Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
Age
CF-RAY
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-Served-By
CF-Ray
X-Xss-Protection
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Methods
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
P3p
X-Cacheable
X-Request-ID
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Upgrade
Content-Encoding
X-CDN
X-Template
X-Language
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Ws-Request-Id
X-Age
Feature-Policy
X-Backend
X-AH-Environment
X-Buckets
X-Hacker
X-Cache-Group
X-Robots-Tag
X-Server
X-UA-Device
X-Amz-Request-Id
EagleId
X-Amz-Id-2
X-Proxy-Cache
X-Dns-Prefetch-Control
X-Turbo-Charged-By
X-Server-Powered-By
Request-Context
Server-Timing
Host-Header
X-Nginx-Cache-Status
Grace
Report-To
Xkey
X-Page-Speed
X-Rq
Cf-Bgj
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Cf-Railgun
Ali-Swift-Global-Savetime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Amz-Version-Id
X-Vhost
NEL
X-Host
X-Dispatcher
X-Device
X-Backend-Server
X-Node
X-Cache-Lookup
Surrogate-Control
X-Ruxit-JS-Agent
X-Origin-Cache
X-Response-Time
Content-Location
X-Akam-SW-Version
Request-Id
X-ASPNET-VERSION
X-Ac
X-Country
X-Server-Id
X-Mod-Pagespeed
EagleEye-TraceId
X-HW
Rating
Accept-CH
Accept-CH-Lifetime
X-Readtime
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Cloud-Trace-Context
Pinterest-Generated-By
X-Application-Context
X-DataDome
Edge-Control
X-Country-Code
X-Origin-Upstream-Status
X-Vname
X-PC
X-TtlSet
X-Url
X-Varnish-TTL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
Fusion-Deployment-Id
X-Cnection
Akamai-Age-Ms
X-D2id
X-GitHub-Request-Id
X-ESI
X-MS-InvokeApp
X-Clacks-Overhead
X-Content-Type
X-Server-Name
X-Abt-Application-Version
X-Navigation-Version
X-FTR-Request-ID
Allow
Pinterest-Version
X-Pinterest-Rid
X-Vcap-Request-Id
X-Trace
Verso
Response
Display
X-Middleton-Display
Pagespeed
X-Middleton-Response
X-Sol
X-Server-ID
X-Px
X-DynaTrace
X-Cached
X-Element-Page-Cache
X-Rack-Cache
X-Fastly-Request-ID
X-B3-TraceId
Service-Worker-Allowed
Accept-Ch
X-Client-IP
X-Cache-TTL
X-TTL
MS-Author-Via
Arr-Disable-Session-Affinity
X-Version
X-Powered-By-Plesk
X-Upstream
X-Forwarded-Proto
X-Dw-Request-Base-Id
Content-MD5
X-T
X-NF-Request-ID
AR-ATIME
AR-Request-ID
AR-CACHE
Ar-Sid
AR-PoweredBy
Fastly-Restarts
SPRequestGuid
X-Debug
X-SharePointHealthScore
X-VARITI-CCR
Accept-Ch-Lifetime
X-XRDS-Location
X-Jurisdiction
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-GoogleNews-Bot
X-Use-Magma
X-Exp-Id
X-Exp-Variant
X-Kinja
X-Cdn-Fetch
TP-Cache
TP-L2-Cache
X-Content-Digest
Access-Control-Request-Method
X-Powered-CMS
X-Goog-Hash
X-NWS-LOG-UUID
X-Edge
X-MSEdge-Ref
X-Release
X-PressLabs-Stats
TCN
X-Webkit-CSP
X-FastCGI-Cache
X-Ttl
RTSS
S
Cache-Tag
SPIisLatency
SPRequestDuration
Fastcgi-Cache
X-Amz-Rid
X-Request-Received
X-Request-Processing-Time
X-Yandex-Sdch-Disable
Public-Key-Pins
X-Ezoic-Cdn
X-Pinterest-Direct
X-Accel-Expires
X-Node-Name
X-MCACHE
X-Mid
Server-Node
X-Cache-Key
X-Ratelimit-Remaining
X-Cache-Hit
X-Logged-In
X-Amzn-Trace-Id
ServerID
Front-End-Https
X-Microsite
X-Request-Handler-Origin-Region
X-CST
X-Ser
Alternate-Protocol
X-Page-Id
X-Origin-Server
X-Recruiting
X-ECACHE
X-Kinsta-Cache
X-B
X-Ratelimit-Limit
Host
Accept-Charset
X-Hostname
X-Mobile-URL
X-FireWall-Port
X-FTR-Backend
X-Country-Code-Real
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Expires
X-FTR-Balancer
Nginx-Cache
X-Varnish-Age
X-Content-Security-Policy-Report-Only
X-SRCache-Fetch-Status
X-Forwarded-For
X-Seen-By
X-SRCache-Store-Status
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
Filterid
X-Load-Cache
X-DIS-Request-ID
Realpath
X-Jobs
X-Daa-Tunnel
X-Content-Options
X-Shield-Request-Id
X-Id
X-Activity-Id
X-AppVersion
X-Az
X-Correlation-ID
X-Varnish-Backend
X-Type
X-Git-Hash
X-App-Environment
X-F-Cache
X-LB-Cache
Edge-Cache-Tag
Paypal-Debug-Id
X-Request-Guid
X-Varnish-Grace
X-N
X-Rid
X-Zen-Fury
X-Hits
Fastcgi-Useragent
X-Grace
X-FB-Debug
X-Mg-S
X-Proxy
X-App-Server
AMP-Access-Control-Allow-Source-Origin
DynaTrace
Cache-Tags
Access-Control-Allow-Method
DC
X-Upgrade-Enabled
X-Content-Powered-By
Content-Disposition
X-WebKit-CSP-Report-Only
X-Akamai-Edgescape
X-TEC-API-VERSION
X-Amz-Server-Side-Encryption
X-Cache-Operation
X-Cache-Rule
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Kong-Proxy-Latency
X-Geo-Country
X-Kong-Upstream-Latency
Cleartype
MicrosoftSharePointTeamServices
X-Endurance-Cache-Level
X-HP-Webp
X-Wix-Request-Id
X-Cached-By
X-VCache
X-Response-Served-From
X-Host-Name
X-Accel-Buffering
X-Original-Request-Id
Refresh
X-IPLB-Instance
X-B3-Sampled
NGB
Healthy
X-Rule
X-Rendered-As
X-Is-Bot
X-HTML-Minification-Powered-By
X-Cacheable-TTL
X-Distributor
Payment
MS-CV
X-User-Agent
X-AOL-HN
X-UUID
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-Signature
X-FW-Static
X-FW-Dynamic
X-Cache-Time
X-B-Cache
X-FW-Hash
X-FW-Serve
X-FW-Type
X-Amz-Apigw-Id
X-FW-Server
X-HS-Cache-Config
X-Amzn-RequestId
X-Hp-Webp
X-Whom
Datacenter
X-Region
X-Instance
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel-0
X-Amz-Meta-S3cmd-Attrs
X-Tumblr-Pixel
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Fastcgi-Cache
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Metageneration
X-Mobile
X-Debug-Info
PB-RID
PB-PID
Arc-Version
X-XRDS-LOCATION
X-Frontend
X-Varnish-Server
X-Ua
Powered
X-App-Version
X-Cache-Age
Countrycode
Powered-By-ChinaCache
X-PHP-Backend
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Oneagent-Js-Injection
Surrogate-Key
S-Cnection
X-Respond-Thread
X-Backend-Name
X-FTR-Cache-Host
X-Cache-Server
X-Azure-Ref
X-Protected-By
X-Via-JSL
Cache
X-Litespeed-Cache
X-NewRelic-App-Data
X-DynaTrace-JS-Agent
X-Hyper-Cache
X-WA-Info
Liferay-Portal
X-Cache-Control
Viewport
Referer-Policy
X-Cache-Expired-At
X-Proxy-Cache-Status
Webserver
X-Acc-Debug-Context
Retry-After
X-EdgeConnect-Cache-Status
X-Time
X-FB-TRIP-ID
Filters
X-RemovedCookies
X-ProcessESI
X-Source
X-ES-SERVER
X-RN-RSRV
X-Mode
X-Debug-Cache
X-Sucuri-ID
X-R9-Blue-Green-Version
X-Cache-Var-Map
X-Cache-Var
Meta-Geo
Eomportal-Instance
From-Origin
X-Qloud-Router
X-Device-Type
X-From
X-Locale
Section-Io-Cache
Mn-Server-Ip
X-PCL
Ms-Operation-Id
X-Xfnlog-Site
X-Real-IP
X-Time-Microsecs
X-ProxyCache-Key
X-LJ-Flow-ID
X-BYPASS-REASON
X-Site-Version
X-Server-W
X-AWS-Id
X-RTag
X-GeoIP
X-Cache-Host
X-Ratelimit-Reset
X-OCL
X-VWS-Id
X-Via-Fastly
X-ProxyCache-Status
Cross-Origin-Window-Policy
Charset
Ec-Rule-Version
X-Human
X-Cluster
Cache-Tv-Group
X-Hl-Ver
X-Routing-Service
X-Handled-By
X-FW-Version
X-Cache-Action
X-Framework
TWC-Privacy
X-Loop
Property-Id
X-Timing-Wait
X-TNCMS
X-Proxied
X-Origin-Hint
X-Proxy-Build
TWC-Connection-Speed
TWC-Device-Class
Webcakes-App-Name
X-Zipkin-Id
Selected-Fe
TWC-Locale-Group
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Webcakes-Region
Webcakes-App-Version
X-CSRF-Token
X-Status
X-Proto
X-PHP-Host
X-Generated-By
X-Detected-As
X-SaId
X-Environment-Context
DB-Nickname
X-ServerID
X-Hosted-By
X-Amzn-Remapped-Content-Length
X-L-Path
X-Labrador-Cache-Channel
X-Yottaa-Optimizations
X-BCube-Filmed-By
X-NYM-Debug-Backend
X-JoinUs
X-Be
X-Yottaa-Metrics
Uber-Trace-Id
X-Section
X-Amz-Replication-Status
X-Access
X-Cache-TTL-Remaining
X-Revision
X-Format
X-Redis-Cache
X-Varnish-Cache-Hits
FSS-Cache
X-NWS-UUID-VERIFY
Version
X-Air-Hostname
X-No-Session
Frame-Options
X-Cache-PHP
X-ATG-Version
X-Drupal-Cache-Contexts
X-Sucuri-Cache
X-TA-CDN-Provider
X-URL
X-Origin
X-Contextid
X-NCache
GEO-INFO
X-Unique-Id
CF-Cached-On
X-Drupal-Cache-Tags
X-EIG-Tracking-Id
Server-Name
X-EC-Lua
X-IPS-LoggedIn
X-Tt-Trace-Tag
X-Tt-Trace-Host
OT-Force-Account-Verify
X-Cache-Enabled
X-IP
X-Bc-Bl
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-TIME
X-CACHE-AGE
X-Akamai-Transformed
Time
X-GoCache-CacheStatus
X-Cache-Backend
X-Backend-Host
Now
X-Adobe-Loc
X-Adobe-Content
X-Oss-Storage-Class
X-Tumblr-Pixel-3
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-Ruxit-Js-Agent
X-CDN-Forward
X-UA
X-AIR-PT
X-TT
Azure-Version
X-Cdn
Azure-SiteName
Azure-RegionName
Azure-InstanceId
X-Instart-Request-ID
Azure-SlotName
X-RCS-CacheZone
Access-Control-Request-Headers
X-APP-VERSION
Node
Apple-News-Services-Host
X-PAYTM-SRV-ID
X-Vtex-Processado-Em
Meta-Geo-Continent
X-S
Rendered-Blocks
Apple-News-Services-Parsed-Url
Mobile-Detection-Method
X-Rojux
X-CF-Lambda-Fn
Surrogated-Key
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-NGENIX-Cache
X-Vtex-Remote-Cache
MD5-Digest
SD-X-WS
X-Rewrite-Enabled
Apple-News-Services-Request-Url
Machine
X-S-Cookie
X-Transaction
X-PBS-Appsvrname
Fastcgi-X-Cache-Version
DCR-Processing-Time-Ms
X-Trv-Group
X-Twitter-Response-Tags
X-Up
Host-ID
X-Vdms-Path
X-VG-WebCache
X-VG-WebServer
DCR-Decision-By
X-Processor
CloudFront-Viewer-Country
X-Vdms-Version
X-Cache-2
X-ScT
Apple-News-Services-Handled
X-Minions-Version
X-D
X-A-Ccd
X-A-Wwc
X-Accel-Expires-Debug
X-Application
X-Worker
Xc-Version
X-A-Dcw
X-Aed
X-G
X-A-Dam
X-External-Request-Id
X-Adobe-Source
X-Cache-NE
X-Request-UUID
X-Connection-Hash
X-CCM
X-CF-Lambda-Version
X-B-Cookie
X-Date
X-Generation-Time
X-ARC
X-Destination
X-A
X-A-Dgt
X-PERF
Fastly-SWR
Fastly-SSL
Fastly-SIE
X-ApacheServer
X-Platform
X-Servername
CDN-PullZone
CDN-RequestCountryCode
CDN-RequestId
CDN-EdgeStorageId
CDN-CachedAt
X-ShopId
CDN-Cache
X-Cache-Grace
CDN-Uid
X-Bip
X-CUA
X-Core-Value
X-Alternate-Cache-Key
X-ShardId
X-Cache-Bucket
X-Backend-TTL
X-DPWN-IS-SECURE
X-Rebelmouse-Cache-Control
X-Microcachable
X-Generated-On
X-Pubstack
X-OVcl-Cache
X-OVcl
X-Method
Ufe-Result
X-Hash
We-Hiring
Wxu-Next-Hostname
X-Rebelmouse-Surrogate-Control
Wxu-Next-Region
X-Level-Front-Cache
X-Owner
X-Forwarded-Host
Wxu-Next-Commit
Is-Eu
X-Shopify-Stage
X-Dispatcher-Server
X-Reqid
X-Agile-Age
X-Agile
Mail-Subject
Platform
X-Req
NM-Fastcgi-Cache
X-Envoy-Decorator-Operation
X-Edge-Location
X-Agile-Id
X-Sorting-Hat-ShopId
X-Thanos
X-Storefront-Renderer-Rendered
X-Storage
X-Soup
X-Varnishpool
X-VG-TLSProxy
X-Varnish-Beresp-Ttl
X-NC
X-Varnish-Ttl
X-Sorting-Hat-PodId
X-Variation
X-SN
Adler-Geo
X-Skip-Cache
HostName
X-Correlation-Id
X-TX-ID
X-Backend-State
X-Ms-Request-Id
X-Auto-Login
X-Micro-Cache
X-Cache-NGX
X-Cache-Date
X-Cache-Config
X-Proxy-Upstream
X-VHOST
X-Policy
Rt-Fastcgi-Cache
X-Viewer-Country
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Webstats-RespID
X-WADP-Cache
X-Cache-Tags
X-Cdn-Srv
X-Fmm-Version
X-Fastly-Cache
X-Fastly-Backend
X-Eu-Site
X-Render-Time
X-Gamma-Serve
X-Li-Pop
X-HN
X-LI-UUID
X-Csrf-Jwt
X-Core-Mission
X-Clara-WADP
X-Li-Fabric
X-CGP
X-Clientip
X-Cluster-Name
X-Cms-Context
PFcat
X-Request-Start
X-HS-Content-Campaign-Id
X-Ms-Version
Fastly-Backend-Name
Fastly-Drupal-HTML
Decoy-Debug-TTL
Decoy-Debug-Status
L
X-Varnish-Cacheable
X-VarnishDD-TTL
HA-Ipaddr
L5d-Success-Class
Ha-Gx-Prefs
Group
Gh-Request-Id
Country-Code
Decoy-Debug-Key
AKAMAI
CacheControlHeader
Pagetype
Origin
C-Via
Cache-Status
X-Location
Akamai-GRN
X-Cache-URL
X-Old-Content-Length
X-Cache-Id
X-Say-Cacheable
X-Say-TTL
X-Irp-Debug
X-Is-Gdpr
Country
X-Geo-Header
X-Gzip
X-JWT-State
X-Esi-Check
X-SayCDN-TTL
X-Slack-Backend
X-Developers
X-Request-Host
X-Has-Esi
X-Content-Age
X-Web-Node
X-Amz-Meta-Cb-Modifiedtime
Memcached
X-Wikidot-Backend
X-Wikidot-Static-Cache
Backend
X-Esi
UCS
X-Cdn-Forward
Nel
X-CS
X-Wa
X-Mvc-Supplant-Cachable
FSS-Proxy
X-Refresh
X-PF-Uncompressing
M-TraceId
X-NODE
X-Dc
X-Aicache-OS
X-Platform-Server
X-ZONE
X-BC
X-ECache
X-Varnish-CookieHashed-On
X-DefHash
X-Varnish-Remaining-TTL
X-Via-Popn
X-LB-ID
X-DefElseHash
X-Varnish-CookieINHashed-On
X-B3-Spanid
X-LAGOON
X-RateLimit-Remaining
X-Via-Poph
Arc-Country
Upgrade-Insecure-Requests
Viewtype
VivaBuild
X-B3-Traceid
X-UPSTREAM-Address
X-Branch-Name
X-Session-Fingerprint
X-LI-Proto
X-Servedbyhost
X-Ua-Device
X-Via-Ucdn
X-Cache-Debug
X-ORACLE-APMCS-REQUEST-ID
X-RunCloud-Cache
Actual-Object-TTL
NGX
Srv
X-Is-Crawler
X-Flags
X-Providence-Cookie
X-Mvc-Supplant-OutputCached
X-Route-Name
Cdn-Request-Time
X-Aspnet-Duration-Ms
CACHE
X-Edge-Server
Cdn-Host
X-SERVER
Geo-Info
X-Unique-ID
X-Debug-Cache-Store
X-Debug-Cache-Fetch
Memory
X-Request-Time
X-Bc
X-Zone
X-Srv
X-Vgn-Hpd-Ssi
X-DC
X-Varnish-Hostname
X-FPC
X-NGINX-Cache
X-HS-Status
X-Action
X-APP
X-Nginx-Cache
X-GEO
X-DI
X-DB
WWW-Authenticate
X-DSS
X-DW
X-RSL
X-RPS
X-RPM
X-Akamai-Request-ID2
X-CF-Powered-By
X-Page-View
X-Cs
Sid
X-LiteSpeed-Cache-Control
X-CSRF-TOKEN
Xserver
X-Geo
X-Oss-Cdn-Auth
NtCoent-Length
X-Via-Popv
X-Cluster-Node
Geoip-Latitude
X-MP-GENERATED-AT
X-Epic-Correlation-Id
GeoIp-Country-Code
X-Check-Cacheable
XServer
Hostname
X-Mobile-Rewrite
X-Hit
X-Vcache
X-FC-Vary-Parameters
X-VCL-Version
X-Dynatrace-Js-Agent
X-NU-AKA-ACS-Version
Server-Info
X-Ftr-Cache-Host
X-Nc
ProcessTime
SRV
User-Agent
GeoIP-Latitude
GeoIP-Country-Code
Apigw-Requestid
X-SERVER-NAME
Processtime
X-FORWARDED-FOR
X-Webkit-CSP-Report-Only
X-Sql-Duration-Ms
X-Sql-Count
X-Vcl-Version
W
X-UnsetCookies
Edge-Copy-Time
X-Via-SSL
X-Via-Edge
X-Via-CDN
X-HOST
SID
Esi-Enabled
Origin-Edge-Control
On-Server
Origin-Cache-Control
X-Fpc
Accept-Language
X-We-Are-Hiring
X-Key
X-Svr
S-Rt
X-Envoy-Upstream-Healthchecked-Cluster
X-HITS
X-Www-Served-By
CF-IPCountry
Proxy-Firewall
X-Cache-Hfrom
X-Dispatch
Cdn
X-Cache-Hm
X-Tb
LB
WebServer
X-Fastly-Country-Code
Cache-Hits
X-SRV
N-Cache
Lb
X-S-Maxage
A
ServedBy
CDN
X-Newrelic-App-Data
T-Server
HitType
X-COUNTRY
X-CACHE-KEY
Server-Host
X-MSEdge-Flight
X-Pjax-Url
X-MSEdge-Features
Amp-Access-Control-Allow-Source-Origin
Ohc-File-Size
X-Cache-Remote
X-Geo-Region
X-Pass-Why
Cteonnt-Length
X-Presslabs-Stats
X-App
X-Amzn-Remapped-Date
Magicmarker
X-Generated
Powered-By
Fastcgi-Cache-TTL
X-RAMCache
Pics-Label
X-Amzn-Remapped-Connection
WZWS-RAY
X-Instart-Info
BehaviorPad-Version
X-VC
X-Varnish-Hits
X-ServedByHost
X-Li-Proto
X-Newrelic-Synthetics
X-SB
X-TrackingId
X-Path-Route
X-Datadome
X-Dynatrace
Xet-Cookie
X-Akamai-Pragma-Client-IP
X-Lb-Id
X-Info
Cache-Key
X-StackifyID
X-Served-From
X-TH-Server
X-B3-SpanId
X-Via-PopV
Cache-Provider
Server-Ttl
Protected
X-LiteSpeed-Tag
X-Via-PopH
Ohc-Cache-HIT
X-Via-PopN
Dnion-Transfer-Encoding
X-Via-NSCOPI
X-Batcache
X-Cache-Tag
CountryCode
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
Cf-Alt-Svc
X-TT-LOGID
X-WA
X-Tt-Logid
X-Planisys-CDN-Rules
X-Origin-Response-Time
X-Agile-Brick-Ok
Content-Style-Type
Content-Script-Type
X-ID
User-Cache-Control
X-Uri
Tcn
X-Vgn-Hpd-Reason
Ssr
X-PJAX-URL
Who
X-Pf-Uncompressing
X-RateLimit-Limit
Inserted-Into-Cache-At
X-Region-Sid
X-Pad
X-HostName
X-Yottaa-OS
X-Tid
X-Pinterest-Sli-Response-Type
X-Pinterest-Sli-Endpoint-Name
X-Selected-Scheme
X-Selected-Name
X-Selected-Host-Header
Tracecode
X-Pinterest-Sli-Latency-Threshold
D-Cc-Upstream
Lfy
X-Magnolia-Registration
X-C
X-Request-URL
Source
X-Cache-Spec
X-Scheme
X-Snapshot-Date
X-Men
X-Cc-Via
X-Cc-Req-Id
X-Varnish-Beresp-TTL
Mime-Version
X-Nananana
Vha6-Origin
X-DevSite-Last-Modified
X-Proxy-Cachei7
Cneonction
Pragrma
X-Dw-Trace-Id
X-Apw-Access-Token
X-Apw-Hits
X-Apw-Access-Object
X-Apw-Access-Action
X-MiniProfiler-Ids
PICS-Label