
X-B3-Sampled
X-AOL-HN
X-Rule
X-Amz-Apigw-Id
X-Amzn-RequestId
X-User-Agent
MS-CV
Healthy
Payment
X-Distributor
X-FW-Serve
X-FW-Type
X-HP-Webp
X-HS-Combine-CSS
X-FW-Hash
X-FW-Server
X-HS-Content-Id
X-Cacheable-TTL
X-HS-Cache-Config
X-B-Cache
X-Cache-Time
X-Signature
X-HS-Hub-Id
X-Region
X-FW-Static
X-FW-Dynamic
X-UUID
X-HTML-Minification-Powered-By
Datacenter
X-Instance
X-Rendered-As
X-Amz-Meta-S3cmd-Attrs
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Ua
X-Tumblr-Pixel-2
X-Whom
X-Tumblr-User
Powered
X-Tumblr-Pixel-0
X-Is-Bot
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
Countrycode
Arc-Version
PB-PID
PB-RID
X-Varnish-Server
X-Frontend
X-Debug-Info
X-XRDS-LOCATION
X-Mobile
X-Cache-Age
X-App-Version
X-Fastcgi-Cache
Surrogate-Key
X-Tec-Api-Version
X-PHP-Backend
X-Tec-Api-Root
X-Oneagent-Js-Injection
X-Tec-Api-Origin
X-DynaTrace-JS-Agent
X-Backend-Name
Cache
X-NewRelic-App-Data
X-Azure-Ref
S-Cnection
X-Cache-Server
Powered-By-ChinaCache
X-Via-JSL
X-Respond-Thread
X-Protected-By
X-Litespeed-Cache
X-WA-Info
X-FTR-Cache-Host
X-Hyper-Cache
X-Time
X-Cache-Control
Referer-Policy
Liferay-Portal
Retry-After
Webserver
X-Cache-Expired-At
X-Proxy-Cache-Status
Viewport
From-Origin
X-CSRF-Token
X-EdgeConnect-Cache-Status
X-FB-TRIP-ID
X-RemovedCookies
X-Mode
X-RN-RSRV
X-Cache-Var
X-Cache-Var-Map
Filters
X-ES-SERVER
X-Debug-Cache
X-Acc-Debug-Context
Meta-Geo
X-SERVER
X-Source
X-ProcessESI
X-R9-Blue-Green-Version
X-From
X-Qloud-Router
Section-Io-Cache
X-GeoIP
X-Locale
Eomportal-Instance
X-Device-Type
X-Sucuri-ID
X-Ratelimit-Reset
X-RTag
Cache-Tv-Group
X-Via-Fastly
X-PCL
X-Time-Microsecs
X-Site-Version
X-OCL
X-VWS-Id
X-Server-W
X-LJ-Flow-ID
Ms-Operation-Id
X-Cache-Host
X-BYPASS-REASON
X-AWS-Id
Mn-Server-Ip
X-ProxyCache-Key
X-ProxyCache-Status
X-Handled-By
Property-Id
Cross-Origin-Window-Policy
Ec-Rule-Version
Charset
DB-Nickname
X-FW-Version
X-NYM-Debug-Backend
X-Origin-Hint
X-Loop
X-Human
X-Hl-Ver
X-Proxied
X-Proxy-Build
X-ServerID
X-Routing-Service
X-Timing-Wait
X-TNCMS
X-Zipkin-Id
X-Framework
X-Cluster
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
TWC-Privacy
Webcakes-App-Name
X-Be
X-Cache-Action
X-Amzn-Remapped-Content-Length
Webcakes-Region
X-Xfnlog-Site
Selected-Fe
Webcakes-App-Version
X-L-Path
X-JoinUs
X-Labrador-Cache-Channel
X-PHP-Host
X-Proto
X-Hosted-By
X-Generated-By
X-Access
X-BCube-Filmed-By
X-Environment-Context
X-Format
X-Amz-Replication-Status
X-TA-CDN-Provider
X-Yottaa-Optimizations
X-Real-IP
X-Status
X-Yottaa-Metrics
X-SaId
X-Section
X-Revision
X-Redis-Cache
Uber-Trace-Id
X-Varnish-Cache-Hits
X-Cache-TTL-Remaining
X-Detected-As
X-NWS-UUID-VERIFY
X-No-Session
FSS-Cache
Frame-Options
Nel
X-Air-Hostname
X-ATG-Version
Version
X-Cache-PHP
X-NCache
X-Drupal-Cache-Contexts
X-Origin
X-URL
CF-Cached-On
X-Contextid
X-Sucuri-Cache
X-EIG-Tracking-Id
Server-Name
X-Drupal-Cache-Tags
X-IPS-LoggedIn
X-EC-Lua
X-Tt-Trace-Host
X-Tt-Trace-Tag
GEO-INFO
X-Cache-Enabled
X-Unique-Id
X-Instart-Request-ID
X-Vgn-Hpd-Cached
X-Bc-Bl
X-Vgn-Hpd-Variations-Key
Now
OT-Force-Account-Verify
X-CACHE-AGE
X-IP
X-Cache-Backend
X-Tumblr-Pixel-3
X-Akamai-Transformed
Time
X-GoCache-CacheStatus
X-Backend-Host
X-TT
X-Ruxit-Js-Agent
X-Adobe-Loc
X-Adobe-Content
X-RCS-CacheZone
Access-Control-Request-Headers
Node
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-TIME
X-Oss-Request-Id
X-Cdn
Azure-Version
X-NGENIX-Cache
Azure-SiteName
Azure-SlotName
Azure-InstanceId
Azure-RegionName
X-APP-VERSION
X-CDN-Forward
X-AIR-PT
X-A-Dam
X-CF-Lambda-Version
X-Trv-Group
X-A
Xc-Version
X-Date
X-CF-Lambda-Fn
X-D
X-Destination
X-A-Ccd
X-Connection-Hash
X-Worker
Fastcgi-X-Cache-Version
DCR-Decision-By
X-ARC
X-B-Cookie
X-Application
X-A-Wwc
X-Adobe-Source
X-Aed
X-Transaction
X-A-Dgt
X-Vtex-Remote-Cache
DCR-Processing-Time-Ms
CloudFront-Viewer-Country
X-CCM
X-A-Dcw
X-Cache-NE
X-Twitter-Response-Tags
Host-ID
X-Minions-Version
Rendered-Blocks
X-Cache-2
X-Rojux
SD-X-WS
Surrogated-Key
X-VG-WebCache
Apple-News-Services-Handled
X-S
X-PAYTM-SRV-ID
X-PBS-Appsvrname
MD5-Digest
X-Rewrite-Enabled
X-Request-UUID
Machine
X-Vdms-Version
Meta-Geo-Continent
Mobile-Detection-Method
X-Processor
X-Vdms-Path
X-Accel-Expires-Debug
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Apple-News-Services-Request-Url
X-Vtex-Processado-Em
X-G
X-External-Request-Id
Apple-News-Services-Parsed-Url
X-Up
X-S-Cookie
Apple-News-Services-Host
X-Generation-Time
X-VG-WebServer
X-ScT
X-UA
Fastly-SSL
Wxu-Next-Region
Is-Eu
Fastly-SWR
Wxu-Next-Hostname
Mail-Subject
Fastly-SIE
Platform
We-Hiring
CDN-Uid
CDN-RequestId
NM-Fastcgi-Cache
Wxu-Next-Commit
X-Dispatcher-Server
X-Req
X-Reqid
X-Varnishpool
X-Variation
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Owner
X-PERF
X-Platform
X-Pubstack
X-Servername
X-ShardId
X-Soup
X-Storage
X-Storefront-Renderer-Rendered
X-Thanos
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShopId
X-Shopify-Stage
X-Skip-Cache
X-SN
X-OVcl-Cache
X-OVcl
X-Cache-Grace
X-Cms-Context
X-Core-Value
X-CUA
X-Cache-Bucket
X-Bip
X-Agile-Age
X-Agile-Id
X-Alternate-Cache-Key
X-ApacheServer
X-DPWN-IS-SECURE
X-Edge-Location
X-Level-Front-Cache
X-Method
X-Microcachable
X-VG-TLSProxy
X-Hash
CDN-RequestCountryCode
X-Envoy-Decorator-Operation
X-Forwarded-Host
X-Generated-On
X-Agile
X-Backend-TTL
X-TX-ID
X-Varnish-Beresp-Ttl
CacheControlHeader
HostName
X-Varnish-Beresp-Status
X-Varnish-Ttl
Adler-Geo
CDN-CachedAt
CDN-EdgeStorageId
CDN-PullZone
CDN-Cache
AKAMAI
X-Varnish-Beresp-Grace
X-Cdn-Forward
X-Correlation-Id
X-Auto-Login
X-Backend-State
X-Cluster-Name
X-Core-Mission
X-Developers
X-Csrf-Jwt
X-Cache-Config
X-Proxy-Upstream
X-Cache-Tags
X-Cache-NGX
X-Cdn-Srv
X-CGP
X-Clientip
X-Clara-WADP
X-WADP-Cache
X-Fmm-Version
X-LI-UUID
X-Li-Pop
X-Li-Fabric
X-JWT-State
X-Location
X-Request-Start
X-Policy
X-Render-Time
X-Micro-Cache
X-Is-Gdpr
X-HS-Content-Campaign-Id
X-Amz-Meta-Cb-Modifiedtime
X-Fastly-Cache
X-Fastly-Backend
X-Eu-Site
X-Gamma-Serve
X-VHOST
X-HN
X-Has-Esi
X-Geo-Header
Ufe-Result
X-Cache-Date
Fastly-Backend-Name
Fastly-Drupal-HTML
C-Via
Ha-Gx-Prefs
HA-Ipaddr
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
L5d-Success-Class
Rt-Fastcgi-Cache
Gh-Request-Id
Group
X-VarnishDD-TTL
X-Webstats-RespID
Pagetype
X-Varnish-Cacheable
PFcat
L
Cache-Status
Country
Country-Code
X-Viewer-Country
X-NC
X-Dc
X-SayCDN-TTL
X-Web-Node
X-Cache-Id
X-Cache-URL
Origin
Memcached
X-Say-TTL
X-Say-Cacheable
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Gzip
X-Old-Content-Length
X-Content-Age
Akamai-GRN
X-Esi-Check
X-Request-Host
X-Ms-Version
X-Irp-Debug
X-Esi
X-Slack-Backend
Backend
M-TraceId
UCS
X-Ms-Request-Id
X-CS
X-Refresh
X-Mvc-Supplant-Cachable
X-PF-Uncompressing
X-Wa
X-NODE
X-Aicache-OS
FSS-Proxy
Arc-Country
X-LB-ID
X-BC
X-Ah-Environment
X-ZONE
X-ECache
X-RateLimit-Remaining
X-Via-Poph
X-Via-Popn
Actual-Object-TTL
X-ORACLE-APMCS-REQUEST-ID
Viewtype
VivaBuild
X-B3-Spanid
X-Platform-Server
NGX
X-Varnish-CookieINHashed-On
X-LAGOON
X-DefHash
X-Varnish-CookieHashed-On
X-Via-Ucdn
X-DefElseHash
X-RunCloud-Cache
X-Varnish-Remaining-TTL
Upgrade-Insecure-Requests
Geo-Info
Srv
X-Unique-ID
X-Branch-Name
X-Servedbyhost
X-LI-Proto
X-UPSTREAM-Address
X-Mvc-Supplant-OutputCached
X-Session-Fingerprint
X-Cache-Debug
X-Edge-Server
Cdn-Request-Time
Cdn-Host
X-Srv
X-Zone
X-Request-Time
X-Bc
Memory
X-Vgn-Hpd-Ssi
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Nginx-Cache
X-Route-Name
X-Flags
X-Providence-Cookie
X-Is-Crawler
X-Aspnet-Duration-Ms
Sid
X-LiteSpeed-Cache-Control
X-APP
X-Action
X-Geo
X-Mobile-Rewrite
CACHE
X-Varnish-Hostname
Xserver
X-FC-Vary-Parameters
X-Ftr-Cache-Host
X-Akamai-Request-ID2
X-CF-Powered-By
X-HS-Status
NtCoent-Length
X-DW
X-DSS
X-Epic-Correlation-Id
X-DI
X-RPM
X-DC
X-FPC
X-RSL
X-Cluster-Node
X-RPS
X-DB
X-Cs
WWW-Authenticate
X-MP-GENERATED-AT
X-B3-Traceid
X-GEO
X-NGINX-Cache
Server-Info
X-Hit
X-Nc
X-Oss-Cdn-Auth
X-Via-Popv
Hostname
X-Vcache
Geoip-Latitude
GeoIp-Country-Code
GeoIP-Latitude
GeoIP-Country-Code
X-Check-Cacheable
X-Page-View
Apigw-Requestid
ProcessTime
User-Agent
X-CSRF-TOKEN
XServer
X-NU-AKA-ACS-Version
Processtime
X-Datadome
X-VCL-Version
X-Vcl-Version
X-SERVER-NAME
X-FORWARDED-FOR
X-Webkit-CSP-Report-Only
Origin-Edge-Control
Origin-Cache-Control
SRV
X-Fpc
X-Dynatrace-Js-Agent
X-HOST
Cdn
X-Via-Edge
CF-IPCountry
W
X-Via-SSL
X-Tb
X-Key
X-Envoy-Upstream-Healthchecked-Cluster
X-Dispatch
Esi-Enabled
Accept-Language
X-UnsetCookies
Edge-Copy-Time
X-Via-CDN
X-HITS
X-Sql-Count
SID
X-Sql-Duration-Ms
X-Cache-Hfrom
Proxy-Firewall
S-Rt
X-Cache-Hm
On-Server
X-We-Are-Hiring
X-Svr
WebServer
HitType
LB
X-Fastly-Country-Code
A
X-Www-Served-By
X-App
X-CACHE-KEY
X-COUNTRY
X-Geo-Region
T-Server
X-Generated
X-Pjax-Url
Ohc-File-Size
CDN
Fastcgi-Cache-TTL
BehaviorPad-Version
Lb
ServedBy
Cteonnt-Length
Cache-Hits
N-Cache
X-Pass-Why
X-RAMCache
Amp-Access-Control-Allow-Source-Origin
X-SRV
X-S-Maxage
X-Path-Route
X-MSEdge-Flight
X-MSEdge-Features
Powered-By
X-Amzn-Remapped-Connection
Server-Host
X-Newrelic-App-Data
X-TrackingId
X-Instart-Info
X-Amzn-Remapped-Date
X-Cache-Remote
Xet-Cookie
Pics-Label
WZWS-RAY
X-Newrelic-Synthetics
Magicmarker
X-ServedByHost
X-Li-Proto
X-Dynatrace
X-Akamai-Pragma-Client-IP
X-Served-From
X-SB
Cache-Key
X-StackifyID
X-VC
X-TH-Server
X-Varnish-Hits
X-Lb-Id
X-Via-NSCOPI
Content-Style-Type
Content-Script-Type
Cache-Provider
Dnion-Transfer-Encoding
Server-Ttl
X-Info
X-Via-PopN
X-Origin-Response-Time
X-Via-PopH
X-Via-PopV
X-LiteSpeed-Tag
Ohc-Cache-HIT
X-B3-SpanId
X-Batcache
X-Cache-Tag
X-Presslabs-Stats
User-Cache-Control
X-Planisys-CDN-Cache
X-Region-Sid
Cf-Alt-Svc
X-Tt-Logid
X-ID
X-WA
X-TT-LOGID
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Agile-Brick-Ok
X-Vgn-Hpd-Reason
Protected
Tcn
Odigeo-Trace-Id
X-HostName
Who
X-DevSite-Last-Modified
Inserted-Into-Cache-At
X-Yottaa-OS
X-Pf-Uncompressing
X-Pad
X-Tid
X-Uri
X-RateLimit-Limit
X-Selected-Scheme
X-Selected-Name
Load-Balancing
CountryCode
X-Selected-Host-Header
Ssr
PICS-Label
X-Origin-CC
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Hits
X-Apw-Access-Action
X-Varnish-Beresp-TTL
X-Request-URL
X-Compress-Hint
X-Nananana
X-Magnolia-Registration
AsisCache
X-Akamai-ERPolicy
X-C
Mime-Version
X-Dw-Trace-Id
X-MiniProfiler-Ids
Vha6-Origin
X-Akamai-ERRuleID
GEO-REGION-INFO
Cneonction
X-Parent-Response-Time
X-Fastly-Cache-Hits
X-PJAX-URL
X-Developer
X-SRCache-Key
Pragrma
X-Proxy-Cachei7
X-Origin-TTL