Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
X-Powered-By
Last-Modified
Accept-Ranges
X-Content-Type-Options
Strict-Transport-Security
CF-RAY
X-XSS-Protection
ETag
Link
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Varnish
X-Request-Id
X-Served-By
X-Amz-Cf-Id
Referrer-Policy
X-AspNet-Version
X-Timer
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Check
Alt-Svc
X-Cacheable
X-AspNetMvc-Version
X-Adblock-Key
Content-Security-Policy-Report-Only
Status
X-Generator
Timing-Allow-Origin
X-Cache-Status
X-Via
X-Iinfo
X-DNS-Prefetch-Control
X-Template
X-Turbo-Charged-By
X-Language
Content-Encoding
X-Content-Security-Policy
X-CDN
X-Buckets
X-Permitted-Cross-Domain-Policies
Keep-Alive
EagleId
X-Nginx-Cache-Status
X-Server-Powered-By
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Pingback
X-Backend
X-Type
X-Age
Access-Control-Max-Age
X-Cache-Group
WPE-Backend
X-Pass-Why
Xkey
Grace
X-Varnish-Cache
Access-Control-Expose-Headers
X-Cache-Lookup
Upgrade
X-LiteSpeed-Cache
Cf-Railgun
X-Hacker
X-UA-Device
X-Page-Speed
X-Drupal-Dynamic-Cache
X-Proxy-Cache
X-Amz-Request-Id
X-Robots-Tag
X-CST
X-Server
Content-Location
X-AH-Environment
X-Amz-Id-2
X-Envoy-Upstream-Service-Time
X-WebKit-CSP
Request-Context
X-Ac
X-Device
X-Node
X-Host
X-Cnection
X-OneAgent-JS-Injection
X-Amz-Version-Id
X-Backend-Server
Allow
X-SERVER
X-Px
X-Do-Not-Hack
Surrogate-Control
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-HeyJason
Permitted-Cross-Domain-Policies
Request-Id
X-Ah-Environment
X-Rack-Cache
X-Url
X-Application-Context
Server-Timing
X-Readtime
EagleEye-TraceId
X-Cloud-Trace-Context
X-Instart-Request-ID
X-Country
Edge-Control
X-Clacks-Overhead
X-Response-Time
X-MS-InvokeApp
X-Server-Id
Pinterest-Generated-By
X-Rq
X-Cdn
X-NWS-LOG-UUID
Charset
X-Server-Name
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
SPRequestGuid
AR-PoweredBy
AR-ATIME
AR-SID
AR-CACHE
X-SharePointHealthScore
X-Country-Code
X-Varnish-TTL
X-Ruxit-JS-Agent
X-Cached
Public-Key-Pins
X-Powered-CMS
X-Vname
X-TtlSet
X-Powered-By-Plesk
X-DataDome
X-PC
X-Server-ID
Rating
MS-Author-Via
X-N
SPIisLatency
SPRequestDuration
Content-MD5
X-VARITI-CCR
X-Recruiting
X-Ser
X-Via-JSL
X-SRCache-Fetch-Status
X-TTL
X-SRCache-Store-Status
X-Shield-Request-Id
X-Cdn-Fetch
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-GoogleNews-Bot
X-Geo-Segment
X-Feature
X-Exp-Variant
X-Exp-Id
X-Kinja-Server
X-Version
Report-To
X-Mod-Pagespeed
MicrosoftSharePointTeamServices
Arr-Disable-Session-Affinity
X-F-Cache
X-Amz-Rid
Cartoon
X-FTR-Request-ID
X-T
X-GitHub-Request-Id
X-DynaTrace-JS-Agent
Feature-Policy
X-Trace
X-XRDS-Location
Nginx-Cache
X-Grace
X-Dw-Request-Base-Id
X-Goog-Hash
X-Kinsta-Cache
X-Vcap-Request-Id
X-D2id
X-IPLB-Instance
X-Vhost
X-Upstream-Env
Pinterest-Version
X-B
X-Pinterest-Rid
X-Forwarded-Proto
X-Daa-Tunnel
X-Client-IP
Liferay-Portal
X-Hits
RTSS
X-Cache-Key
X-Newrelic-App-Data
X-Zen-Fury
Realpath
X-Origin-Cache
Fastcgi-Cache
Verso
X-DIS-Request-ID
X-TEC-API-VERSION
X-Upstream
TCN
Access-Control-Request-Method
S
X-FastCGI-Cache
X-ESI
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
NEL
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Dispatcher
X-Hyper-Cache
X-Id
X-Varnish-Age
X-User-Agent
X-Logged-In
Front-End-Https
Alternate-Protocol
X-Navigation-Version
X-Fastly-Request-ID
X-Nf-Srv-Version
X-NF-Request-ID
X-Abt-Application-Version
X-Sol
X-Pad
Server-Name
Tracecode
X-Content-Options
X-Mrf-Section-Lastmod
MRF-Tech
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Frontend
Paypal-Debug-Id
X-Dynatrace-Js-Agent
X-Ttl
Eomportal-Instance
X-DynaTrace
Display
Edge-Cache-Tag
Cache-Status
X-Goog-Generation
X-HS-Content-Id
X-Goog-Metageneration
X-HS-Cache-Config
X-Middleton-Display
Rt-Fastcgi-Cache
X-UUID
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Content-Digest
Powered-By-ChinaCache
X-Esi
Pagespeed
Response
X-Debug
X-Middleton-Response
S-Cnection
Server-Info
X-Wix-Server-Artifact-Id
HitType
HitInfo
X-Content-Security-Policy-Report-Only
X-Oracle-Dms-Rid
X-Whom
PB-RID
FilterID
PB-PID
X-Oracle-Dms-Ecid
Host
X-Magnolia-Registration
X-AOL-HN
X-Dynatrace
X-CF-Powered-By
X-PressLabs-Stats
Accept-Charset
X-Sucuri-ID
X-VCache
Service-Worker-Allowed
X-SS-Set-Cookie
X-Revision
X-Country-Code-Real
X-FTR-Backend
X-Contextid
X-Framework
X-FTR-Backend-Server
X-Cache-Bucket
X-FTR-DC
DynaTrace
X-Cache-Action
X-FTR-Realm
X-FTR-Expires
X-FTR-Cache-Status
X-Amzn-Trace-Id
X-FTR-Balancer
X-HS-Combine-CSS
Fastly-Restarts
X-Mobile-Rewrite
X-Hostname
X-WA-Info
Cache
ServerID
X-MSEdge-Ref
X-Cache-Rule
X-Varnish-Server
X-Instance
Refresh
X-Request-Processing-Time
X-RateLimit-Remaining
X-TT
X-FB-Debug
X-Cache-Config
X-Request-Received
X-Cache-2
X-Geo-Country
X-PHP-Backend
X-Signature
X-Rid
Country
Public-Key-Pins-Report-Only
Source
X-B-Cache
X-Akamai-Edgescape
X-ADI-VCache
X-NWS-UUID-VERIFY
X-Sucuri-Cache
Cleartype
Retry-After
Served-By
X-Device-Type
X-FTR-Cache-Host
X-TT-TIMESTAMP
Actual-Object-TTL
X-Page-Id
X-Shield-Cache-Expires
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-App-Environment
X-Cache-NE
X-Accel-Buffering
X-Varnish-Hostname
X-Tumblr-User
X-Geo
X-Content-Powered-By
X-Az
X-Mobile
X-Ocache
X-AppVersion
X-Activity-Id
Backend-Timing
TP-Cache
TP-L2-Cache
X-Proxied
X-Analytics
X-Cache-Hit
X-Oss-Storage-Class
X-Oss-Server-Time
X-Cf-Powered-By
X-Debug-Info
X-LB-Cache
X-Yottaa-Optimizations
X-Cached-By
X-Origin
X-Oss-Hash-Crc64ecma
X-Adobe-Content
X-Adobe-Loc
X-Oss-Object-Type
X-Correlation-Id
X-Oss-Request-Id
X-Jobs
X-App-Server
X-Generated-By
Datacenter
X-Yottaa-Metrics
X-Guploader-Uploadid
X-Forwarded-For
X-Varnish-IP
X-HW
X-Storage
Surrogate-Key
Upgrade-Insecure-Requests
X-GeoIP
Arc-Version
X-B3-Traceid
X-Cache-Age
WP-Super-Cache
AsisCache
X-Varnish-Backend
X-Varnish-Hits
ServedBy
X-GZip
SRV
X-ATG-Version
Ohc-File-Size
HostName
X-Cluster
X-PC-AppVer
X-Cacheable-TTL
X-Cache-Operation
X-Cache-Server
DC
X-Seen-By
X-TX-ID
X-Cache-Remote
X-WebKit-CSP-Report-Only
X-Wix-Request-Id
X-RequestSource
X-S
X-PC-Key
Dynatrace
Host-Header
X-Origin-Upstream-Status
X-Request-Guid
MS-CV
X-PC-Hit
X-Proxy-Build
X-ProxyCache-Status
X-Amz-Server-Side-Encryption
X-Yottaa-Sig
X-Proto
X-ProxyCache-Key
Cache-Hits
X-Handled-By
X-Timing-Wait
X-Srv
Access-Control-Request-Headers
X-Akamai-Transformed
X-Accel-Expires
X-Real-Ip
X-Cache-Control
Cache-Tag
Load-Balancing
X-BYPASS-REASON
X-CCM
X-EIG-Tracking-Id
X-JoinUs
X-Amzn-RequestId
Selected-FE
X-WPE-Loopback-Upstream-Addr
X-Amz-Apigw-Id
X-ServerID
X-Upstream-CT
X-Web-Node
X-Nginx-Cache
X-BB-IP
X-Cache-Enabled
X-Backend-Name
X-ApacheServer
X-Agile-Age
X-Agile-Id
X-Akam-SW-Version
X-Varnish-Grace
X-Cache-HT
X-Distributor
X-Environment-Context
X-Hit
X-L-Path
Xserver
X-NGENIX-Cache
X-Cache-TTL-Remaining
X-Xfnlog-Site
X-Viewer-Country
X-Agile
Healthy
L5d-Success-Class
Mn-Server-Ip
Now
GEO-INFO
Fastly-SSL
Cache-Name
COMMERCE-SERVER-SOFTWARE
Countrycode
X-PERF
X-Time-Microsecs
ServerName
Time
X-Optimization
ProcessTime
Origin-Edge-Control
Origin-Cache-Control
X-Generated
X-Upstream-HT
X-Skip-Cache
X-FW-Static
CACHE
X-Hail-Hydra
X-Correlation-ID
X-Amz-Replication-Status
X-ByteArk-Cache
X-B3-TraceId
X-Edge-Cache
X-Distil-CS
X-Croise-Owner
Viewport
NGB
X-UA
Server-Node
X-Servedby
Content-Script-Type
Content-Style-Type
X-PC-Date
X-PC-Host
Filters
X-Edge-Cache-Key
X-FORWARDED-FOR
X-Microcachable
X-Region
X-FW-Hash
X-RTag
X-BCube-Filmed-By
X-Tumblr-Pixel-1
X-CSRF-Token
X-Locale
X-FW-Serve
X-FW-Type
X-FW-Server
X-Internal-Host
X-Tumblr-Pixel-2
X-Source
X-CDN-Forward
IBM-Web2-Location
X-Cache-Category-Id
X-Labrador-Cache-Channel
X-Dc
X-Grey
Cteonnt-Length
X-Debug-Cache
X-Ratelimit-Limit
X-StackifyID
X-Akamai-Request-ID
X-Atg-Version
From-Origin
X-UA-Device-Type
Access-Control-Allow-Method
Cache-Key
X-Origin-Server
X-App-Version
X-APP-VERSION
X-Drupal-Cache-Tags
X-Platform-Server
Kp-EeAlive
If-Modified-Since
V-Age
Fly-Request-Id
Get-Access-Time
Is-Session-Tracking
Proxy-Connection
Request-EU
Resin-Trace
Request-Time
X-SRCache-Key
Request-Country
NodeID
Server-ID
X-Sorting-Hat-ShopId-Cached
T-Server
X-Request-Time
X-Vgn-Hpd-Reason
X-Varnish-Cacheable
X-Via-Fastly
X-WebServer
X-Via-NSCOPI
X-TWH-CORRELATION-ID
X-Tumblr-Pixel-3
X-Routing-Service
X-RN-RSRV
X-Site-Version
X-Surge-Debug
X-TNCMS
X-Varnish-Url
X-Webstats-RespID
Brightspot-Id
Ajk
Cache-Prefix
Cache-Provider
Country-Code
X-Status
X-UE-Client-Country
X-WR-MODIFICATION
X-Www-Served-By
X-Var-Ttl
X-Zipkin-Id
Fly-Cache
X-Cache-Expires
X-Hash
X-Generated-In
X-Hl-Ver
X-IN-APIGATEWAY
X-IN-WAF
X-IN-SSL-APIGATEWAY
X-G
X-Fstrz
X-Sorting-Hat-FeatureSet
X-DPWN-IS-SECURE
X-Shopify-Stage
X-Fastly-Backend-Reqs
X-From
X-ShopId
X-Info
X-LB-CacheStatus
X-S-Maxage
X-Page-Type
X-RCS-CacheZone
X-Refresh
X-Request-URI
X-Release
X-Sentry-ID
X-Origin-Expires
X-Logtrace-Id
X-LB-Node
X-NX-Host
X-Origin-Date
X-ShardId
X-Dispatcher-Server
X-Died
X-Sorting-Hat-Section
X-Alternate-Cache-Key
X-Sorting-Hat-PrivacyLevel
X-Application
X-Auto-Login
X-ARC
X-A-Wwc
X-A-Dgt
X-A-Ccd
X-A
X-A-Dam
X-Sorting-Hat-ShopId
X-A-Dcw
X-B-Cookie
X-S-Cookie
X-Destination
X-Debug-Log
X-Developer
X-Sorting-Hat-PodId-Cached
X-Device-Os
X-Sorting-Hat-PodId
X-Debug-Cookies
X-D
X-Cache-Id
X-Cache-Host
X-Cache-Time
X-Crawler
X-CS
Warning
Azure-RegionName
X-Cache-Var-Map
X-CCM-LastModified
X-CDN-Cache
X-Cluster-Node
X-Cache-Var
X-Birta-Served
X-B3-Sampled
Fastcgi-Useragent
X-Birta-Cache-Post
X-DataStream-Cache-Status
X-Detected-As
Cneonction
X-Front
X-Generation-Time
X-FC-Vary-Parameters
X-Ezoic-Cdn
DB-Nickname
X-Edge-Location
X-Endurance-Cache-Level
FSS-Cache
FSS-Proxy
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-Country
TWC-Device-Class
RequestId
Meta-Geo
TWC-Connection-Speed
Machine
User-Agent
WZWS-RAY
LB
Group
Webcakes-Region
Webcakes-App-Version
User-Cache-Control
V-Cache
Webcakes-App-Name
X-Hosted-By
Backend
RATING
X-Origin-CC
X-SRV
X-NU-AKA-ACS-Version
Property-Id
X-Proxy
X-ProcessESI
X-Origin-Hint
X-Original-Request
X-Path-Route
X-GUploader-UploadID
X-OVcl-Cache
X-OVcl
X-ServedBy
X-Real-IP
X-Pubstack
X-Rendered-As
Azure-SiteName
Azure-InstanceId
WebServer
Azure-SlotName
X-Is-Bot
X-Instance-Name
Azure-Version
X-Varnish-Cache-Hits
X-Render-Type
X-MP-GENERATED-AT
X-NCache
X-Mode
X-Meta-Tbi-Cache-Vertical
X-RemovedCookies
X-Loop
X-CACHE-AGE
X-DC
X-Cdn-Forward
X-Time
Dnion-Transfer-Encoding
Amp-Access-Control-Allow-Source-Origin
X-TIME
X-Ua
Webserver
AMP-Access-Control-Allow-Source-Origin
X-Port
X-PCL
X-Cache-Ttl
X-SplitTest
X-Human
X-Newrelic-Synthetics
X-Upgrade-Enabled
PageType
X-Node-Name
X-LJ-Flow-ID
X-VWS-Id
X-NodeID
X-OCL
X-Format
X-IP
X-App-Name
S-Rt
UCS
X-Amz-Meta-Surrogate-Control
X-Access
X-AWS-Id
X-Section
X-C
X-GeoIP-City
X-Layer
X-LiteSpeed-Cache-Control
X-GoCache-CacheStatus
X-Kong-Proxy-Latency
X-Irp-Debug
X-Hnp-Log
X-Haproxy-Ip
X-Key
X-HCF
X-Haproxy-Hostname
X-Kong-Upstream-Latency
X-MSEdge-Features
X-Passed-To-BeforeDispatch
X-Passed-To
X-PARISIEN-Cache-Rendered
X-P-T
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Planisys-CDN-Cache
X-Phone
X-PAYTM-SRV-ID
X-Owner
X-Origin-TTL
X-Micro-Cache
X-MI-In-Market
X-Mem
X-Matched-Rule
X-Gen-Mode
X-MSEdge-Flight
X-Node-Id
X-No-Session
X-ND-Cache
X-Location
X-EdgeConnect-Cache-Status
X-CGP
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Check-Cacheable
X-Ckpd-Fst-Backend
X-Connection-Hash
X-Clientip
X-Cdn-Srv
X-CDN-Pop-IP
X-Cache-FS-Status
X-Cache-Debug
X-Cache-Control-Set-By
X-Cache-Srv
X-Cache-URL
X-CDN-Pop
X-Cdn-Origin
X-Content-Age
X-Content-Type
X-F5-Cache
X-Eu-Site
X-Env
X-Fastly-Cache
X-Fetched-On
X-Forwarded-Host
X-Flog
X-ElasticPress-Search
X-Planisys-CDN-Rules
X-DataStream-MidMile-RTT
X-Core-Value
X-Core-Mission
X-DataStream-Origin-MEX-Latency
X-Developers
X-Edge-IP
X-EC-Security-Audit
X-Frame-Option
X-Request-UUID
X-Zalando-Page-Type
X-TT-LOGID
Xc-Version
X-Cache-CFC
X-Zalando-Child-Request-Id
X-UnsetCookies
X-Twitter-Response-Tags
X-Trv-Group
X-Transaction
X-Tb
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Thanos
X-Thinkindot-L3
X-Trace-Id
X-TId
X-User
X-V
X-Via-Edge
X-We-Are-Hiring
X-VarnPar1
X-VarnPar2
X-VC
X-VG-WebServer
X-Ver
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Wix-Route-ID
X-Varnish-Action
X-VarnCache
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Varnish-Id
X-Varnish-HitMiss
X-Svr
X-Stale
X-Requestid
X-Via-CDN
X-Request-Start
X-Response-By
X-Returned-From
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Req
X-Region-Sid
X-RateLimit-Limit-Second
X-Public
X-Powered-By-ANYU
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-Reboot
X-Rebelmouse-Surrogate-Control
X-Returned-From-PostProcessResponse
X-Rewrite-Enabled
X-Server-Time
X-Server-Group
X-Server-By
X-Server-W
X-ServiceProvider
X-Sn-Servicetimems
X-SIPLIST1
X-Served-From
X-ScT
X-Rocket-Nginx-Serving-Static
X-Rocket-Nginx-Bypass
X-Rojux
X-ROOTCache
X-SB
X-Safe-Firewall
X-Planisys-CDN-TTL
Pramga
HA-Geolat
HA-Geocountry
HA-Geolon
X-Cache-Backend
HA-Host
Ha-Gx-Prefs
HA-Geocity
HA-Cloudapp
Fastly-SWR
Fastly-Soc-X-Request-Id
GeoIP-City
GeoIP-Country-Code
GW-Server
GeoIP-Latitude
HA-Ipaddr
HA-Servedtime
Magicmarker
Lfy
Max-Age
MD5-Digest
Memory
Memcached
IsBot
Is-Eu
Heartbleed
HA-Urlpath
Host-ID
Httpd-Identifier
HTTPS
Fastly-SIE
Fastly-Backend-Name
X-Unique-Id
X-Fastcgi-Cache
X-VG-WebCache
Adler-Geo
Arc-Country
AKAMAI
X-XRDS-LOCATION
X-B3-Spanid
X-RateLimit-Limit
X-HGenerator
X-B3-SpanId
X-Vg-Webcache
X-Cache-TTL
X-NC
Backend-Name
BehaviorPad-Version
Drupal-Pagecache-Memcache
Decoy-Debug-TTL
Ec-Rule-Version
Esi-Enabled
Fastcgi-X-Cache-Version
Fastcgi-X-Cache
Decoy-Debug-Status
Decoy-Debug-Key
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
CDCHOST
Content-Disposition
Meta-Geo-Continent
HA-Georegion
Version
Uber-Trace-Id
Viewtype
VivaBuild
Web-Mar-Node
Thinkindot-Control
Thinkindot-CacheControl-Type
Server-Host
Rt-Proxy-Cache
Server-Int
Sta2Tusw
Thinkindot-CacheControl
Web-Mar-Region
Ws
X-BB-ID
X-Backend-TTL
X-BBXSRF
X-Bip
X-Block-Status
X-Backend-State
X-Amz-Meta-S3cmd-Attrs
X-ABtesting
Www
X-Actual-URL
X-Amz-Meta-Cache-Control
X-Amz-Meta-S3b-Last-Modified
REQUESTUUID
Who
Ohc-Response-Time
Platform
Powered-By
PFcat
On-Server
NnCoection
Origin
Odigeo-Trace-Id
MI-API
Release
Rendered-Blocks
N-Cache
NGX
Pragrma
MI-Cache-Age
MI-Cache
X-Varnish-Beresp-TTL
X-Ratelimit-Remaining
X-Drupal-Cache-Contexts
X-Be
Pagetype
NODE
MIME-Version
X-BE
X-Nc
X-Varnish-Beresp-Ttl
X-Unique-ID
Node
X-ProxyCache-Args
X-ServedByHost
X-Bug-Bounty
X-Fastly-Cache-Hits
X-PF-Uncompressing
SID
X-Pjax-Url
X-Backend-Url
Mime-Version
Accept-CH
X-VServer
X-Worker
Cdn
Cf-Ipcountry
Pics-Label
X-Fe
X-Load-Cache
Accept-Ch
OT-Force-Account-Verify
Payment
URI
X-Secret
CF-IPCountry
CDN
X-Servedbyhost
X-Platform
PICS-Label
X-GeoIP-Country-Code
X-From-Cache
X-Gannett-Site-Version
X-FireWall-Port
Sid
X-Epic-Correlation-Id
X-Qnm-Cache
X-PJAX-URL
X-Server-IP
X-Redis-Cache
X-Alicdn-Da-Ups-Status
Apicache-Store
NtCoent-Length
X-M-Log
X-Backend-Host
X-M-Reqid
Apicache-Version
Apple-News-Services-Handled
X-Pf-Uncompressing
X-Servername
X-Nananana
WWW-Authenticate
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Up