Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
Age
CF-RAY
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-Served-By
CF-Ray
X-Xss-Protection
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Methods
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
P3p
X-Cacheable
X-Request-ID
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Upgrade
Content-Encoding
X-Template
X-Language
X-CDN
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Ws-Request-Id
X-Age
Feature-Policy
X-Buckets
X-Backend
X-AH-Environment
X-Hacker
X-UA-Device
X-Cache-Group
X-Robots-Tag
X-Server
X-Amz-Request-Id
EagleId
X-Amz-Id-2
X-Proxy-Cache
X-Turbo-Charged-By
X-Dns-Prefetch-Control
X-Server-Powered-By
Request-Context
Server-Timing
Host-Header
X-Nginx-Cache-Status
Grace
Xkey
Report-To
X-Page-Speed
X-Rq
Cf-Bgj
X-Varnish-Cache
X-OneAgent-JS-Injection
X-Pingback
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Amz-Version-Id
X-Vhost
NEL
X-Dispatcher
X-Host
X-Device
X-Backend-Server
X-Node
Surrogate-Control
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Origin-Cache
X-Response-Time
Content-Location
X-Akam-SW-Version
Request-Id
X-ASPNET-VERSION
X-Ac
X-Country
X-Server-Id
X-Mod-Pagespeed
X-HW
Rating
EagleEye-TraceId
Akamai-Age-Ms
X-ORACLE-DMS-ECID
X-Readtime
X-ORACLE-DMS-RID
Accept-CH
Accept-CH-Lifetime
X-Cloud-Trace-Context
Pinterest-Generated-By
X-Application-Context
Edge-Control
X-DataDome
X-Origin-Upstream-Status
X-Country-Code
X-Vname
X-PC
X-TtlSet
X-Varnish-TTL
Fusion-Deployment-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
X-Url
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cnection
X-D2id
X-ESI
X-GitHub-Request-Id
X-MS-InvokeApp
X-Clacks-Overhead
X-Server-Name
X-Content-Type
X-Abt-Application-Version
X-Navigation-Version
X-FTR-Request-ID
X-Vcap-Request-Id
Verso
Pinterest-Version
X-Pinterest-Rid
X-Trace
Allow
X-Server-ID
Display
X-Middleton-Response
X-Sol
X-Middleton-Display
Response
Pagespeed
X-Px
Accept-Ch
X-DynaTrace
X-Cached
X-Element-Page-Cache
X-Rack-Cache
X-Fastly-Request-ID
X-B3-TraceId
Service-Worker-Allowed
X-TTL
X-Client-IP
Accept-Ch-Lifetime
X-Cache-TTL
X-Powered-By-Plesk
X-Version
MS-Author-Via
Arr-Disable-Session-Affinity
X-Upstream
X-Forwarded-Proto
X-T
Content-MD5
X-NF-Request-ID
X-Dw-Request-Base-Id
X-Debug
Fastly-Restarts
AR-CACHE
AR-ATIME
AR-PoweredBy
AR-Request-ID
X-SharePointHealthScore
SPRequestGuid
Ar-Sid
X-VARITI-CCR
X-Jurisdiction
X-XRDS-Location
X-Kinja-Build
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
TP-Cache
TP-L2-Cache
Access-Control-Request-Method
X-Content-Digest
X-Powered-CMS
X-Goog-Hash
X-PressLabs-Stats
X-NWS-LOG-UUID
X-Release
X-Edge
X-MSEdge-Ref
TCN
X-Webkit-CSP
X-FastCGI-Cache
RTSS
Fastcgi-Cache
Cache-Tag
SPIisLatency
S
SPRequestDuration
X-Amz-Rid
X-Request-Processing-Time
X-Request-Received
Public-Key-Pins
X-Yandex-Sdch-Disable
X-Accel-Expires
X-MCACHE
X-Mid
X-Ttl
X-Ezoic-Cdn
Server-Node
X-Ratelimit-Remaining
X-Cache-Hit
X-Logged-In
X-Node-Name
X-Cache-Key
ServerID
X-Amzn-Trace-Id
X-Pinterest-Direct
Front-End-Https
Alternate-Protocol
X-ECACHE
X-Microsite
X-Request-Handler-Origin-Region
X-Ser
X-Recruiting
X-Page-Id
X-Origin-Server
X-Kinsta-Cache
X-B
X-Ratelimit-Limit
Host
X-Hostname
X-CST
X-Mobile-URL
Accept-Charset
X-FTR-Expires
X-FTR-Backend
X-FTR-Realm
X-FireWall-Port
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Balancer
X-FTR-Cache-Status
X-Forwarded-For
X-Seen-By
Nginx-Cache
Realpath
X-Content-Security-Policy-Report-Only
X-Varnish-Age
X-Correlation-ID
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Filterid
X-Jobs
Mrf-Cache-Status
X-Load-Cache
MRF-Tech
X-DIS-Request-ID
X-B3-TraceId-Primal
X-Content-Options
X-Daa-Tunnel
X-Id
X-Activity-Id
X-AppVersion
X-Az
X-Shield-Request-Id
X-Type
X-Git-Hash
X-F-Cache
Paypal-Debug-Id
X-Varnish-Backend
X-LB-Cache
X-N
X-Request-Guid
X-Rid
X-App-Environment
X-Zen-Fury
X-Varnish-Grace
Edge-Cache-Tag
Fastcgi-Useragent
X-FB-Debug
X-Hits
X-Proxy
X-Grace
X-App-Server
AMP-Access-Control-Allow-Source-Origin
DC
Content-Disposition
X-Content-Powered-By
Cache-Tags
DynaTrace
X-Amz-Server-Side-Encryption
X-Akamai-Edgescape
Access-Control-Allow-Method
X-WebKit-CSP-Report-Only
X-Cache-Rule
X-Cache-Operation
X-Mg-S
X-Upgrade-Enabled
X-Endurance-Cache-Level
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Geo-Country
X-Wix-Request-Id
X-VCache
Cleartype
MicrosoftSharePointTeamServices
X-Hp-Webp
X-Cached-By
X-Accel-Buffering
X-Response-Served-From
X-Original-Request-Id
X-IPLB-Instance
Refresh
X-B3-Sampled
NGB
X-Host-Name
X-Rule
MS-CV
Healthy
X-Distributor
X-Amzn-RequestId
Payment
X-AOL-HN
X-User-Agent
X-Amz-Apigw-Id
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-Region
X-Signature
X-HTML-Minification-Powered-By
X-FW-Dynamic
X-FW-Static
X-FW-Server
X-FW-Serve
X-Cacheable-TTL
X-HP-Webp
X-FW-Type
X-HS-Cache-Config
X-FW-Hash
X-B-Cache
X-Cache-Time
X-UUID
X-Amz-Meta-S3cmd-Attrs
Datacenter
X-Instance
X-Tumblr-Pixel-2
X-Tumblr-Pixel-0
X-Tumblr-User
X-Whom
X-Rendered-As
X-Is-Bot
X-Tumblr-Pixel
X-Tumblr-Pixel-1
Powered
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
PB-RID
Arc-Version
PB-PID
X-Debug-Info
X-Frontend
X-Mobile
X-XRDS-LOCATION
X-Varnish-Server
X-Cache-Age
X-Ua
Countrycode
X-Fastcgi-Cache
X-App-Version
X-PHP-Backend
X-Oneagent-Js-Injection
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
Surrogate-Key
X-DynaTrace-JS-Agent
X-Backend-Name
Cache
S-Cnection
X-Azure-Ref
X-NewRelic-App-Data
Powered-By-ChinaCache
X-FTR-Cache-Host
X-Cache-Server
X-Via-JSL
X-Respond-Thread
X-Litespeed-Cache
X-WA-Info
Webserver
X-Protected-By
X-Hyper-Cache
X-Cache-Control
Liferay-Portal
Referer-Policy
Retry-After
Viewport
X-Proxy-Cache-Status
X-Cache-Expired-At
X-URL
X-Time
From-Origin
X-FB-TRIP-ID
X-R9-Blue-Green-Version
Filters
Meta-Geo
X-Source
X-ES-SERVER
X-Debug-Cache
X-Cache-Var
X-Acc-Debug-Context
X-ProcessESI
X-Mode
X-RN-RSRV
X-EdgeConnect-Cache-Status
X-RemovedCookies
X-Cache-Var-Map
X-Qloud-Router
X-Locale
X-GeoIP
Section-Io-Cache
X-From
X-Device-Type
Eomportal-Instance
X-Sucuri-ID
X-VWS-Id
X-LJ-Flow-ID
Cache-Tv-Group
X-Server-W
X-Time-Microsecs
X-Site-Version
Mn-Server-Ip
X-Via-Fastly
Ms-Operation-Id
X-OCL
X-RTag
X-Cache-Host
X-BYPASS-REASON
X-PCL
X-ProxyCache-Status
X-ProxyCache-Key
X-AWS-Id
X-Ratelimit-Reset
X-Handled-By
X-TNCMS
Webcakes-App-Name
TWC-Privacy
Charset
X-Xfnlog-Site
X-Timing-Wait
Cross-Origin-Window-Policy
Ec-Rule-Version
X-Amzn-Remapped-Content-Length
X-Cluster
X-Be
X-Cache-Action
DB-Nickname
Webcakes-Region
X-Proxy-Build
TWC-GeoIP-Country
X-Origin-Hint
X-Loop
TWC-Device-Class
X-Human
X-ServerID
TWC-Connection-Speed
X-Hl-Ver
X-NYM-Debug-Backend
TWC-GeoIP-LatLong
X-Proxied
X-Routing-Service
X-FW-Version
X-Zipkin-Id
Property-Id
Selected-Fe
TWC-Locale-Group
X-Framework
Webcakes-App-Version
X-CSRF-Token
X-L-Path
X-JoinUs
X-Labrador-Cache-Channel
X-PHP-Host
X-Hosted-By
X-Format
X-Amz-Replication-Status
X-BCube-Filmed-By
X-Environment-Context
X-Access
X-Generated-By
X-Proto
X-Section
X-Status
X-SaId
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Real-IP
Uber-Trace-Id
X-Varnish-Cache-Hits
X-Redis-Cache
X-Revision
X-Cache-TTL-Remaining
X-TA-CDN-Provider
X-NWS-UUID-VERIFY
X-Detected-As
X-No-Session
FSS-Cache
Frame-Options
X-Air-Hostname
X-Cache-PHP
Version
X-ATG-Version
X-Drupal-Cache-Contexts
X-Origin
X-NCache
X-Sucuri-Cache
CF-Cached-On
X-Contextid
X-EIG-Tracking-Id
X-EC-Lua
X-Drupal-Cache-Tags
Server-Name
X-IPS-LoggedIn
X-Tt-Trace-Tag
X-Tt-Trace-Host
GEO-INFO
X-Unique-Id
X-Cache-Enabled
X-Bc-Bl
X-Instart-Request-ID
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
Now
OT-Force-Account-Verify
X-IP
X-Tumblr-Pixel-3
X-TIME
X-Akamai-Transformed
X-Cache-Backend
X-CACHE-AGE
Time
X-GoCache-CacheStatus
X-Backend-Host
X-Ruxit-Js-Agent
X-UA
X-TT
X-Adobe-Loc
X-Adobe-Content
Node
X-RCS-CacheZone
X-Cdn
X-Oss-Storage-Class
Access-Control-Request-Headers
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
Azure-SlotName
X-NGENIX-Cache
Azure-SiteName
Azure-InstanceId
Azure-RegionName
Azure-Version
X-CDN-Forward
X-APP-VERSION
X-AIR-PT
Xc-Version
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-Application
VIX-Pulpo-Node
Apple-News-Services-Request-Url
X-G
Apple-News-Services-Parsed-Url
X-CF-Lambda-Version
X-Generation-Time
X-Cache-NE
X-CF-Lambda-Fn
Apple-News-Services-Host
Apple-News-Services-Handled
X-Minions-Version
X-B-Cookie
X-ARC
DCR-Processing-Time-Ms
DCR-Decision-By
X-Worker
CloudFront-Viewer-Country
Fastcgi-X-Cache-Version
X-Adobe-Source
X-A
X-Destination
Rendered-Blocks
X-VG-WebServer
X-A-Ccd
X-A-Dam
X-A-Dcw
Meta-Geo-Continent
X-Vtex-Processado-Em
Mobile-Detection-Method
X-Date
X-Transaction
VIX-Pulpo-Upstream-Status
X-VG-WebCache
X-Vdms-Path
X-Vdms-Version
Surrogated-Key
X-Up
X-Trv-Group
X-Twitter-Response-Tags
SD-X-WS
X-D
MD5-Digest
X-Connection-Hash
X-Accel-Expires-Debug
X-A-Wwc
X-Vtex-Remote-Cache
Host-ID
X-CCM
X-External-Request-Id
X-Processor
X-Aed
X-Cache-2
X-A-Dgt
X-S
X-S-Cookie
Machine
X-Rojux
X-Request-UUID
X-ScT
X-Rewrite-Enabled
AKAMAI
Adler-Geo
X-Core-Value
X-CUA
X-Cms-Context
Fastly-SSL
X-Agile
Is-Eu
X-Agile-Age
X-Agile-Id
X-Alternate-Cache-Key
Mail-Subject
NM-Fastcgi-Cache
Wxu-Next-Commit
We-Hiring
Wxu-Next-Hostname
Wxu-Next-Region
Platform
Fastly-SWR
Fastly-SIE
CDN-PullZone
CDN-RequestCountryCode
CDN-EdgeStorageId
CDN-CachedAt
CDN-Cache
CDN-RequestId
CDN-Uid
X-Backend-TTL
X-ApacheServer
X-Bip
X-Cache-Bucket
X-Cache-Grace
CacheControlHeader
X-Varnish-Beresp-Grace
X-Varnish-Ttl
X-Pubstack
X-Rebelmouse-Cache-Control
HostName
X-Req
X-Rebelmouse-Surrogate-Control
X-TX-ID
X-Platform
X-OVcl
X-Method
X-OVcl-Cache
X-Owner
X-PERF
X-Reqid
X-Servername
X-Storage
X-Soup
X-Storefront-Renderer-Rendered
X-Thanos
X-Varnishpool
X-Variation
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShopId
X-ShardId
X-Shopify-Stage
X-Skip-Cache
X-SN
X-Level-Front-Cache
X-Microcachable
X-Envoy-Decorator-Operation
X-Edge-Location
X-Varnish-Beresp-Status
X-Generated-On
X-Forwarded-Host
X-Hash
X-VG-TLSProxy
X-Varnish-Beresp-Ttl
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-Cdn-Forward
X-Fastly-Cache
X-CGP
X-Fmm-Version
X-Csrf-Jwt
X-Render-Time
X-Gamma-Serve
X-Clara-WADP
X-Request-Start
X-VarnishDD-TTL
X-Cluster-Name
X-Core-Mission
X-Varnish-Cacheable
X-Clientip
X-Fastly-Backend
X-Eu-Site
X-Viewer-Country
X-Cdn-Srv
X-Location
X-Micro-Cache
X-Developers
X-Auto-Login
X-LI-UUID
X-Cache-Config
X-Is-Gdpr
X-Li-Fabric
X-Li-Pop
X-Cache-Date
Ufe-Result
X-HS-Content-Campaign-Id
X-Cache-Tags
X-Has-Esi
X-JWT-State
X-Geo-Header
X-Proxy-Upstream
X-Cache-NGX
X-HN
X-Policy
X-Webstats-RespID
X-Amz-Meta-Cb-Modifiedtime
X-WADP-Cache
X-Backend-State
Gh-Request-Id
Country
Group
Ha-Gx-Prefs
HA-Ipaddr
Country-Code
Decoy-Debug-Key
Decoy-Debug-Status
Fastly-Backend-Name
Fastly-Drupal-HTML
X-VHOST
Decoy-Debug-TTL
L
Pagetype
PFcat
Rt-Fastcgi-Cache
Cache-Status
C-Via
L5d-Success-Class
X-NC
Backend
Akamai-GRN
X-Gzip
X-Esi-Check
X-Content-Age
X-Irp-Debug
X-Say-Cacheable
X-Wikidot-Static-Cache
X-Wikidot-Backend
Origin
X-Ms-Request-Id
X-Ms-Version
X-Web-Node
X-Slack-Backend
X-Request-Host
X-Esi
X-Cache-URL
X-Say-TTL
X-SayCDN-TTL
X-Old-Content-Length
X-Dc
Memcached
M-TraceId
UCS
X-Cache-Id
X-CS
Nel
X-Refresh
X-BC
X-ZONE
X-PF-Uncompressing
X-Wa
X-Mvc-Supplant-Cachable
X-NODE
X-Aicache-OS
Arc-Country
FSS-Proxy
X-B3-Spanid
X-Correlation-Id
X-RateLimit-Remaining
X-Platform-Server
Viewtype
X-ORACLE-APMCS-REQUEST-ID
X-Via-Poph
X-LB-ID
VivaBuild
X-Via-Popn
Actual-Object-TTL
X-Varnish-CookieHashed-On
X-Via-Ucdn
X-DefElseHash
NGX
X-DefHash
X-LAGOON
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-RunCloud-Cache
X-B3-Traceid
Srv
Geo-Info
Upgrade-Insecure-Requests
X-Unique-ID
X-Branch-Name
X-Servedbyhost
X-LI-Proto
X-UPSTREAM-Address
X-Session-Fingerprint
X-Cache-Debug
Cdn-Request-Time
X-Edge-Server
X-Mvc-Supplant-OutputCached
Cdn-Host
X-ECache
X-SERVER
X-Srv
Memory
X-Request-Time
X-Vgn-Hpd-Ssi
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Flags
X-Bc
X-Aspnet-Duration-Ms
X-Zone
X-Route-Name
X-Is-Crawler
X-Providence-Cookie
X-LiteSpeed-Cache-Control
Sid
X-NGINX-Cache
X-Action
X-APP
X-FPC
X-Mobile-Rewrite
CACHE
X-Geo
X-Varnish-Hostname
X-Epic-Correlation-Id
X-Nginx-Cache
X-FC-Vary-Parameters
X-Cluster-Node
X-Cs
X-DW
X-HS-Status
X-DSS
X-DI
WWW-Authenticate
X-DB
X-CF-Powered-By
X-Akamai-Request-ID2
X-MP-GENERATED-AT
NtCoent-Length
X-RSL
X-RPS
X-DC
X-RPM
Server-Info
X-CSRF-TOKEN
X-Nc
X-Hit
X-GEO
GeoIp-Country-Code
Geoip-Latitude
X-Via-Popv
X-Oss-Cdn-Auth
Xserver
XServer
X-Vcache
Hostname
X-Ftr-Cache-Host
X-Check-Cacheable
Apigw-Requestid
ProcessTime
X-Page-View
User-Agent
GeoIP-Country-Code
Processtime
X-NU-AKA-ACS-Version
X-SERVER-NAME
GeoIP-Latitude
X-VCL-Version
X-Vcl-Version
X-FORWARDED-FOR
X-Webkit-CSP-Report-Only
Origin-Edge-Control
SRV
X-Dynatrace-Js-Agent
Origin-Cache-Control
X-HOST
X-Dispatch
W
X-Envoy-Upstream-Healthchecked-Cluster
X-Via-Edge
Edge-Copy-Time
X-Key
X-Tb
X-Fpc
Esi-Enabled
X-Via-SSL
X-Via-CDN
Accept-Language
X-UnsetCookies
CF-IPCountry
X-HITS
X-Sql-Duration-Ms
X-Sql-Count
SID
S-Rt
X-Cache-Hfrom
Proxy-Firewall
X-Svr
X-Cache-Hm
On-Server
X-We-Are-Hiring
Cdn
HitType
A
X-Fastly-Country-Code
X-Www-Served-By
Lb
CDN
X-Newrelic-App-Data
LB
X-App
X-CACHE-KEY
X-COUNTRY
N-Cache
Fastcgi-Cache-TTL
Amp-Access-Control-Allow-Source-Origin
T-Server
Cteonnt-Length
X-Generated
Ohc-File-Size
BehaviorPad-Version
X-Pass-Why
X-RAMCache
X-Geo-Region
ServedBy
Cache-Hits
WebServer
X-Path-Route
X-SRV
X-S-Maxage
X-Amzn-Remapped-Date
X-MSEdge-Flight
X-Amzn-Remapped-Connection
X-TrackingId
X-Pjax-Url
X-MSEdge-Features
X-Instart-Info
Server-Host
Powered-By
X-Cache-Remote
Xet-Cookie
WZWS-RAY
X-Newrelic-Synthetics
Pics-Label
X-ServedByHost
X-Li-Proto
Magicmarker
X-Datadome
X-Dynatrace
X-VC
X-Akamai-Pragma-Client-IP
X-StackifyID
X-Served-From
X-TH-Server
Cache-Key
X-SB
X-Lb-Id
X-Varnish-Hits
X-Via-PopN
X-Via-PopH
X-Via-NSCOPI
Server-Ttl
X-Origin-Response-Time
Cache-Provider
Content-Script-Type
X-Info
Content-Style-Type
Ohc-Cache-HIT
X-LiteSpeed-Tag
X-Via-PopV
Dnion-Transfer-Encoding
X-Batcache
CountryCode
X-Cache-Tag
X-Presslabs-Stats
User-Cache-Control
X-TT-LOGID
Cf-Alt-Svc
X-ID
X-Agile-Brick-Ok
X-WA
X-B3-SpanId
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Tt-Logid
X-Planisys-CDN-Cache
X-Region-Sid
X-Vgn-Hpd-Reason
Protected
Tcn
X-PJAX-URL
X-RateLimit-Limit
X-Tid
X-Uri
Inserted-Into-Cache-At
X-Yottaa-OS
X-Pad
Who
X-HostName
X-DevSite-Last-Modified
X-Pf-Uncompressing
Odigeo-Trace-Id
X-Selected-Scheme
Load-Balancing
X-Selected-Host-Header
X-Selected-Name
X-Apw-Access-Action
X-Parent-Response-Time
X-MiniProfiler-Ids
GEO-REGION-INFO
X-Akamai-ERRuleID
X-Apw-Access-Object
X-Dw-Trace-Id
Ssr
X-Origin-CC
X-Request-URL
X-Varnish-Beresp-TTL
X-Apw-Hits
Mime-Version
X-Apw-Access-Token
Vha6-Origin
X-SRCache-Key
X-Magnolia-Registration
X-Proxy-Cachei7
Cneonction
Pragrma
X-Origin-TTL
X-Nananana
X-Fastly-Cache-Hits
PICS-Label
AsisCache
X-Developer
X-Compress-Hint
X-Akamai-ERPolicy
X-C