Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
X-Content-Type-Options
Pragma
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Xss-Protection
X-Amz-Cf-Id
X-Served-By
Referrer-Policy
X-Varnish
X-Request-Id
X-Timer
CF-Cache-Status
X-AspNet-Version
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
Status
Timing-Allow-Origin
X-Template
X-Language
X-Permitted-Cross-Domain-Policies
X-FRAME-OPTIONS
X-Iinfo
Content-Encoding
X-CDN
X-Content-Security-Policy
X-Buckets
X-Turbo-Charged-By
X-Request-ID
X-Type
Upgrade
WPE-Backend
X-Pass-Why
Keep-Alive
X-Cache-Group
X-AH-Environment
Xkey
CF-Ray
X-Backend
Access-Control-Max-Age
X-Age
Access-Control-Expose-Headers
X-Via
EagleId
X-Drupal-Dynamic-Cache
X-Nginx-Cache-Status
X-Server-Powered-By
X-Amz-Request-Id
X-Amz-Id-2
X-Pingback
X-Server
X-Swift-SaveTime
X-Swift-CacheTime
X-Hacker
X-UA-Device
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Robots-Tag
P3p
Cf-Railgun
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-LiteSpeed-Cache
Request-Context
X-Device
X-Ac
X-Kinja-Server-Push
Content-Location
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Lookup
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-Response-Time
X-Host
X-Backend-Server
Surrogate-Control
X-Cnection
X-Rq
X-Server-Id
X-Readtime
X-Rack-Cache
Server-Timing
X-WebKit-CSP
Report-To
X-Node
X-Cloud-Trace-Context
EagleEye-TraceId
X-Application-Context
Request-Id
X-ORACLE-DMS-ECID
Feature-Policy
X-Instart-Request-ID
X-Ua-Compatible
X-Iejgwucgyu
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Edge-Control
X-CST
Pinterest-Generated-By
X-Country
NEL
X-Px
X-Url
Rating
X-TTL
X-Server-Name
X-Country-Code
X-Ruxit-JS-Agent
X-DataDome
X-Origin-Cache
X-Varnish-TTL
X-DynaTrace
X-MS-InvokeApp
Allow
X-Vhost
X-TtlSet
X-Vname
X-PC
X-Cached
X-FTR-Request-ID
RTSS
X-ESI
X-Goog-Hash
X-Powered-CMS
X-DynaTrace-JS-Agent
Charset
X-Powered-By-Plesk
X-VARITI-CCR
X-Server-ID
Accept-CH
X-D2id
X-Dispatcher
Public-Key-Pins
X-GitHub-Request-Id
X-Mod-Pagespeed
X-Oracle-Dms-Rid
Arc-Version
PB-RID
PB-PID
X-Mobile-Rewrite
X-F-Cache
X-Trace
X-Kinja-Build
X-Exp-Id
X-Kinja-Server
X-Kinja-Revision
X-Exp-Variant
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja
SPRequestGuid
MS-Author-Via
Content-MD5
X-Version
Verso
X-SharePointHealthScore
X-T
X-Recruiting
Nginx-Cache
X-Abt-Application-Version
X-Shield-Request-Id
SPIisLatency
SPRequestDuration
X-Client-IP
X-Forwarded-Proto
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Accept-CH-Lifetime
X-HW
X-N
X-DIS-Request-ID
X-Navigation-Version
X-Dw-Request-Base-Id
X-B3-TraceId
X-Amz-Rid
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Env
X-Origin-Upstream-Status
X-Upstream
Fastly-Restarts
X-XRDS-Location
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-B
AR-PoweredBy
AR-CACHE
AR-ATIME
X-Fastly-Request-ID
Paypal-Debug-Id
X-ORACLE-DMS-RID
X-Hits
X-Wix-Server-Artifact-Id
X-Accel-Buffering
X-Amz-Meta-S3cmd-Attrs
Realpath
TCN
DynaTrace
Arr-Disable-Session-Affinity
X-Content-Options
X-Pad
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-Webkit-Csp
X-NF-Request-ID
Service-Worker-Allowed
X-Content-Digest
X-Id
X-Goog-Storage-Class
X-Ser
Tracecode
X-Acc-Meta-Resource-Type
Access-Control-Request-Method
X-Varnish-Age
S
Front-End-Https
X-Amz-Cf-Pop
X-Debug
X-Mrf-Section-Lastmod
MRF-Tech
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Middleton-Display
X-Sol
Display
X-Vcap-Request-Id
X-FastCGI-Cache
X-Kinsta-Cache
X-PressLabs-Stats
X-MSEdge-Ref
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Country-Code-Real
X-Frontend
X-FTR-Backend
X-FTR-Expires
X-FTR-DC
X-FTR-Realm
X-IPLB-Instance
X-RateLimit-Remaining
X-Cache-Hit
X-ATG-Version
Surrogate-Key
Powered-By-ChinaCache
X-Geo-Segment
X-Forwarded-For
X-HS-Content-Id
X-HS-Hub-Id
X-Zen-Fury
Fastcgi-Cache
X-Grace
Response
X-Middleton-Response
X-NewRelic-App-Data
X-CF-Powered-By
Rt-Fastcgi-Cache
Server-Name
X-Logged-In
Backend-Timing
X-Mobile
X-Analytics
X-Litespeed-Cache
X-Debug-Info
X-SS-Set-Cookie
Host
AMP-Access-Control-Allow-Source-Origin
X-Akam-SW-Version
X-Rid
X-FTR-Cache-Host
X-Revision
FilterID
TP-Cache
TP-L2-Cache
X-Amzn-Trace-Id
X-Edge-Location
X-Request-Received
X-Request-Processing-Time
X-User-Agent
X-Cache-Key
X-TA-CDN-Provider
MicrosoftSharePointTeamServices
Cache-Status
Edge-Cache-Tag
X-Cached-By
X-Accel-Expires
X-SERVER
Refresh
X-Magnolia-Registration
X-Drupal-Cache-Tags
Host-Header
X-GUploader-UploadID
Liferay-Portal
X-Cache-Rule
ServerID
X-Webkit-CSP
X-Varnish-Backend
X-Oneagent-Js-Injection
X-Node-Name
X-AOL-HN
X-Whom
X-Akamai-Edgescape
X-Newrelic-App-Data
X-Platform-Server
X-FB-Debug
X-Framework
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-B3-Sampled
X-Cluster
DC
Cache-Tag
X-HS-Cache-Config
Ar-Sid
X-B-Cache
X-Cache-2
X-Cache-Control
X-Instance
X-Varnish-Hostname
X-Signature
Public-Key-Pins-Report-Only
X-Content-Security-Policy-Report-Only
X-LB-Cache
X-Device-Type
X-Page-Id
X-BCube-Filmed-By
X-App-Environment
X-Ttl
X-Handled-By
X-Request-Guid
Cleartype
Accept-Charset
X-Srv
X-AppVersion
X-Az
X-Activity-Id
X-WPE-Loopback-Upstream-Addr
Eomportal-Instance
X-B3-TraceId-Primal
X-Generated-By
X-TT
AR-Request-ID
X-Fastcgi-Cache
X-Use-Magma
X-Cache-Action
X-Seen-By
X-Wix-Request-Id
X-Cache-Server
Upgrade-Insecure-Requests
MS-CV
ViewerVersion
X-Drupal-Cache-Contexts
X-Via-JSL
X-Correlation-Id
X-NWS-LOG-UUID
X-App-Server
Source
X-Amz-Replication-Status
X-Esi
AR-SID
Retry-After
X-App-Version
X-VCache
X-Content-Powered-By
HostName
X-URL
Alternate-Protocol
X-Varnish-Server
X-WA-Info
X-Response-Served-From
Server-Node
Webserver
X-Tumblr-Pixel-2
X-Adobe-Loc
X-Cache-NE
X-Adobe-Content
SRV
X-Tumblr-Pixel-1
X-Hostname
X-Locale
X-WebKit-CSP-Report-Only
Actual-Object-TTL
X-GeoIP
X-Status
X-Cache-TTL-Remaining
X-FW-Type
CACHE
X-Jobs
X-Amz-Apigw-Id
X-FW-Static
X-FW-Serve
X-Varnish-Grace
X-FW-Hash
X-FW-Server
X-Amzn-RequestId
X-UUID
AsisCache
X-RequestSource
X-Geo-Country
ServedBy
X-Contextid
GEO-INFO
X-Edge-Cache-Key
X-Edge-Cache
X-HS-Combine-CSS
Payment
X-Servedby
X-Varnish-Hits
Viewport
X-Yottaa-Optimizations
X-S
X-Yottaa-Metrics
X-Varnish-IP
X-TX-ID
X-Dns-Prefetch-Control
X-TT-TIMESTAMP
Pagespeed
X-Origin-Server
Country
X-Cache-Operation
X-Correlation-ID
PageSpeed
X-Vg-Webcache
X-Sucuri-ID
X-Cacheable-TTL
Server-Info
X-RateLimit-Limit
Served-By
X-Daa-Tunnel
Datacenter
X-Region
X-Hyper-Cache
X-Cache-Age
X-Akamai-Request-ID2
From-Origin
X-Real-IP
X-Amz-Server-Side-Encryption
X-TIME
X-Forwarded-Host
Content-Style-Type
Content-Script-Type
X-Mode
HitInfo
X-Ezoic-Cdn
HitType
X-DataStream-Cache-Status
Cache
X-XRDS-LOCATION
X-Detected-As
X-Site-Version
X-Format
X-Generated
X-Akamai-Transformed
X-Section
X-Routing-Service
Meta-Geo
X-Tb
X-Hit
X-Proxy
X-Proxied
Access-Control-Allow-Method
X-Rendered-As
X-Zipkin-Id
X-Upgrade-Enabled
X-Is-Bot
X-Rocket-Nginx-Bypass
X-Rule
X-JoinUs
Machine
X-RN-RSRV
S-Cnection
X-Access
Fastcgi-X-Cache-Version
X-Amz-Meta-Surrogate-Control
X-Cache-Var-Map
X-Cache-Var
Fastcgi-X-Cache
Mn-Server-Ip
OT-Force-Account-Verify
Azure-InstanceId
Now
Azure-SiteName
Azure-RegionName
L5d-Success-Class
Fastcgi-Useragent
Property-Id
DB-Nickname
TWC-Connection-Speed
LB
Azure-SlotName
X-Agile-Id
X-Hosted-By
X-Cache-Config
X-VG-TLSProxy
X-Grey
X-ServerID
X-Request-Time
X-Origin-Hint
X-L-Path
X-NGENIX-Cache
X-Ocache
X-Origin
X-Environment-Context
X-CDN-Cache
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Webcakes-App-Name
Webcakes-App-Version
X-Cache-Category-Id
X-Agile-Age
X-Agile
Webcakes-Region
TWC-Device-Class
Azure-Version
X-Content-Type
X-Source
Healthy
Xserver
S-Rt
X-Via-Fastly
X-Viewer-Country
X-OCL
X-Birta-Cache-Post
X-Upstream-HT
X-Birta-Served
X-Distil-CS
X-PCL
X-FC-Vary-Parameters
X-Human
X-EIG-Tracking-Id
X-TNCMS
Cache-Name
X-TWH-CORRELATION-ID
X-Upstream-CT
X-Loop
X-RemovedCookies
X-ProxyCache-Status
X-ProxyCache-Key
X-BYPASS-REASON
X-AWS-Id
IBM-Web2-Location
X-LJ-Flow-ID
X-App-Name
X-Cluster-Node
X-ProcessESI
X-OVcl
X-IP
X-Original-Request
X-OVcl-Cache
X-Pc-Appver
X-Pc-Key
X-Pc-Hit
X-Labrador-Cache-Channel
X-SplitTest
X-VWS-Id
X-Xfnlog-Site
X-CCM
X-Pubstack
X-Timing-Wait
X-Proxy-Build
X-Www-Served-By
Selected-FE
X-Ms-Version
X-Ms-Blob-Type
X-Ms-Lease-Status
Accept-Language
X-Ms-Request-Id
X-Microcachable
X-Cache-Enabled
X-ShardId
X-NodeID
Access-Control-Request-Headers
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-RTag
X-Port
X-GRACE
X-Web-Node
X-Path-Route
X-Twitter-Response-Tags
Cache-Hits
X-Transaction
X-Via-CDN
X-Connection-Hash
X-Guploader-Uploadid
Ms-Operation-Id
X-HOST
X-Cache-Remote
X-MP-GENERATED-AT
User-Agent
NtCoent-Length
Origin-Cache-Control
Origin-Edge-Control
X-UA
Time
Backend
X-Geo
X-Unique-ID
X-Origin-CC
X-Varnish-Cacheable
X-APP-VERSION
X-Edge-IP
X-Nginx-Cache
X-Varnish-Cache-Hits
X-Debug-Cache
X-Cdn-Forward
X-NODE
Mail-Subject
X-Sucuri-Cache
We-Hiring
X-Cache-TTL
X-Real-Ip
X-Pc-Date
X-NCache
X-Internal-Host
X-Pc-Host
X-Tumblr-Pixel-3
X-Ratelimit-Limit
NGB
X-Proto
Fastly-SSL
X-Mshield-Cache-Status
X-CACHE-GROUP
X-Mrs-Age
X-Mrs-Cache
X-Mrs-Cache-Hits
X-Ruxit-Js-Agent
X-Newrelic-Synthetics
Filters
Warning
X-ApacheServer
X-PERF
X-Ua
X-Csrf-Token
X-Vgn-Hpd-Reason
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
X-CACHE-KEY
X-Storage
X-Akamai-Request-ID
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Time-Microsecs
X-CDN-Forward
X-Webstats-RespID
X-C
Cache-Key
X-EdgeConnect-Cache-Status
X-ElasticPress-Search
X-Nc
X-Dc
X-Backend-Name
X-CACHE-AGE
WZWS-RAY
X-Endurance-Cache-Level
User-Cache-Control
X-Powered-By-ANYU
V-Age
HA-Geocountry
HA-Geolat
SN
HA-Georegion
HA-Geocity
HA-Geolon
GMS-Ver
Viewtype
Section-Io-Cache
Server-Host
Rt-Proxy-Cache
Fly-Request-Id
Resin-Trace
FSS-Proxy
FSS-Cache
HA-Cloudapp
X-Platform
Thinkindot-Control
UCS
Odigeo-Trace-Id
Magicmarker
MD5-Digest
Meta-Geo-Continent
NodeID
VivaBuild
Mobile-Detection-Method
Origin
Rendered-Blocks
HA-Ipaddr
TSSecure
HA-Host
HA-Servedtime
HA-Urlpath
Thinkindot-CacheControl-Type
X-Region-Sid
Thinkindot-CacheControl
Ha-Gx-Prefs
X-Backend-TTL
X-F5-Cache
X-External-Request-Id
X-Fastly-Cache
X-Fetched-On
X-From
X-Eu-Site
X-Epic-Correlation-Id
X-Developers
X-Developer
X-Died
X-Distributor
X-DPWN-IS-SECURE
X-G
X-Gannett-Site-Version
X-IN-APIGATEWAY
X-Logtrace-Id
X-IN-SSL-APIGATEWAY
X-IN-WAF
X-Irp-Debug
X-Hl-Ver
X-Hash
X-Generated-In
X-GeoIP-Country-Code
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Matched-Rule
X-Destination
X-Date
X-Amz-Meta-Cache-Control
X-PAYTM-SRV-ID
X-Application
X-B-Cookie
X-Backend-Host
X-Aed
X-Accel-Expires-Debug
X-A-Dam
X-A-Ccd
X-A-Dcw
X-A-Dgt
X-A-Wwc
Fly-Cache
X-Backend-Url
X-Org
X-CGP
X-NU-AKA-ACS-Version
X-Croise-Owner
X-D
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-BB-ID
X-BBXSRF
X-Cache-Bucket
X-Cache-Srv
X-A
X-Rojux
X-Rewrite-Enabled
X-S-Cookie
X-ScT
X-Secret
X-VG-WebServer
Cache-Tags
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Ajk
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-UE-Client-Country
X-Up
X-Via-SSL
X-Via-Edge
X-Trv-Group
X-Thinkindot-L3
X-Server-By
X-Server-Time
X-SRCache-Key
X-Store
Apple-News-Services-Request-Url
Xc-Version
BehaviorPad-Version
Content-Disposition
Ec-Rule-Version
Arc-Country
Cache-Prefix
Www
X-We-Are-Hiring
X-Server-IP
Country-Code
X-User
X-Sn-Servicetimems
X-SIPLIST1
GW-Server
X-Dispatcher-Server
X-Key
Heartbleed
X-Response-By
IsBot
X-Cache-Backend
X-Redis-Cache
X-Release
X-ABtesting
X-Backend-State
X-Location
X-TT-LOGID
Frame-Options
X-No-Session
X-UnsetCookies
X-Nginx-Cache-Key
X-Auto-Login
X-Swa-Ws
X-Request-Start
X-Debug-Log
X-Debug-Cookies
X-VServer
Countrycode
X-S-Maxage
X-Phone
X-Fstrz
X-FW-Version
X-Layer
Pramga
Release
X-Flog
X-Owner
X-Cache-URL
AKAMAI
X-Clientip
X-GeoIP-City
X-Cdn-Origin
X-Hello
X-MSEdge-Features
X-NX-Host
X-Reboot
Memcached
X-Worker
Server-ID
Server-Int
X-Cache-Expires
RNT-Time
X-Core-Mission
X-MSEdge-Flight
Backend-Name
X-Cache-Host
RNT-Machine
X-Varnish-Beresp-Ttl
X-B3-Spanid
X-NC
X-BB-IP
X-Datadome
X-Node-Id
X-CUA
X-Li-Fabric
X-Core-Value
X-Crawler
X-WebServer
X-Gen-Mode
Decoy-Debug-TTL
X-MI-In-Market
X-Request-URI
X-ServiceProvider
X-Hnp-Log
Decoy-Debug-Status
Decoy-Debug-Key
X-LI-UUID
X-Device-Os
X-Instance-Name
Fastly-Soc-X-Request-Id
X-V
X-LI-Proto
X-Thanos
X-RCS-CacheZone
Platform
X-Returned-From
Adler-Geo
X-Rebelmouse-Cache-Control
X-Policy
Pragrma
X-Returned-From-DLL
Request-EU
X-VCT
X-Returned-From-BeforeDispatch
MI-Cache-Age
MI-Cache
X-Request-UUID
CDCHOST
Esi-Enabled
Fastly-Backend-Name
Fastly-SWR
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Rebelmouse-Surrogate-Control
Kp-EeAlive
Is-Eu
Cache-Cookie-Set-From
X-Returned-From-PostProcessResponse
Request-Country
X-Passed-To-PostProcessResponse
X-Actual-URL
X-Stale
X-Cache-Debug
X-Li-Pop
X-Block-Status
X-Passed-To-BeforeDispatch
X-Trace-Id
X-Passed-To-DLL
Fastly-SIE
X-Cache-CFC
X-Cache-Id
Uber-Trace-Id
X-Served-From
X-Sentry-ID
X-Varnish-Action
X-Bip
X-Variation
X-Passed-To
X-Sf
Web-Mar-Node
X-Var-Ttl
Pagetype
X-P-T
X-Via-NSCOPI
X-Qloud-Router
X-UA-Device-Type
On-Server
Proxy-Connection
REQUESTUUID
X-DC
True-Client-Country-4JS
X-Info
X-PHP-Backend
X-Ms-Lease-State
RequestId
MI-API
Cteonnt-Length
HTTPS
X-Be
X-Page-Type
X-Pjax-Url
Powered-By
X-Ckpd-Fst-Backend
X-Servername
ProcessTime
MIME-Version
X-CLOUD-TRACE-CONTEXT
X-Kong-Proxy-Latency
Cdn
X-Refresh
X-SN
X-Dynatrace-Js-Agent
X-Kong-Upstream-Latency
X-Req
X-Oracle-Dms-Ecid
X-Oss-Storage-Class
Memory
X-Origin-Response-Time
X-Oss-Server-Time
X-NWS-UUID-VERIFY
X-Oss-Request-Id
X-Origin-TTL
X-SVT-ORM-VERSION
X-MServer
X-GZip
X-Oss-Hash-Crc64ecma
X-SVT-ORM-RULES
X-Oss-Object-Type
Amp-Access-Control-Allow-Source-Origin
Version
X-Parent-Response-Time
X-Content-Age
CF-IPCountry
X-Cache-FS-Status
Mime-Version
Who
X-Unique-Id-Primal
X-Aicache-OS
V-Cache
Group
X-ND-Cache
X-Varnish-Url
X-Servedbyhost
X-Vcache
Fusion-Source
X-Pf-Uncompressing
X-COUNTRY
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Generation-Time
X-Unique-Id
X-Varnish-Beresp-TTL
Fusion-Content-Source
X-Wa
SS
Fusion-Content-Id
Fusion-Component-Id
X-FireWall-Port
Fusion-Template-Id
X-Time
X-GEO
X-Cache-Info
CDN
X-Ratelimit-Remaining
X-Fastly-Cache-Hits
X-SRV
GeoIP-Country-Code
PageType
Get-Access-Time
Is-Session-Tracking
Cdn-Request-Time
GeoIP-Latitude
Cdn-Host
GeoIp-Country-Code
Geoip-Latitude
X-Edge-Server
X-M-Reqid
X-Qnm-Cache
X-M-Log
XServer
X-CS
X-Protected-By
X-B3-Traceid
X-EC-Security-Audit
X-Server-Group
X-Surge-Debug
Load-Balancing
NGX
Serverid
T-Server
X-Server-W
X-WA
X-APP
ServerName
X-Requestid
SD-X-WS
X-HTML-Minification-Powered-By
X-CSRF-Token
X-Check-Cacheable
X-Origin-Expires
X-Origin-Date
Nel
A
X-ID
Cf-Ipcountry
X-Nananana
X-ARC
X-ServedByHost
X-StackifyID
DataCenter
X-RequestId
X-SERVER-NAME
PICS-Label
X-Alicdn-Da-Ups-Status
X-HS-Status
X-Skip-Cache
X-Gdpr
Hostname
Processtime
X-FORWARDED-FOR
X-GZIP
URI
X-Fastly-Country-Code
X-Load-Cache
X-PF-Uncompressing
X-Proxy-Server
X-VG-WebCache
X-UPSTREAM-Address
X-NGINX-Cache
X-Feature
WP-Super-Cache
X-B3-SpanId
Cache-Provider
Lfy
X-PHP-Host
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Cdn-Srv
Cneonction
X-Origin-Host
X-BE
Powered
Node
X-Fe
X-ServerName
X-PAGE-TYPE
X-Atg-Version
Requestid
RequestUuid
X-IPS-LoggedIn
Https
X-HTML-Edge-Cache
X-Proxy-Cache-Status
X-PJAX-URL
VIX-Pulpo-Node
X-Content-Encoded-By
VIX-Pulpo-Upstream-Status
X-Proxy-Upstream
X-From-Cache
Vix-Hermes-Req-Id
X-Fastly-Backend-Reqs
Sid
X-SB
X-VC
N-Cache
X-Cache-Ttl
X-Distil-Cs
X-Serial
SID
Xet-Cookie
PFcat
X-Akamai-SSL-Client-Sid
Host-ID
X-Grace-Duration
Cdn-Src-Port
X-RAMCache
X-Gen-Id
Build-Number
X-WR-MODIFICATION
X-Dw-Trace-Id
X-CSRF-TOKEN