Some unnecessary HTTP headers you want to avoid:
- Vanity headers such as server, x-powered-by and via offer little value to end-users or developers but at worst they divulge sensitive information.
- Some headers, such as p3p, expires, x-frame-options and x-ua-compatible, represent deprecated standards.
- Headers that are only useful to debug data but are not recognized by any browser, such as x-cache, x-request-id, x-aspnet-version, x-amzn-requestID. As a developer, you may want to keep them on but know that removing them makes no difference to how your pages are rendered.
- x-robots-tag is a non-browser header only useful when the requesting agent is a crawler.
Full post here, 7 mins read