Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
Age
CF-RAY
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-Served-By
CF-Ray
X-Xss-Protection
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Methods
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Permitted-Cross-Domain-Policies
P3p
X-Cache-Status
X-Generator
X-Request-ID
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Upgrade
Content-Encoding
X-Template
X-Language
X-CDN
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Ws-Request-Id
X-Age
Feature-Policy
X-Buckets
X-Backend
X-AH-Environment
X-Hacker
X-UA-Device
X-Cache-Group
X-Robots-Tag
X-Server
X-Amz-Request-Id
EagleId
X-Amz-Id-2
X-Proxy-Cache
X-Turbo-Charged-By
X-Dns-Prefetch-Control
X-Server-Powered-By
Request-Context
Server-Timing
Host-Header
X-Nginx-Cache-Status
Grace
Xkey
Report-To
X-Page-Speed
X-Rq
Cf-Bgj
X-Varnish-Cache
X-OneAgent-JS-Injection
X-Pingback
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Ali-Swift-Global-Savetime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Amz-Version-Id
X-Vhost
NEL
X-Dispatcher
X-Host
X-Device
X-Backend-Server
X-Node
Surrogate-Control
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Origin-Cache
X-Response-Time
Content-Location
X-Akam-SW-Version
Request-Id
X-ASPNET-VERSION
X-Ac
X-Country
X-Server-Id
X-Ua-Compatible
X-Mod-Pagespeed
X-HW
Rating
EagleEye-TraceId
Akamai-Age-Ms
X-Readtime
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Accept-CH
Accept-CH-Lifetime
X-Cloud-Trace-Context
Pinterest-Generated-By
X-Application-Context
Edge-Control
X-DataDome
X-Origin-Upstream-Status
X-Country-Code
X-Vname
X-TtlSet
X-PC
X-Varnish-TTL
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Content-Source
X-Url
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cnection
X-D2id
X-ESI
X-GitHub-Request-Id
X-MS-InvokeApp
X-Clacks-Overhead
X-Server-Name
X-Content-Type
X-Abt-Application-Version
X-Navigation-Version
X-FTR-Request-ID
X-Vcap-Request-Id
Verso
Pinterest-Version
X-Pinterest-Rid
X-Trace
X-Server-ID
Allow
Display
Pagespeed
Response
X-Sol
X-Middleton-Response
X-Middleton-Display
X-Px
Accept-Ch
X-Cached
X-DynaTrace
X-Element-Page-Cache
X-Rack-Cache
X-Fastly-Request-ID
X-B3-TraceId
Service-Worker-Allowed
X-TTL
Accept-Ch-Lifetime
X-Client-IP
X-Cache-TTL
X-Powered-By-Plesk
X-Version
Arr-Disable-Session-Affinity
X-Upstream
MS-Author-Via
X-Forwarded-Proto
X-T
Content-MD5
X-NF-Request-ID
X-Dw-Request-Base-Id
X-Debug
Fastly-Restarts
X-SharePointHealthScore
AR-Request-ID
SPRequestGuid
AR-ATIME
Ar-Sid
AR-PoweredBy
AR-CACHE
X-VARITI-CCR
X-Jurisdiction
X-XRDS-Location
X-Kinja-Build
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
TP-L2-Cache
TP-Cache
Access-Control-Request-Method
X-Content-Digest
X-Powered-CMS
X-Goog-Hash
X-PressLabs-Stats
X-NWS-LOG-UUID
X-Release
X-Edge
X-MSEdge-Ref
TCN
X-Webkit-CSP
X-FastCGI-Cache
RTSS
Cache-Tag
Fastcgi-Cache
SPRequestDuration
S
SPIisLatency
X-Amz-Rid
X-Request-Processing-Time
X-Request-Received
Public-Key-Pins
X-Yandex-Sdch-Disable
X-Accel-Expires
X-Ezoic-Cdn
X-Mid
X-MCACHE
X-Ttl
Server-Node
X-Ratelimit-Remaining
X-Cache-Hit
X-Logged-In
X-Cache-Key
X-Node-Name
ServerID
X-Amzn-Trace-Id
X-Pinterest-Direct
Front-End-Https
Alternate-Protocol
X-Microsite
X-Request-Handler-Origin-Region
X-ECACHE
X-Ser
X-Recruiting
X-Page-Id
X-Origin-Server
X-Kinsta-Cache
X-B
X-Ratelimit-Limit
X-Hostname
Host
X-Mobile-URL
Accept-Charset
X-CST
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Expires
X-FTR-Realm
X-FireWall-Port
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-Forwarded-For
Realpath
X-Seen-By
Nginx-Cache
X-Content-Security-Policy-Report-Only
X-Varnish-Age
X-Correlation-ID
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Filterid
X-Load-Cache
X-Jobs
X-B3-TraceId-Primal
X-DIS-Request-ID
MRF-Tech
Mrf-Cache-Status
X-Content-Options
X-Id
X-Daa-Tunnel
X-Shield-Request-Id
X-Activity-Id
X-AppVersion
X-Az
X-Type
X-Varnish-Backend
X-Git-Hash
Paypal-Debug-Id
X-F-Cache
X-LB-Cache
X-App-Environment
X-N
X-Request-Guid
X-Rid
X-Zen-Fury
X-Varnish-Grace
Edge-Cache-Tag
Fastcgi-Useragent
X-FB-Debug
X-Hits
X-Grace
X-Proxy
X-App-Server
AMP-Access-Control-Allow-Source-Origin
DC
Content-Disposition
X-Content-Powered-By
Cache-Tags
DynaTrace
X-Akamai-Edgescape
X-Amz-Server-Side-Encryption
X-WebKit-CSP-Report-Only
Access-Control-Allow-Method
X-Cache-Operation
X-Mg-S
X-Cache-Rule
X-Upgrade-Enabled
X-Endurance-Cache-Level
X-Kong-Proxy-Latency
X-Geo-Country
X-Kong-Upstream-Latency
X-Wix-Request-Id
Cleartype
MicrosoftSharePointTeamServices
X-VCache
X-Hp-Webp
X-Cached-By
X-Original-Request-Id
X-TEC-API-ORIGIN
X-Response-Served-From
X-Accel-Buffering
X-TEC-API-ROOT
X-TEC-API-VERSION
X-IPLB-Instance
Refresh
X-B3-Sampled
NGB
X-Host-Name
X-Amz-Apigw-Id
X-User-Agent
X-Rule
X-Amzn-RequestId
X-Distributor
Payment
MS-CV
X-AOL-HN
Healthy
X-FW-Type
X-FW-Static
X-HS-Content-Id
X-FW-Server
X-HS-Combine-CSS
X-FW-Hash
X-Cache-Time
X-HS-Hub-Id
X-FW-Dynamic
X-B-Cache
X-FW-Serve
X-HS-Cache-Config
X-HTML-Minification-Powered-By
X-UUID
X-HP-Webp
X-Cacheable-TTL
X-Region
X-Signature
X-Tumblr-User
X-Instance
Powered
X-Whom
X-Tumblr-Pixel-2
X-Rendered-As
Datacenter
X-Amz-Meta-S3cmd-Attrs
X-Tumblr-Pixel-0
X-Is-Bot
X-Tumblr-Pixel-1
X-Tec-Api-Version
X-Tumblr-Pixel
X-Tec-Api-Root
X-Tec-Api-Origin
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
Countrycode
PB-PID
PB-RID
Arc-Version
X-Mobile
X-Debug-Info
X-XRDS-LOCATION
X-Varnish-Server
X-Frontend
X-Ua
X-Cache-Age
X-App-Version
X-Fastcgi-Cache
Surrogate-Key
X-PHP-Backend
X-Oneagent-Js-Injection
X-DynaTrace-JS-Agent
X-NewRelic-App-Data
X-Backend-Name
Cache
S-Cnection
X-Azure-Ref
X-FTR-Cache-Host
X-Cache-Server
X-Via-JSL
X-Litespeed-Cache
Powered-By-ChinaCache
X-WA-Info
X-Respond-Thread
Webserver
X-Protected-By
X-Hyper-Cache
X-Cache-Control
Referer-Policy
Retry-After
Liferay-Portal
Viewport
X-Cache-Expired-At
X-Proxy-Cache-Status
X-URL
X-Time
X-FB-TRIP-ID
From-Origin
Filters
X-RemovedCookies
X-RN-RSRV
X-R9-Blue-Green-Version
Meta-Geo
X-Source
X-EdgeConnect-Cache-Status
X-Debug-Cache
X-ProcessESI
X-Cache-Var-Map
X-Cache-Var
X-Acc-Debug-Context
X-ES-SERVER
X-Mode
X-Sucuri-ID
Eomportal-Instance
Section-Io-Cache
X-From
X-GeoIP
X-Qloud-Router
X-Device-Type
X-Locale
X-Via-Fastly
X-BYPASS-REASON
Cache-Tv-Group
X-ProxyCache-Status
Ms-Operation-Id
X-AWS-Id
X-Handled-By
X-Cache-Host
X-VWS-Id
X-ProxyCache-Key
X-Site-Version
X-Server-W
X-RTag
X-OCL
Mn-Server-Ip
X-PCL
X-Ratelimit-Reset
X-LJ-Flow-ID
X-Time-Microsecs
Property-Id
Cross-Origin-Window-Policy
X-Hl-Ver
Charset
Ec-Rule-Version
DB-Nickname
TWC-GeoIP-LatLong
X-Framework
X-Zipkin-Id
Webcakes-App-Name
TWC-Privacy
X-FW-Version
X-Cluster
X-Xfnlog-Site
X-Be
X-Cache-Action
X-Amzn-Remapped-Content-Length
Webcakes-Region
X-Proxied
X-NYM-Debug-Backend
X-Proxy-Build
X-Timing-Wait
TWC-Device-Class
X-TNCMS
X-Human
TWC-Connection-Speed
TWC-GeoIP-Country
X-Origin-Hint
X-Routing-Service
X-Loop
X-ServerID
TWC-Locale-Group
Selected-Fe
Webcakes-App-Version
X-CSRF-Token
X-BCube-Filmed-By
X-SaId
X-Section
X-Proto
X-PHP-Host
X-JoinUs
X-L-Path
X-Labrador-Cache-Channel
X-Status
X-Amz-Replication-Status
X-Generated-By
X-Format
X-Real-IP
X-Environment-Context
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Hosted-By
X-Access
X-Redis-Cache
X-Revision
X-Varnish-Cache-Hits
Uber-Trace-Id
X-TA-CDN-Provider
X-Cache-TTL-Remaining
X-Detected-As
X-NWS-UUID-VERIFY
FSS-Cache
X-No-Session
Frame-Options
X-Air-Hostname
X-Cache-PHP
X-ATG-Version
Version
X-Drupal-Cache-Contexts
X-NCache
X-Origin
CF-Cached-On
X-Sucuri-Cache
X-Contextid
X-EIG-Tracking-Id
X-EC-Lua
Server-Name
X-Drupal-Cache-Tags
X-IPS-LoggedIn
X-Tt-Trace-Tag
X-Tt-Trace-Host
GEO-INFO
X-Cache-Enabled
X-Unique-Id
X-Vgn-Hpd-Cached
X-Instart-Request-ID
X-Vgn-Hpd-Variations-Key
X-Bc-Bl
OT-Force-Account-Verify
Now
X-TIME
X-Tumblr-Pixel-3
X-Akamai-Transformed
X-IP
X-CACHE-AGE
X-Cache-Backend
Time
X-GoCache-CacheStatus
X-Backend-Host
X-TT
X-Ruxit-Js-Agent
X-UA
X-Adobe-Content
X-Adobe-Loc
Node
X-RCS-CacheZone
X-Cdn
Access-Control-Request-Headers
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-NGENIX-Cache
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-Version
Azure-InstanceId
X-APP-VERSION
X-AIR-PT
X-CDN-Forward
X-CCM
X-ARC
X-Application
Fastcgi-X-Cache-Version
X-G
Xc-Version
X-CF-Lambda-Version
X-Worker
X-PAYTM-SRV-ID
VIX-Pulpo-Node
Apple-News-Services-Host
Apple-News-Services-Handled
CloudFront-Viewer-Country
X-External-Request-Id
DCR-Decision-By
X-Vdms-Path
X-Minions-Version
X-B-Cookie
X-CF-Lambda-Fn
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
DCR-Processing-Time-Ms
X-Generation-Time
X-Aed
X-VG-WebCache
X-A-Ccd
X-A
X-Destination
X-A-Dam
Mobile-Detection-Method
X-A-Dcw
Meta-Geo-Continent
X-VG-WebServer
X-Date
Rendered-Blocks
X-Vdms-Version
X-Up
Surrogated-Key
VIX-Pulpo-Upstream-Status
X-Twitter-Response-Tags
X-Trv-Group
X-D
SD-X-WS
X-Transaction
MD5-Digest
X-Connection-Hash
X-Accel-Expires-Debug
X-Vtex-Processado-Em
X-PBS-Appsvrname
Host-ID
X-Adobe-Source
X-Processor
X-Vtex-Remote-Cache
X-Cache-NE
X-A-Dgt
X-A-Wwc
X-S-Cookie
Machine
X-ScT
X-Request-UUID
X-S
X-Rojux
X-Rewrite-Enabled
X-Cache-2
AKAMAI
Adler-Geo
X-Cms-Context
X-Core-Value
Fastly-SSL
X-Agile
Is-Eu
X-Agile-Age
X-Agile-Id
Fastly-SWR
X-Alternate-Cache-Key
Mail-Subject
NM-Fastcgi-Cache
Wxu-Next-Commit
We-Hiring
Wxu-Next-Hostname
Wxu-Next-Region
Platform
X-CUA
Fastly-SIE
CDN-EdgeStorageId
CDN-PullZone
CDN-CachedAt
CDN-Cache
X-Cache-Grace
CDN-RequestCountryCode
CDN-RequestId
X-Backend-TTL
X-ApacheServer
X-Bip
X-Cache-Bucket
CDN-Uid
CacheControlHeader
X-Varnish-Beresp-Ttl
X-Varnish-Ttl
X-Pubstack
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Reqid
X-Req
X-TX-ID
X-Platform
X-OVcl
X-Method
X-OVcl-Cache
X-Owner
HostName
X-PERF
X-Servername
X-ShardId
X-Storage
X-VG-TLSProxy
X-Storefront-Renderer-Rendered
X-Thanos
X-Varnishpool
X-Variation
X-Soup
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-ShopId
X-Skip-Cache
X-SN
X-Sorting-Hat-PodId
X-Level-Front-Cache
X-Microcachable
X-Varnish-Beresp-Status
X-Envoy-Decorator-Operation
X-Hash
X-Forwarded-Host
X-Generated-On
X-Edge-Location
X-Varnish-Beresp-Grace
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-Cdn-Forward
X-VarnishDD-TTL
X-Fmm-Version
X-Fastly-Cache
X-Viewer-Country
X-Request-Start
X-Developers
X-Gamma-Serve
X-Varnish-Cacheable
X-Fastly-Backend
X-Render-Time
X-Clientip
X-Eu-Site
X-Core-Mission
X-Cluster-Name
X-CGP
X-Clara-WADP
X-Cache-Tags
Ufe-Result
X-Micro-Cache
X-Csrf-Jwt
X-Is-Gdpr
X-Location
X-LI-UUID
X-Cache-Date
X-Li-Fabric
X-Cache-Config
X-Li-Pop
X-Auto-Login
X-Webstats-RespID
X-Proxy-Upstream
X-Cache-NGX
X-JWT-State
X-Geo-Header
X-Has-Esi
X-Policy
X-HS-Content-Campaign-Id
X-HN
X-WADP-Cache
X-Amz-Meta-Cb-Modifiedtime
X-Cdn-Srv
X-Backend-State
Gh-Request-Id
Country
Group
Ha-Gx-Prefs
HA-Ipaddr
Country-Code
Decoy-Debug-Key
Decoy-Debug-Status
Fastly-Backend-Name
Fastly-Drupal-HTML
X-VHOST
Decoy-Debug-TTL
L
L5d-Success-Class
Rt-Fastcgi-Cache
Cache-Status
C-Via
Pagetype
PFcat
X-NC
X-Gzip
Backend
X-Esi-Check
X-Content-Age
Akamai-GRN
X-Irp-Debug
X-Say-Cacheable
X-Wikidot-Static-Cache
X-Wikidot-Backend
Origin
X-Ms-Request-Id
X-Ms-Version
X-Web-Node
X-Slack-Backend
X-Request-Host
X-Esi
X-Cache-URL
X-Say-TTL
X-SayCDN-TTL
X-Old-Content-Length
X-Dc
UCS
Memcached
X-Cache-Id
M-TraceId
X-CS
Nel
X-ZONE
X-Refresh
X-PF-Uncompressing
X-Mvc-Supplant-Cachable
X-BC
X-Wa
X-NODE
FSS-Proxy
X-B3-Spanid
X-Aicache-OS
X-Correlation-Id
Arc-Country
Viewtype
X-RateLimit-Remaining
X-ORACLE-APMCS-REQUEST-ID
X-LB-ID
X-Via-Popn
VivaBuild
X-Via-Poph
Actual-Object-TTL
X-Platform-Server
X-Varnish-CookieHashed-On
X-DefElseHash
X-Via-Ucdn
NGX
X-DefHash
X-LAGOON
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-RunCloud-Cache
X-B3-Traceid
Srv
Upgrade-Insecure-Requests
Geo-Info
X-Unique-ID
X-LI-Proto
X-Branch-Name
X-Servedbyhost
X-UPSTREAM-Address
X-Mvc-Supplant-OutputCached
Cdn-Request-Time
X-Session-Fingerprint
Cdn-Host
X-Edge-Server
X-Cache-Debug
X-SERVER
X-ECache
Memory
X-Vgn-Hpd-Ssi
X-Srv
X-Request-Time
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Bc
X-Zone
X-Flags
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Route-Name
X-Is-Crawler
Sid
X-Action
X-FPC
X-APP
X-LiteSpeed-Cache-Control
X-NGINX-Cache
X-Mobile-Rewrite
X-Geo
X-Varnish-Hostname
X-RPM
X-DI
X-Cluster-Node
X-DSS
NtCoent-Length
X-DB
X-Nginx-Cache
X-HS-Status
X-DC
CACHE
X-DW
X-CF-Powered-By
X-FC-Vary-Parameters
X-MP-GENERATED-AT
WWW-Authenticate
X-Cs
X-RPS
X-RSL
X-Akamai-Request-ID2
X-Epic-Correlation-Id
X-Nc
X-CSRF-TOKEN
Server-Info
X-GEO
X-Hit
Geoip-Latitude
Xserver
X-Oss-Cdn-Auth
GeoIp-Country-Code
X-Via-Popv
XServer
X-Vcache
Hostname
X-Ftr-Cache-Host
X-Page-View
ProcessTime
X-Check-Cacheable
Apigw-Requestid
User-Agent
GeoIP-Country-Code
X-SERVER-NAME
X-Vcl-Version
Processtime
X-VCL-Version
X-NU-AKA-ACS-Version
GeoIP-Latitude
X-FORWARDED-FOR
X-Webkit-CSP-Report-Only
Origin-Edge-Control
Origin-Cache-Control
SRV
X-Dynatrace-Js-Agent
X-HOST
Esi-Enabled
Accept-Language
X-Via-SSL
CF-IPCountry
X-Fpc
X-Dispatch
X-Envoy-Upstream-Healthchecked-Cluster
X-Via-CDN
X-UnsetCookies
Edge-Copy-Time
W
X-Tb
X-Key
X-Via-Edge
X-Sql-Count
X-HITS
SID
X-Sql-Duration-Ms
X-Svr
Proxy-Firewall
Cdn
X-We-Are-Hiring
X-Cache-Hfrom
S-Rt
On-Server
X-Cache-Hm
HitType
CDN
Lb
A
X-Fastly-Country-Code
X-Www-Served-By
X-App
LB
X-CACHE-KEY
X-COUNTRY
T-Server
Amp-Access-Control-Allow-Source-Origin
Fastcgi-Cache-TTL
X-Geo-Region
X-Generated
Ohc-File-Size
X-Pass-Why
X-RAMCache
BehaviorPad-Version
Cache-Hits
ServedBy
Cteonnt-Length
N-Cache
WebServer
X-SRV
X-Path-Route
X-S-Maxage
X-Newrelic-App-Data
X-MSEdge-Flight
X-TrackingId
X-MSEdge-Features
X-Pjax-Url
X-Instart-Info
Powered-By
Server-Host
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
Xet-Cookie
X-Cache-Remote
X-Li-Proto
X-ServedByHost
Magicmarker
Pics-Label
WZWS-RAY
X-Newrelic-Synthetics
X-Dynatrace
X-Datadome
X-SB
X-VC
X-StackifyID
X-Akamai-Pragma-Client-IP
X-Lb-Id
X-TH-Server
X-Served-From
Cache-Key
X-Varnish-Hits
X-Via-PopH
X-Via-NSCOPI
Content-Style-Type
Content-Script-Type
X-Origin-Response-Time
Server-Ttl
X-Info
Ohc-Cache-HIT
X-LiteSpeed-Tag
Cache-Provider
X-Via-PopN
X-Via-PopV
X-Batcache
Dnion-Transfer-Encoding
X-Presslabs-Stats
X-Cache-Tag
User-Cache-Control
Cf-Alt-Svc
X-WA
X-TT-LOGID
X-ID
X-B3-SpanId
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Tt-Logid
X-Planisys-CDN-TTL
X-Agile-Brick-Ok
X-Region-Sid
X-Vgn-Hpd-Reason
Protected
Tcn
X-PJAX-URL
Who
X-RateLimit-Limit
X-Pad
X-Uri
Inserted-Into-Cache-At
X-Yottaa-OS
X-Tid
X-DevSite-Last-Modified
X-HostName
Odigeo-Trace-Id
X-Pf-Uncompressing
X-Selected-Host-Header
CountryCode
X-Selected-Name
X-Selected-Scheme
Load-Balancing
X-Parent-Response-Time
X-Apw-Access-Action
X-Akamai-ERRuleID
X-Apw-Access-Object
X-MiniProfiler-Ids
GEO-REGION-INFO
X-Dw-Trace-Id
Ssr
X-Origin-CC
X-Request-URL
X-Varnish-Beresp-TTL
X-Apw-Hits
Vha6-Origin
X-Apw-Access-Token
X-C
X-Magnolia-Registration
X-SRCache-Key
X-Proxy-Cachei7
Cneonction
Pragrma
X-Origin-TTL
X-Nananana
X-Fastly-Cache-Hits
PICS-Label
AsisCache
X-Developer
X-Compress-Hint
X-Akamai-ERPolicy
Mime-Version