Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
Age
CF-RAY
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Xss-Protection
Alt-Svc
X-Served-By
CF-Ray
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-Request-ID
P3p
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
Status
Upgrade
X-AspNetMvc-Version
Content-Encoding
X-Template
X-Language
X-CDN
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Ws-Request-Id
X-Age
Feature-Policy
X-Buckets
X-Backend
X-AH-Environment
X-Hacker
X-UA-Device
X-Cache-Group
X-Robots-Tag
X-Server
X-Amz-Request-Id
EagleId
X-Amz-Id-2
X-Proxy-Cache
X-Turbo-Charged-By
X-Dns-Prefetch-Control
X-Server-Powered-By
Request-Context
Server-Timing
Host-Header
X-Nginx-Cache-Status
Grace
Xkey
Report-To
X-Page-Speed
X-Rq
Cf-Bgj
X-Varnish-Cache
X-OneAgent-JS-Injection
X-Pingback
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Amz-Version-Id
X-Vhost
NEL
X-Host
X-Dispatcher
X-Device
X-Backend-Server
X-Node
X-Cache-Lookup
Surrogate-Control
X-Ruxit-JS-Agent
X-Origin-Cache
X-Response-Time
Content-Location
X-Akam-SW-Version
Request-Id
X-ASPNET-VERSION
X-Ac
X-Country
X-Server-Id
X-Mod-Pagespeed
X-HW
EagleEye-TraceId
Rating
Akamai-Age-Ms
X-ORACLE-DMS-ECID
X-Readtime
Accept-CH
Accept-CH-Lifetime
X-Cloud-Trace-Context
X-ORACLE-DMS-RID
Pinterest-Generated-By
X-Application-Context
Edge-Control
X-DataDome
X-Origin-Upstream-Status
X-Country-Code
X-Vname
X-TtlSet
X-PC
X-Url
X-Varnish-TTL
Fusion-Component-Id
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cnection
X-D2id
X-ESI
X-GitHub-Request-Id
X-MS-InvokeApp
X-Clacks-Overhead
X-Server-Name
X-Content-Type
X-Abt-Application-Version
X-Navigation-Version
X-FTR-Request-ID
X-Vcap-Request-Id
Verso
X-Trace
X-Pinterest-Rid
Pinterest-Version
Allow
X-Server-ID
X-Middleton-Display
Response
X-Middleton-Response
Pagespeed
X-Sol
Display
Accept-Ch
X-Px
X-Cached
X-Element-Page-Cache
X-Rack-Cache
Service-Worker-Allowed
X-B3-TraceId
X-DynaTrace
X-TTL
X-Fastly-Request-ID
Accept-Ch-Lifetime
X-Client-IP
X-Cache-TTL
X-Powered-By-Plesk
Arr-Disable-Session-Affinity
X-Version
X-Forwarded-Proto
MS-Author-Via
X-Upstream
X-T
Content-MD5
X-NF-Request-ID
X-Dw-Request-Base-Id
X-Debug
Fastly-Restarts
X-SharePointHealthScore
Ar-Sid
AR-Request-ID
AR-PoweredBy
AR-CACHE
AR-ATIME
SPRequestGuid
X-VARITI-CCR
X-Jurisdiction
X-XRDS-Location
X-Kinja-Revision
X-Kinja-Server
X-GoogleNews-Bot
X-Use-Magma
X-Exp-Id
X-Exp-Variant
X-Kinja
X-Kinja-Build
X-Cdn-Fetch
TP-L2-Cache
TP-Cache
Access-Control-Request-Method
X-Content-Digest
X-Powered-CMS
X-Goog-Hash
X-PressLabs-Stats
X-NWS-LOG-UUID
X-Release
X-Edge
X-MSEdge-Ref
TCN
X-Webkit-CSP
X-FastCGI-Cache
RTSS
Cache-Tag
Fastcgi-Cache
SPIisLatency
SPRequestDuration
S
X-Amz-Rid
X-Request-Received
X-Request-Processing-Time
X-Yandex-Sdch-Disable
Public-Key-Pins
X-Accel-Expires
X-Ezoic-Cdn
X-Mid
X-MCACHE
X-Ttl
Server-Node
X-Ratelimit-Remaining
X-Node-Name
X-Cache-Hit
X-Cache-Key
ServerID
X-Amzn-Trace-Id
X-Logged-In
X-Pinterest-Direct
Front-End-Https
Alternate-Protocol
X-Microsite
X-Request-Handler-Origin-Region
X-ECACHE
X-Ser
X-Recruiting
X-Origin-Server
X-Kinsta-Cache
X-Page-Id
X-B
X-Ratelimit-Limit
X-CST
X-Hostname
Host
X-Mobile-URL
Accept-Charset
X-FTR-Backend
X-Country-Code-Real
X-FireWall-Port
X-FTR-Balancer
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Expires
X-Forwarded-For
X-Seen-By
Nginx-Cache
Realpath
X-Varnish-Age
X-Content-Security-Policy-Report-Only
X-Correlation-ID
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Filterid
X-DIS-Request-ID
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Load-Cache
MRF-Tech
X-Jobs
X-Content-Options
X-Daa-Tunnel
X-Id
X-Activity-Id
X-AppVersion
X-Az
X-Shield-Request-Id
X-Type
X-Git-Hash
X-Varnish-Backend
Paypal-Debug-Id
X-LB-Cache
X-N
X-F-Cache
X-App-Environment
X-Rid
X-Request-Guid
X-Varnish-Grace
Edge-Cache-Tag
X-Zen-Fury
Fastcgi-Useragent
X-FB-Debug
X-Hits
X-Proxy
X-Grace
AMP-Access-Control-Allow-Source-Origin
X-App-Server
DC
Content-Disposition
Cache-Tags
DynaTrace
X-Amz-Server-Side-Encryption
X-Content-Powered-By
X-Akamai-Edgescape
X-Cache-Rule
X-Mg-S
X-WebKit-CSP-Report-Only
Access-Control-Allow-Method
X-Cache-Operation
X-Endurance-Cache-Level
X-Upgrade-Enabled
X-Geo-Country
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Wix-Request-Id
X-VCache
MicrosoftSharePointTeamServices
X-Hp-Webp
Cleartype
X-Accel-Buffering
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Cached-By
X-TEC-API-ROOT
X-Original-Request-Id
X-Response-Served-From
Refresh
X-IPLB-Instance
X-Host-Name
NGB
X-B3-Sampled
X-Distributor
X-User-Agent
Healthy
MS-CV
X-Amzn-RequestId
Payment
X-Rule
X-Amz-Apigw-Id
X-B-Cache
X-HP-Webp
X-HS-Hub-Id
X-HTML-Minification-Powered-By
X-UUID
X-HS-Content-Id
X-HS-Combine-CSS
X-FW-Dynamic
X-HS-Cache-Config
X-Signature
X-FW-Server
X-FW-Type
X-FW-Serve
X-FW-Hash
X-Region
X-Cache-Time
X-FW-Static
X-Instance
X-Whom
X-Cacheable-TTL
X-Tumblr-Pixel-1
X-Tec-Api-Root
X-Tumblr-User
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tumblr-Pixel
X-AOL-HN
Powered
X-Amz-Meta-S3cmd-Attrs
X-Tumblr-Pixel-0
X-Tumblr-Pixel-2
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Rendered-As
X-Is-Bot
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Metageneration
Countrycode
PB-RID
Arc-Version
PB-PID
X-Debug-Info
X-Mobile
X-Frontend
Datacenter
X-XRDS-LOCATION
X-Varnish-Server
X-Ua
X-Cache-Age
X-Fastcgi-Cache
X-App-Version
X-Oneagent-Js-Injection
Surrogate-Key
X-PHP-Backend
X-DynaTrace-JS-Agent
X-NewRelic-App-Data
X-Backend-Name
Cache
S-Cnection
Powered-By-ChinaCache
X-FTR-Cache-Host
X-Azure-Ref
X-Cache-Server
X-Via-JSL
X-Litespeed-Cache
X-Respond-Thread
X-WA-Info
Webserver
X-Hyper-Cache
X-Protected-By
X-Cache-Control
Referer-Policy
Retry-After
Liferay-Portal
X-Cache-Expired-At
Viewport
X-Proxy-Cache-Status
X-Time
X-FB-TRIP-ID
From-Origin
X-RemovedCookies
X-RN-RSRV
Filters
X-R9-Blue-Green-Version
Meta-Geo
X-ProcessESI
X-Source
X-Debug-Cache
X-Cache-Var-Map
X-Mode
X-Acc-Debug-Context
X-ES-SERVER
X-Cache-Var
X-From
Section-Io-Cache
X-GeoIP
X-Device-Type
X-Qloud-Router
X-Sucuri-ID
X-EdgeConnect-Cache-Status
X-Locale
X-ProxyCache-Status
X-Time-Microsecs
Mn-Server-Ip
X-PCL
X-AWS-Id
X-ProxyCache-Key
X-Ratelimit-Reset
X-Site-Version
Ms-Operation-Id
X-OCL
X-BYPASS-REASON
Cache-Tv-Group
Eomportal-Instance
X-Handled-By
X-RTag
X-Cache-Host
X-Via-Fastly
X-LJ-Flow-ID
X-VWS-Id
X-Server-W
Ec-Rule-Version
DB-Nickname
Cross-Origin-Window-Policy
Charset
Selected-Fe
X-Cluster
X-Cache-Action
TWC-GeoIP-Country
TWC-Device-Class
X-FW-Version
X-Framework
TWC-GeoIP-LatLong
X-Be
Webcakes-Region
X-Xfnlog-Site
TWC-Privacy
X-Amzn-Remapped-Content-Length
TWC-Locale-Group
X-Hl-Ver
X-Human
Property-Id
X-TNCMS
X-Timing-Wait
X-Proxy-Build
X-ServerID
X-Zipkin-Id
Webcakes-App-Name
X-NYM-Debug-Backend
X-Loop
X-Origin-Hint
X-Proxied
TWC-Connection-Speed
X-Routing-Service
Webcakes-App-Version
X-CSRF-Token
X-Access
X-Generated-By
X-Amz-Replication-Status
X-PHP-Host
X-Proto
X-Real-IP
X-Yottaa-Optimizations
X-Environment-Context
X-L-Path
X-Section
X-Labrador-Cache-Channel
X-Format
X-BCube-Filmed-By
X-Yottaa-Metrics
Uber-Trace-Id
X-Varnish-Cache-Hits
X-SaId
X-Status
X-Revision
X-JoinUs
X-Redis-Cache
X-Hosted-By
X-TA-CDN-Provider
X-Cache-TTL-Remaining
X-NWS-UUID-VERIFY
X-Detected-As
FSS-Cache
X-Air-Hostname
X-No-Session
X-ATG-Version
X-Cache-PHP
Frame-Options
X-Drupal-Cache-Contexts
X-NCache
X-Origin
X-URL
Version
X-Sucuri-Cache
X-Contextid
CF-Cached-On
X-EIG-Tracking-Id
X-EC-Lua
Server-Name
X-Drupal-Cache-Tags
X-IPS-LoggedIn
X-Tt-Trace-Tag
X-Tt-Trace-Host
GEO-INFO
X-Unique-Id
X-Aspnetmvc-Version
X-Cache-Enabled
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-Instart-Request-ID
X-Bc-Bl
Now
X-Tumblr-Pixel-3
X-CACHE-AGE
X-IP
OT-Force-Account-Verify
X-TIME
X-Cache-Backend
X-Akamai-Transformed
Time
X-GoCache-CacheStatus
X-Backend-Host
X-Ruxit-Js-Agent
X-TT
X-UA
X-Adobe-Content
X-Adobe-Loc
Access-Control-Request-Headers
X-RCS-CacheZone
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
X-Cdn
X-Oss-Object-Type
Node
X-Oss-Hash-Crc64ecma
Azure-RegionName
Azure-InstanceId
Azure-Version
X-NGENIX-Cache
Azure-SlotName
Azure-SiteName
X-APP-VERSION
X-AIR-PT
Apple-News-Services-Handled
Fastcgi-X-Cache-Version
Machine
Host-ID
Apple-News-Services-Host
X-Cache-2
CloudFront-Viewer-Country
Apple-News-Services-Request-Url
DCR-Decision-By
Apple-News-Services-Parsed-Url
DCR-Processing-Time-Ms
X-Accel-Expires-Debug
X-Rewrite-Enabled
X-Request-UUID
X-Rojux
X-S
X-S-Cookie
X-Processor
X-PBS-Appsvrname
X-G
X-Generation-Time
X-Minions-Version
X-PAYTM-SRV-ID
X-ScT
X-Transaction
X-Vtex-Processado-Em
X-VG-WebServer
X-Vtex-Remote-Cache
X-Worker
Xc-Version
X-VG-WebCache
X-Vdms-Version
X-Trv-Group
X-Twitter-Response-Tags
X-Up
X-Vdms-Path
X-External-Request-Id
X-Destination
X-A-Ccd
X-A
X-A-Dam
X-A-Dcw
X-A-Dgt
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Meta-Geo-Continent
Mobile-Detection-Method
Rendered-Blocks
SD-X-WS
X-A-Wwc
X-Adobe-Source
X-CF-Lambda-Version
X-Connection-Hash
X-D
X-Date
X-CF-Lambda-Fn
X-CCM
X-Aed
X-Application
X-ARC
X-Cache-NE
MD5-Digest
X-B-Cookie
X-CDN-Forward
X-Bip
Fastly-SIE
X-Cache-Bucket
X-TX-ID
Fastly-SSL
Fastly-SWR
Is-Eu
X-Backend-TTL
X-Forwarded-Host
X-Storefront-Renderer-Rendered
X-Storage
CDN-Uid
CacheControlHeader
X-Cache-Grace
X-Hash
X-Varnishpool
CDN-Cache
CDN-CachedAt
X-CUA
CDN-RequestCountryCode
CDN-PullZone
CDN-EdgeStorageId
X-Generated-On
X-VG-TLSProxy
X-Edge-Location
X-Envoy-Decorator-Operation
Wxu-Next-Region
Wxu-Next-Hostname
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-Agile-Id
X-Agile-Age
X-Agile
X-ShardId
Wxu-Next-Commit
We-Hiring
NM-Fastcgi-Cache
X-Variation
X-Varnish-Ttl
AKAMAI
Platform
X-ApacheServer
HostName
X-Alternate-Cache-Key
Surrogated-Key
X-Thanos
Mail-Subject
CDN-RequestId
X-Core-Value
X-Pubstack
X-Soup
X-Skip-Cache
X-Rebelmouse-Cache-Control
X-Method
X-Microcachable
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Platform
X-PERF
Adler-Geo
X-SN
X-OVcl
X-OVcl-Cache
X-Shopify-Stage
X-Rebelmouse-Surrogate-Control
X-Servername
X-Reqid
X-Cms-Context
X-ShopId
X-Req
X-Level-Front-Cache
X-Cdn-Forward
X-Dc
X-Core-Mission
X-Auto-Login
X-Cluster-Name
X-Varnish-Beresp-Ttl
X-CGP
X-Developers
X-Varnish-Beresp-Grace
X-Policy
X-Webstats-RespID
X-Fmm-Version
Pagetype
L5d-Success-Class
X-Amz-Meta-Cb-Modifiedtime
X-Clara-WADP
X-Fastly-Cache
X-Fastly-Backend
X-Render-Time
Rt-Fastcgi-Cache
X-Clientip
X-Eu-Site
X-Viewer-Country
PFcat
X-Request-Start
X-WADP-Cache
X-Proxy-Upstream
X-Backend-State
X-Li-Fabric
X-Geo-Header
Cache-Status
X-Li-Pop
X-LI-UUID
L
X-Location
C-Via
X-Cache-Date
X-Cache-NGX
X-HS-Content-Campaign-Id
X-Cache-Tags
X-HN
X-Is-Gdpr
X-JWT-State
X-Has-Esi
X-Varnish-Beresp-Status
X-Micro-Cache
Gh-Request-Id
X-Owner
X-Cache-Config
Ha-Gx-Prefs
HA-Ipaddr
X-VarnishDD-TTL
X-Csrf-Jwt
Fastly-Backend-Name
X-Varnish-Cacheable
X-Cdn-Srv
Ufe-Result
X-VHOST
Country-Code
Decoy-Debug-Key
Decoy-Debug-TTL
Decoy-Debug-Status
Country
X-NC
X-Content-Age
X-Cache-Id
X-Cache-URL
Fastly-Drupal-HTML
X-Ms-Version
Akamai-GRN
X-Ms-Request-Id
Backend
X-Gamma-Serve
X-Irp-Debug
X-Old-Content-Length
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
X-Request-Host
Origin
X-Gzip
Memcached
X-Web-Node
X-Esi
X-Wikidot-Backend
M-TraceId
X-Wikidot-Static-Cache
X-Esi-Check
Group
UCS
Nel
X-Refresh
X-Wa
X-BC
X-Mvc-Supplant-Cachable
X-PF-Uncompressing
X-Slack-Backend
X-ZONE
X-NODE
X-CS
X-Correlation-Id
X-B3-Spanid
X-Aicache-OS
FSS-Proxy
Arc-Country
Viewtype
VivaBuild
X-Platform-Server
X-LB-ID
Actual-Object-TTL
X-ORACLE-APMCS-REQUEST-ID
X-RateLimit-Remaining
X-B3-Traceid
NGX
X-DefHash
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-LAGOON
X-Via-Ucdn
X-Via-Popn
X-Via-Poph
X-RunCloud-Cache
X-DefElseHash
Geo-Info
X-Unique-ID
Upgrade-Insecure-Requests
Srv
X-Servedbyhost
X-Branch-Name
X-LI-Proto
X-UPSTREAM-Address
X-Session-Fingerprint
X-Edge-Server
Cdn-Request-Time
X-Mvc-Supplant-OutputCached
X-Cache-Debug
Cdn-Host
X-SERVER
X-ECache
Memory
X-Request-Time
X-Srv
X-Vgn-Hpd-Ssi
Sid
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Aspnet-Duration-Ms
X-Cs
X-Route-Name
X-Zone
X-Bc
X-Providence-Cookie
X-Flags
X-Is-Crawler
X-Action
X-NGINX-Cache
X-APP
X-LiteSpeed-Cache-Control
X-FPC
X-Varnish-Hostname
X-Geo
CACHE
X-Mobile-Rewrite
X-RSL
X-DB
WWW-Authenticate
X-HS-Status
X-Epic-Correlation-Id
X-Akamai-Request-ID2
X-CF-Powered-By
NtCoent-Length
X-DI
X-MP-GENERATED-AT
X-RPM
X-Nginx-Cache
X-RPS
X-Cluster-Node
X-DW
X-DSS
X-FC-Vary-Parameters
X-CSRF-TOKEN
Server-Info
X-Hit
X-Nc
X-GEO
X-Via-Popv
Geoip-Latitude
Xserver
X-Oss-Cdn-Auth
GeoIp-Country-Code
X-DC
X-Vcache
XServer
Hostname
X-Page-View
X-Ftr-Cache-Host
X-Check-Cacheable
Apigw-Requestid
User-Agent
X-SERVER-NAME
Processtime
ProcessTime
X-VCL-Version
GeoIP-Country-Code
GeoIP-Latitude
X-NU-AKA-ACS-Version
X-Vcl-Version
X-FORWARDED-FOR
X-Webkit-CSP-Report-Only
Origin-Cache-Control
Origin-Edge-Control
SRV
X-Dynatrace-Js-Agent
X-Dynatrace
X-HOST
X-Fpc
X-Key
X-Envoy-Upstream-Healthchecked-Cluster
Esi-Enabled
W
X-Via-SSL
CF-IPCountry
X-Via-Edge
Edge-Copy-Time
X-Dispatch
X-Via-CDN
Accept-Language
X-Tb
X-Sql-Count
X-Sql-Duration-Ms
X-HITS
X-Cache-Hfrom
X-We-Are-Hiring
S-Rt
X-UnsetCookies
On-Server
Proxy-Firewall
X-Cache-Hm
X-Svr
Cdn
SID
HitType
A
X-Www-Served-By
Lb
CDN
X-Fastly-Country-Code
X-App
LB
X-COUNTRY
X-CACHE-KEY
BehaviorPad-Version
Cache-Hits
N-Cache
T-Server
Amp-Access-Control-Allow-Source-Origin
ServedBy
X-Pass-Why
Fastcgi-Cache-TTL
Cteonnt-Length
X-Geo-Region
X-Generated
X-RAMCache
Ohc-File-Size
X-Oracle-Dms-Rid
X-Path-Route
WebServer
X-SRV
X-S-Maxage
X-MSEdge-Features
Server-Host
X-Instart-Info
X-Amzn-Remapped-Date
X-TrackingId
Powered-By
X-MSEdge-Flight
X-Newrelic-App-Data
X-Amzn-Remapped-Connection
X-Pjax-Url
Xet-Cookie
X-Cache-Remote
Magicmarker
X-Newrelic-Synthetics
Pics-Label
WZWS-RAY
X-ServedByHost
X-Li-Proto
X-Datadome
X-Via-PopN
X-Served-From
Cache-Key
X-VC
X-StackifyID
X-TH-Server
X-Lb-Id
X-Via-PopH
X-Akamai-Pragma-Client-IP
X-SB
X-Fastly-Request-Id
X-Varnish-Hits
Ohc-Cache-HIT
X-Via-NSCOPI
X-Origin-Response-Time
Content-Script-Type
Content-Style-Type
X-Info
Dnion-Transfer-Encoding
X-Via-PopV
Server-Ttl
X-LiteSpeed-Tag
X-Batcache
Cache-Provider
X-Cache-Tag
X-Presslabs-Stats
User-Cache-Control
X-ID
X-Region-Sid
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
Cf-Alt-Svc
X-Tt-Logid
X-B3-SpanId
X-Planisys-CDN-TTL
X-Agile-Brick-Ok
X-WA
X-TT-LOGID
Protected
Tcn
X-Vgn-Hpd-Reason
Odigeo-Trace-Id
X-Pad
X-Yottaa-OS
X-Tid
X-Pf-Uncompressing
Inserted-Into-Cache-At
Who
X-HostName
X-PJAX-URL
X-RateLimit-Limit
X-DevSite-Last-Modified
CountryCode
X-Selected-Host-Header
Load-Balancing
DataCenter
X-Selected-Name
X-Selected-Scheme
X-Proxy-Cachei7
X-Nananana
Cneonction
X-Apw-Access-Action
AsisCache
X-Apw-Access-Object
Ssr
X-Uri
URI
X-Request-URL
X-Varnish-Beresp-TTL
X-Apw-Access-Token
X-Apw-Hits
GEO-REGION-INFO
X-Akamai-ERPolicy
PICS-Label
X-Developer
X-Origin-TTL
X-Magnolia-Registration
X-Fastly-Cache-Hits
X-Origin-CC
X-SRCache-Key
X-Compress-Hint
X-C
X-Parent-Response-Time
Pragrma
X-Akamai-ERRuleID
X-Dw-Trace-Id
Mime-Version
X-MiniProfiler-Ids
Vha6-Origin