Threat Level: green Handler on Duty: Tom Webb

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
X-Content-Type-Options
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Served-By
Referrer-Policy
X-Varnish
X-Request-Id
X-Timer
X-Xss-Protection
CF-Cache-Status
X-AspNet-Version
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cache-Status
X-AspNetMvc-Version
Status
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-Permitted-Cross-Domain-Policies
X-Iinfo
Content-Encoding
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Buckets
X-CDN
X-Turbo-Charged-By
X-Request-ID
X-Type
Upgrade
WPE-Backend
X-Pass-Why
Keep-Alive
X-Cache-Group
X-AH-Environment
Xkey
X-Backend
Access-Control-Max-Age
P3p
X-Age
Access-Control-Expose-Headers
X-Via
EagleId
X-Drupal-Dynamic-Cache
X-Nginx-Cache-Status
X-Pingback
X-Amz-Request-Id
X-Amz-Id-2
X-Server-Powered-By
X-Server
X-Swift-CacheTime
X-Swift-SaveTime
X-Hacker
X-UA-Device
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Robots-Tag
Cf-Railgun
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-LiteSpeed-Cache
X-Page-Speed
Request-Context
X-Kinja-Server-Push
X-Device
X-Ac
Content-Location
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Lookup
X-Amz-Version-Id
X-Host
X-Response-Time
X-Server-Id
Surrogate-Control
X-OneAgent-JS-Injection
X-Rq
X-Cnection
X-Backend-Server
X-Node
X-Readtime
X-WebKit-CSP
Server-Timing
X-Rack-Cache
Report-To
EagleEye-TraceId
X-Application-Context
Request-Id
X-Cloud-Trace-Context
Feature-Policy
X-ORACLE-DMS-ECID
X-Instart-Request-ID
X-Iejgwucgyu
X-CST
X-Ua-Compatible
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Clacks-Overhead
Edge-Control
NEL
X-Country
Rating
X-Url
Pinterest-Generated-By
X-Px
X-Server-Name
X-Country-Code
X-DataDome
X-TTL
Allow
X-Varnish-TTL
X-DynaTrace
X-MS-InvokeApp
X-Origin-Cache
X-Vhost
X-TtlSet
X-PC
X-Vname
X-Cached
X-Ruxit-JS-Agent
X-FTR-Request-ID
RTSS
X-ESI
X-Goog-Hash
X-Powered-CMS
Charset
X-VARITI-CCR
X-Powered-By-Plesk
X-DynaTrace-JS-Agent
Accept-CH
X-Dispatcher
Public-Key-Pins
SPRequestGuid
X-GitHub-Request-Id
X-D2id
X-Trace
X-Mod-Pagespeed
X-F-Cache
PB-RID
Arc-Version
PB-PID
X-Mobile-Rewrite
X-SharePointHealthScore
X-Cdn-Fetch
X-Oracle-Dms-Rid
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
Content-MD5
X-T
Verso
MS-Author-Via
X-Version
X-Recruiting
X-Shield-Request-Id
SPIisLatency
SPRequestDuration
Nginx-Cache
X-Abt-Application-Version
X-Client-IP
X-B3-TraceId
X-Server-ID
X-Dns-Prefetch-Control
X-Forwarded-Proto
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-HW
Accept-CH-Lifetime
X-N
X-Navigation-Version
X-DIS-Request-ID
X-Upstream-Env
Pinterest-Version
X-Pinterest-Rid
X-Dw-Request-Base-Id
X-Amz-Rid
AR-ATIME
AR-PoweredBy
AR-CACHE
X-B
X-XRDS-Location
X-Upstream
X-ORACLE-DMS-RID
X-Origin-Upstream-Status
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Fastly-Restarts
X-Fastly-Request-ID
Paypal-Debug-Id
X-Amz-Meta-S3cmd-Attrs
DynaTrace
X-Hits
X-Wix-Server-Artifact-Id
X-Accel-Buffering
Realpath
TCN
X-Ser
X-Content-Options
Arr-Disable-Session-Affinity
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
Service-Worker-Allowed
X-Pad
X-NF-Request-ID
X-Webkit-Csp
X-Acc-Meta-Resource-Type
X-Content-Digest
X-Goog-Storage-Class
Tracecode
X-Id
Access-Control-Request-Method
S
Front-End-Https
X-Varnish-Age
X-Debug
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Amz-Cf-Pop
X-FastCGI-Cache
X-Vcap-Request-Id
X-MSEdge-Ref
X-Oneagent-Js-Injection
X-PressLabs-Stats
Display
X-Frontend
X-Middleton-Display
X-Sol
X-FTR-Realm
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend
X-FTR-Expires
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend-Server
X-Kinsta-Cache
X-IPLB-Instance
X-ATG-Version
X-RateLimit-Remaining
X-Cache-Hit
X-HS-Hub-Id
X-HS-Content-Id
Surrogate-Key
X-Logged-In
Fastcgi-Cache
Rt-Fastcgi-Cache
X-Grace
Powered-By-ChinaCache
X-Zen-Fury
X-Forwarded-For
Edge-Cache-Tag
Server-Name
X-Request-Processing-Time
Response
X-Middleton-Response
X-Request-Received
X-Edge-Location
X-Analytics
Backend-Timing
X-Debug-Info
X-CF-Powered-By
X-Rid
X-Amzn-Trace-Id
FilterID
X-Revision
X-NewRelic-App-Data
X-Akam-SW-Version
MicrosoftSharePointTeamServices
X-FTR-Cache-Host
Host
X-User-Agent
X-Cache-Key
TP-L2-Cache
TP-Cache
X-Mobile
AMP-Access-Control-Allow-Source-Origin
X-Litespeed-Cache
X-SS-Set-Cookie
X-Cdn
Ar-Sid
X-Use-Magma
X-Geo-Segment
Cache-Status
X-TA-CDN-Provider
X-Cached-By
X-Drupal-Cache-Tags
X-Accel-Expires
Host-Header
X-Magnolia-Registration
Refresh
X-HS-Cache-Config
X-B3-TraceId-Primal
X-SERVER
X-Ttl
X-Newrelic-App-Data
ServerID
X-Varnish-Backend
X-B3-Sampled
Liferay-Portal
X-GUploader-UploadID
X-Node-Name
X-Platform-Server
X-Content-Security-Policy-Report-Only
X-FB-Debug
X-Cache-Rule
DC
AR-Request-ID
X-Cluster
X-Instance
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-AOL-HN
X-Webkit-CSP
Cache-Tag
X-B-Cache
X-Akamai-Edgescape
X-Signature
X-Cache-2
X-Cache-Control
X-Whom
X-BCube-Filmed-By
X-Framework
X-LB-Cache
X-Varnish-Hostname
X-Page-Id
X-Device-Type
X-Handled-By
Cleartype
X-Request-Guid
X-App-Environment
Eomportal-Instance
X-WPE-Loopback-Upstream-Addr
X-Generated-By
Public-Key-Pins-Report-Only
X-Activity-Id
X-Az
X-AppVersion
X-Esi
X-Srv
X-NWS-LOG-UUID
X-Cache-Action
X-Drupal-Cache-Contexts
Accept-Charset
X-Cache-Server
X-App-Server
Source
X-Seen-By
X-TT
X-Via-JSL
X-Wix-Request-Id
MS-CV
X-Fastcgi-Cache
ViewerVersion
Retry-After
X-Content-Powered-By
X-Amz-Replication-Status
X-App-Version
X-Hostname
X-VCache
Alternate-Protocol
HostName
X-Ruxit-Js-Agent
Upgrade-Insecure-Requests
X-HS-Combine-CSS
X-Correlation-Id
X-Varnish-Server
X-WA-Info
X-Varnish-Grace
Server-Node
Webserver
X-Geo-Country
X-Cache-NE
X-Tumblr-Pixel-1
X-Response-Served-From
X-WebKit-CSP-Report-Only
AsisCache
X-Tumblr-Pixel-2
X-GeoIP
X-Amzn-RequestId
X-Locale
SRV
X-Amz-Apigw-Id
Actual-Object-TTL
X-URL
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Serve
X-Varnish-Hits
ServedBy
GEO-INFO
X-FW-Hash
X-Edge-Cache
X-Edge-Cache-Key
Viewport
X-Contextid
Payment
X-Jobs
X-RequestSource
X-Servedby
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-S
X-UUID
X-Status
X-TX-ID
AR-SID
X-Cache-TTL-Remaining
X-Varnish-IP
X-Correlation-ID
X-Adobe-Loc
X-Adobe-Content
X-TT-TIMESTAMP
X-Daa-Tunnel
X-Origin-Server
X-Cacheable-TTL
CACHE
X-Cache-Operation
X-Vg-Webcache
PageSpeed
X-Sucuri-ID
Pagespeed
Datacenter
X-Hyper-Cache
Served-By
X-Forwarded-Host
Server-Info
Country
Cache
X-Amz-Server-Side-Encryption
X-TIME
S-Cnection
X-Region
X-Akamai-Request-ID2
From-Origin
X-Mode
X-Cache-Age
X-RateLimit-Limit
X-DataStream-Cache-Status
X-CLOUD-TRACE-CONTEXT
X-Ezoic-Cdn
Access-Control-Allow-Method
X-Access
X-Cache-Var-Map
X-Cache-Var
X-Cache-Config
X-Amz-Meta-Surrogate-Control
X-L-Path
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
X-Zipkin-Id
X-Rule
X-Upgrade-Enabled
Machine
X-Section
X-Ocache
X-RN-RSRV
X-Site-Version
X-Path-Route
X-Routing-Service
X-Detected-As
X-Is-Bot
X-JoinUs
X-Generated
X-Format
X-Environment-Context
X-Rendered-As
X-Proxy
HitInfo
Meta-Geo
X-Proxied
HitType
DB-Nickname
X-Birta-Cache-Post
X-Request-Time
X-Agile
X-Agile-Age
Fastcgi-Useragent
X-Viewer-Country
X-Agile-Id
X-Akamai-Transformed
LB
X-EIG-Tracking-Id
X-NGENIX-Cache
X-Hosted-By
Now
X-Grey
X-CDN-Cache
X-Cache-Category-Id
L5d-Success-Class
X-Birta-Served
X-Real-IP
Property-Id
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
S-Rt
Azure-SlotName
Healthy
TWC-GeoIP-LatLong
Azure-Version
OT-Force-Account-Verify
X-Labrador-Cache-Channel
X-PCL
X-Pc-Key
X-Pc-Hit
X-Pc-Appver
X-Microcachable
Azure-SiteName
X-ServerID
X-Tb
X-TNCMS
X-Via-Fastly
X-Origin-Hint
X-OCL
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
X-CCM
X-Content-Type
X-Loop
X-Human
X-Hit
X-FC-Vary-Parameters
TWC-Locale-Group
Cache-Name
Content-Script-Type
Azure-RegionName
Content-Style-Type
Azure-InstanceId
X-Origin
X-Original-Request
X-OVcl
X-LJ-Flow-ID
X-IP
X-Cluster-Node
X-OVcl-Cache
X-AWS-Id
X-BYPASS-REASON
X-ProxyCache-Status
X-Upstream-HT
X-VG-TLSProxy
X-VWS-Id
X-Xfnlog-Site
X-Upstream-CT
X-SplitTest
X-Source
X-Pubstack
X-RemovedCookies
X-Rocket-Nginx-Bypass
X-ProxyCache-Key
X-ProcessESI
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-Sorting-Hat-ShopId
X-Cache-Enabled
X-Alternate-Cache-Key
X-Www-Served-By
X-ShardId
X-XRDS-LOCATION
X-Ms-Version
X-Proxy-Build
X-Ms-Request-Id
X-Ms-Lease-Status
Mn-Server-Ip
X-Ms-Blob-Type
Xserver
X-Timing-Wait
Selected-FE
Accept-Language
X-Via-CDN
Cache-Hits
X-Web-Node
IBM-Web2-Location
X-Guploader-Uploadid
X-Real-Ip
Access-Control-Request-Headers
X-App-Name
X-TWH-CORRELATION-ID
X-RTag
X-Transaction
X-UA
X-Distil-CS
X-Connection-Hash
X-Twitter-Response-Tags
Origin-Cache-Control
X-NodeID
Origin-Edge-Control
NtCoent-Length
X-Port
Ms-Operation-Id
Time
X-GRACE
X-Cache-Remote
X-Unique-ID
X-MP-GENERATED-AT
X-Origin-CC
X-Nginx-Cache
X-Edge-IP
Backend
NGB
X-Varnish-Cacheable
X-Pc-Host
X-Pc-Date
X-Cdn-Forward
X-Internal-Host
X-NCache
Mail-Subject
X-Debug-Cache
We-Hiring
X-APP-VERSION
X-Geo
X-Tumblr-Pixel-3
X-Ratelimit-Limit
Filters
User-Agent
X-Sucuri-Cache
X-Proto
X-Cache-TTL
X-Storage
X-Time-Microsecs
X-Vgn-Hpd-Reason
X-Newrelic-Synthetics
X-Varnish-Cache-Hits
X-Mrs-Cache
X-Mshield-Cache-Status
X-Mrs-Age
X-Csrf-Token
X-Mrs-Cache-Hits
X-CACHE-GROUP
X-PERF
X-Webstats-RespID
X-ApacheServer
X-Urbn-Context-Path
X-Urbn-Site-Id
X-CACHE-AGE
X-Backend-Name
Locale
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Fastly-SSL
Warning
X-Akamai-Request-ID
Cache-Tags
X-Ua
X-ElasticPress-Search
X-C
X-CACHE-KEY
X-UA-Device-Type
Cache-Key
X-Dc
X-PHP-Backend
X-EdgeConnect-Cache-Status
X-Endurance-Cache-Level
X-B3-Spanid
HA-Geolat
HA-Georegion
X-A
Server-Host
HA-Geolon
X-A-Ccd
HA-Geocountry
FSS-Cache
Fly-Request-Id
Fly-Cache
FSS-Proxy
GMS-Ver
Ha-Gx-Prefs
HA-Geocity
HA-Cloudapp
SN
VivaBuild
Rt-Proxy-Cache
Mobile-Detection-Method
UCS
X-A-Dam
Resin-Trace
X-SRCache-Key
TSSecure
Odigeo-Trace-Id
Meta-Geo-Continent
MD5-Digest
Rendered-Blocks
HA-Servedtime
HA-Ipaddr
Viewtype
HA-Urlpath
X-Store
X-Sn-Servicetimems
V-Age
HA-Host
X-BBXSRF
X-Logtrace-Id
X-Developers
X-Irp-Debug
X-Died
X-IN-WAF
X-Developer
X-Destination
X-Date
X-D
X-Debug-Cookies
X-Debug-Log
X-NU-AKA-ACS-Version
X-DPWN-IS-SECURE
X-Epic-Correlation-Id
X-ScT
X-Generated-In
X-GeoIP-Country-Code
X-Hash
X-S-Cookie
X-G
X-From
X-Eu-Site
X-IN-SSL-APIGATEWAY
X-External-Request-Id
X-F5-Cache
X-Fetched-On
X-NX-Host
X-Server-By
X-Backend-Host
X-B-Cookie
X-Backend-TTL
X-Backend-Url
X-BB-ID
X-Application
X-Region-Sid
X-A-Wwc
X-A-Dgt
X-Accel-Expires-Debug
X-Aed
X-Amz-Meta-Cache-Control
X-IN-APIGATEWAY
X-Cache-Bucket
X-CGP
X-CF-Lambda-Version
X-Rojux
X-PAYTM-SRV-ID
X-Org
X-CF-Lambda-Fn
X-Cdn-Origin
X-Rewrite-Enabled
X-Cache-Host
X-Platform
X-Server-Time
Fastly-Soc-X-Request-Id
X-A-Dcw
Ec-Rule-Version
Apple-News-Services-Handled
Ajk
X-Trv-Group
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
BehaviorPad-Version
Arc-Country
Apple-News-Services-Request-Url
X-UE-Client-Country
X-Cache-Backend
X-Wikidot-Static-Cache
Xc-Version
X-Nc
X-Via-SSL
X-Dynatrace-Js-Agent
X-VG-WebServer
X-Via-Edge
Cache-Prefix
X-Wikidot-Backend
Content-Disposition
X-Powered-By-ANYU
X-NC
User-Cache-Control
WZWS-RAY
Decoy-Debug-Status
X-Cache-URL
X-Cache-Id
X-Server-IP
X-Worker
X-CDN-Forward
Decoy-Debug-Key
X-Clientip
X-Dispatcher-Server
X-We-Are-Hiring
Fastly-SWR
Www
X-V
Thinkindot-Control
Thinkindot-CacheControl-Type
X-ABtesting
Countrycode
X-Backend-State
X-VServer
Fastly-SIE
X-Auto-Login
X-ServiceProvider
X-Secret
X-FW-Version
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Qloud-Router
X-Varnish-Beresp-Ttl
X-Reboot
X-Redis-Cache
X-Response-By
X-Request-URI
X-Request-Start
X-Release
X-Owner
X-No-Session
X-Hello
X-GeoIP-City
X-Gannett-Site-Version
Thinkindot-CacheControl
X-Hl-Ver
X-S-Maxage
X-Matched-Rule
X-Location
X-Layer
X-Key
X-Flog
Decoy-Debug-TTL
RNT-Machine
X-SIPLIST1
Backend-Name
Memcached
Frame-Options
Origin
Heartbleed
Pramga
X-Trace-Id
X-Thinkindot-L3
Release
Country-Code
GW-Server
RNT-Time
AKAMAI
IsBot
Server-ID
X-User
Platform
X-Phone
X-Device-Os
X-Distributor
X-Passed-To-PostProcessResponse
X-Core-Value
X-Passed-To-DLL
X-Sentry-ID
Kp-EeAlive
X-Policy
X-Li-Pop
X-Returned-From-DLL
X-LI-Proto
X-Returned-From-PostProcessResponse
X-Li-Fabric
X-Croise-Owner
X-Passed-To-BeforeDispatch
X-Served-From
Magicmarker
X-Instance-Name
Is-Eu
X-Node-Id
X-Goog-Meta-Goog-Reserved-File-Mtime
Adler-Geo
X-Nginx-Cache-Key
X-MSEdge-Features
X-Info
X-Hnp-Log
MI-Cache
X-DC
On-Server
X-Passed-To
X-Fastly-Cache
X-Stale
MI-Cache-Age
X-Gen-Mode
X-LI-UUID
X-MI-In-Market
X-MSEdge-Flight
X-Core-Mission
Section-Io-Cache
X-Sf
X-Actual-URL
X-Up
CDCHOST
X-Swa-Ws
Esi-Enabled
Fastly-Backend-Name
X-VCT
X-Varnish-Action
Uber-Trace-Id
True-Client-Country-4JS
X-Returned-From
X-Var-Ttl
X-Variation
X-Request-UUID
Web-Mar-Node
Server-Int
X-Bip
X-UnsetCookies
Request-EU
Pragrma
X-RCS-CacheZone
Request-Country
X-Block-Status
X-Cache-Srv
X-Thanos
X-Returned-From-BeforeDispatch
X-Cache-Debug
X-Cache-Expires
X-Datadome
REQUESTUUID
Cache-Cookie-Set-Lfrom
X-Crawler
X-CUA
Cache-Cookie-Set-From
Proxy-Connection
X-Ms-Lease-State
X-WebServer
X-Cache-CFC
Powered-By
Cache-Cookie-Set-Idcheck
X-P-T
X-Fstrz
X-TT-LOGID
NodeID
X-Via-NSCOPI
Pagetype
X-Refresh
MI-API
X-Page-Type
RequestId
HTTPS
X-NODE
ProcessTime
X-HOST
X-Origin-Response-Time
X-BB-IP
X-SVT-ORM-RULES
Cteonnt-Length
X-SVT-ORM-VERSION
X-MServer
MIME-Version
X-Servername
X-SN
X-NWS-UUID-VERIFY
Version
X-Pjax-Url
X-Kong-Proxy-Latency
X-Oss-Request-Id
X-Kong-Upstream-Latency
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Req
X-Oss-Server-Time
X-Oss-Storage-Class
X-Be
X-Parent-Response-Time
X-Cache-FS-Status
Memory
X-GZip
X-Origin-TTL
X-Oracle-Dms-Ecid
Cdn
X-Ckpd-Fst-Backend
V-Cache
Group
Who
X-Unique-Id-Primal
Amp-Access-Control-Allow-Source-Origin
Fusion-Source
Mime-Version
X-Aicache-OS
Fusion-Content-Source
X-Servedbyhost
CF-IPCountry
X-Content-Age
Fusion-Content-Id
Fusion-Template-Id
Fusion-Component-Id
X-ND-Cache
SS
X-SRV
X-Vcache
X-Wa
X-Varnish-Url
X-COUNTRY
PageType
Cdn-Request-Time
CDN
X-Varnish-Beresp-TTL
GeoIP-Country-Code
X-Protected-By
X-Edge-Server
Cdn-Host
X-GEO
X-Time
XServer
X-Pf-Uncompressing
X-Generation-Time
X-RateLimit-Remaining-Second
X-Ratelimit-Remaining
X-Server-Group
X-RateLimit-Limit-Second
X-APP
X-Unique-Id
GeoIP-Latitude
X-FireWall-Port
X-Cache-Info
Get-Access-Time
GeoIp-Country-Code
SD-X-WS
Is-Session-Tracking
Geoip-Latitude
X-Fastly-Cache-Hits
X-B3-Traceid
A
X-WA
X-EC-Security-Audit
X-CS
Serverid
X-Check-Cacheable
X-Requestid
X-Origin-Expires
X-Origin-Date
X-M-Reqid
X-M-Log
X-Qnm-Cache
X-CSRF-Token
X-FORWARDED-FOR
PICS-Label
X-StackifyID
NGX
T-Server
X-Surge-Debug
X-Server-W
X-Gdpr
Nel
Cf-Ipcountry
X-HTML-Minification-Powered-By
X-ID
Load-Balancing
X-Fastly-Country-Code
X-Origin-Host
X-Nananana
ServerName
X-Load-Cache
X-RequestId
X-SERVER-NAME
X-ServedByHost
DataCenter
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
URI
X-HS-Status
Node
X-PHP-Host
Hostname
Processtime
X-ARC
X-Skip-Cache
X-NGINX-Cache
X-GZIP
X-Feature
X-PF-Uncompressing
X-VG-WebCache
X-Proxy-Cache-Status
X-Proxy-Upstream
WP-Super-Cache
X-UPSTREAM-Address
X-Proxy-Server
Vix-Hermes-Req-Id
X-Alicdn-Da-Ups-Status
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-B3-SpanId
X-BE
X-Akamai-SSL-Client-Sid
X-PJAX-URL
X-Fe
X-ServerName
Cache-Provider
X-Atg-Version
X-Planisys-CDN-Cache
X-IPS-LoggedIn
Requestid
X-Planisys-CDN-TTL
X-Fastly-Backend-Reqs
X-Planisys-CDN-Rules
X-Cache-Ttl
X-HTML-Edge-Cache
Https
RequestUuid
X-SB
X-Cdn-Srv
X-WR-MODIFICATION
X-PAGE-TYPE
Cneonction
X-Distil-Cs
Powered
N-Cache
Lfy
X-From-Cache
X-VC
Request-Time
X-Grace-Duration
X-CSRF-TOKEN
Cdn-Src-Port
X-Dw-Trace-Id
X-RAMCache
SID
Build-Number
X-Content-Encoded-By
X-Gen-Id
X-Serial