Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
X-Content-Type-Options
Pragma
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Served-By
Referrer-Policy
X-Xss-Protection
X-Varnish
X-Request-Id
X-Timer
CF-Cache-Status
X-AspNet-Version
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
Status
Timing-Allow-Origin
X-Template
X-Language
X-Permitted-Cross-Domain-Policies
X-FRAME-OPTIONS
X-Iinfo
Content-Encoding
X-CDN
X-Content-Security-Policy
X-Buckets
X-Turbo-Charged-By
X-Type
Upgrade
WPE-Backend
X-Pass-Why
X-Request-ID
Keep-Alive
X-Cache-Group
X-AH-Environment
Xkey
X-Backend
Access-Control-Max-Age
X-Age
Access-Control-Expose-Headers
X-Via
EagleId
X-Drupal-Dynamic-Cache
X-Nginx-Cache-Status
X-Server-Powered-By
X-Amz-Id-2
X-Amz-Request-Id
X-Pingback
X-Server
X-Swift-CacheTime
X-Swift-SaveTime
X-Hacker
Grace
X-UA-Device
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Robots-Tag
P3p
Cf-Railgun
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-LiteSpeed-Cache
Request-Context
X-Device
X-Ac
X-Kinja-Server-Push
Content-Location
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Lookup
X-Amz-Version-Id
X-Response-Time
X-OneAgent-JS-Injection
X-Host
X-Backend-Server
X-Cnection
Surrogate-Control
X-Rq
X-Server-Id
X-Readtime
X-Rack-Cache
Server-Timing
Report-To
X-Node
X-Cloud-Trace-Context
EagleEye-TraceId
X-WebKit-CSP
X-Application-Context
Request-Id
X-ORACLE-DMS-ECID
Feature-Policy
X-Ua-Compatible
X-Instart-Request-ID
X-Iejgwucgyu
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Edge-Control
X-CST
Pinterest-Generated-By
X-Country
NEL
X-Px
Rating
X-Url
X-Server-Name
X-Country-Code
X-Ruxit-JS-Agent
X-DataDome
X-TTL
X-Origin-Cache
X-Varnish-TTL
X-DynaTrace
X-MS-InvokeApp
Allow
X-Vhost
X-PC
X-Vname
X-TtlSet
X-Cached
X-FTR-Request-ID
RTSS
X-ESI
X-Goog-Hash
X-Powered-CMS
X-DynaTrace-JS-Agent
Charset
X-Powered-By-Plesk
X-VARITI-CCR
X-Server-ID
Accept-CH
X-D2id
X-GitHub-Request-Id
Public-Key-Pins
X-Dispatcher
X-Mod-Pagespeed
X-Oracle-Dms-Rid
X-Mobile-Rewrite
Arc-Version
PB-PID
PB-RID
X-F-Cache
X-Trace
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Server
X-Kinja-Revision
X-Exp-Variant
X-Kinja-Build
X-Cdn-Fetch
X-Kinja
MS-Author-Via
X-Version
SPRequestGuid
Content-MD5
Verso
X-SharePointHealthScore
X-T
X-Recruiting
Nginx-Cache
X-Shield-Request-Id
X-Client-IP
SPRequestDuration
X-Abt-Application-Version
SPIisLatency
X-Forwarded-Proto
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Accept-CH-Lifetime
X-DIS-Request-ID
X-N
X-HW
X-Navigation-Version
X-B3-TraceId
X-Dw-Request-Base-Id
X-Amz-Rid
X-Pinterest-Rid
X-Upstream-Env
Pinterest-Version
X-Origin-Upstream-Status
X-Webkit-Csp
Fastly-Restarts
X-Upstream
X-XRDS-Location
X-SRCache-Fetch-Status
X-SRCache-Store-Status
AR-ATIME
AR-PoweredBy
X-B
AR-CACHE
X-Fastly-Request-ID
Paypal-Debug-Id
X-ORACLE-DMS-RID
X-Hits
X-Wix-Server-Artifact-Id
X-Accel-Buffering
X-Amz-Meta-S3cmd-Attrs
TCN
DynaTrace
Realpath
Arr-Disable-Session-Affinity
X-Content-Options
X-Pad
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-NF-Request-ID
Service-Worker-Allowed
X-Content-Digest
X-Id
X-Goog-Storage-Class
Tracecode
X-Ser
X-Acc-Meta-Resource-Type
Access-Control-Request-Method
X-Varnish-Age
S
Front-End-Https
X-Amz-Cf-Pop
X-Debug
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Sol
X-Middleton-Display
Display
X-Vcap-Request-Id
X-RateLimit-Remaining
X-FastCGI-Cache
X-Kinsta-Cache
X-MSEdge-Ref
X-PressLabs-Stats
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-FTR-Expires
X-Frontend
X-IPLB-Instance
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-Cache-Hit
X-ATG-Version
Surrogate-Key
Powered-By-ChinaCache
X-Geo-Segment
X-HS-Hub-Id
X-HS-Content-Id
X-Forwarded-For
X-Zen-Fury
X-Grace
Response
X-NewRelic-App-Data
X-Middleton-Response
Fastcgi-Cache
Rt-Fastcgi-Cache
Server-Name
X-CF-Powered-By
X-Logged-In
X-Oneagent-Js-Injection
X-Litespeed-Cache
X-Analytics
Backend-Timing
X-Mobile
TP-Cache
Host
X-Rid
X-Debug-Info
X-Revision
TP-L2-Cache
X-Akam-SW-Version
X-Amzn-Trace-Id
FilterID
X-FTR-Cache-Host
X-User-Agent
X-Edge-Location
X-Request-Received
X-Request-Processing-Time
X-SS-Set-Cookie
AMP-Access-Control-Allow-Source-Origin
X-TA-CDN-Provider
MicrosoftSharePointTeamServices
X-Ttl
Cache-Status
Edge-Cache-Tag
X-Cached-By
X-Cache-Key
X-Accel-Expires
X-SERVER
Refresh
X-Magnolia-Registration
Host-Header
Ar-Sid
X-Drupal-Cache-Tags
X-GUploader-UploadID
Liferay-Portal
X-Cache-Rule
X-Varnish-Backend
ServerID
X-Webkit-CSP
X-Node-Name
X-Framework
X-Akamai-Edgescape
X-FB-Debug
X-Newrelic-App-Data
X-Whom
X-B3-Sampled
X-Varnish-Hostname
DC
X-Tumblr-Pixel-0
X-AOL-HN
X-HS-Cache-Config
X-Tumblr-Pixel
X-Tumblr-User
X-Platform-Server
X-Cluster
Cache-Tag
X-Cache-2
Public-Key-Pins-Report-Only
X-Cache-Control
X-Content-Security-Policy-Report-Only
X-Instance
X-B-Cache
X-Signature
X-Page-Id
X-Request-Guid
X-LB-Cache
X-Device-Type
X-App-Environment
X-BCube-Filmed-By
Cleartype
X-Handled-By
Accept-Charset
X-Srv
X-AppVersion
X-Activity-Id
X-Az
Eomportal-Instance
X-WPE-Loopback-Upstream-Addr
X-B3-TraceId-Primal
X-Generated-By
X-TT
AR-Request-ID
X-Use-Magma
Upgrade-Insecure-Requests
X-Cache-Action
X-Fastcgi-Cache
X-App-Version
MS-CV
X-Seen-By
X-Cache-Server
X-Wix-Request-Id
ViewerVersion
X-Via-JSL
X-Drupal-Cache-Contexts
X-NWS-LOG-UUID
X-Correlation-Id
X-App-Server
Source
X-Esi
X-Amz-Replication-Status
Retry-After
X-VCache
X-Content-Powered-By
HostName
X-URL
Alternate-Protocol
X-Varnish-Server
X-WA-Info
X-Adobe-Loc
X-Tumblr-Pixel-2
X-Adobe-Content
X-Cache-NE
X-Response-Served-From
X-Tumblr-Pixel-1
Server-Node
SRV
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Serve
Actual-Object-TTL
X-GeoIP
X-Cache-TTL-Remaining
X-Hostname
Webserver
X-FW-Hash
X-WebKit-CSP-Report-Only
X-Status
X-Jobs
X-Locale
X-UUID
X-Edge-Cache
X-Amzn-RequestId
X-Varnish-Grace
Payment
X-RequestSource
X-Edge-Cache-Key
X-Amz-Apigw-Id
AR-SID
CACHE
AsisCache
GEO-INFO
X-Servedby
ServedBy
X-Contextid
X-HS-Combine-CSS
X-Varnish-Hits
X-S
X-Yottaa-Metrics
X-Yottaa-Optimizations
Viewport
X-TX-ID
X-Geo-Country
X-Varnish-IP
X-Dns-Prefetch-Control
X-TT-TIMESTAMP
X-Vg-Webcache
Pagespeed
Country
X-Origin-Server
X-Correlation-ID
X-RateLimit-Limit
PageSpeed
X-Cache-Operation
X-Sucuri-ID
X-Cacheable-TTL
X-Daa-Tunnel
Server-Info
Served-By
Datacenter
X-Region
X-Hyper-Cache
X-Akamai-Request-ID2
X-Real-IP
From-Origin
X-Cache-Age
X-Amz-Server-Side-Encryption
X-Forwarded-Host
Content-Script-Type
Content-Style-Type
X-Mode
HitType
X-Ezoic-Cdn
HitInfo
X-DataStream-Cache-Status
Cache
X-XRDS-LOCATION
X-Hit
Fastcgi-X-Cache-Version
X-Akamai-Transformed
X-Cache-Var
X-Proxied
Azure-RegionName
Machine
X-App-Name
X-RN-RSRV
X-Amz-Meta-Surrogate-Control
X-Access
Fastcgi-X-Cache
Meta-Geo
X-Proxy
X-Cache-Var-Map
X-JoinUs
X-Rule
X-Section
X-ServerID
X-Generated
X-Format
X-Routing-Service
X-Rendered-As
Azure-SiteName
Azure-SlotName
X-Rocket-Nginx-Bypass
Azure-InstanceId
X-Detected-As
Azure-Version
X-TIME
X-Is-Bot
X-Tb
S-Cnection
X-Upgrade-Enabled
X-Zipkin-Id
X-Site-Version
Webcakes-App-Version
Webcakes-App-Name
Mn-Server-Ip
X-Hosted-By
X-NGENIX-Cache
Webcakes-Region
X-Request-Time
X-Cache-Config
TWC-Device-Class
TWC-Connection-Speed
X-Ocache
OT-Force-Account-Verify
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Locale-Group
X-Source
Now
TWC-Privacy
X-CDN-Cache
LB
X-L-Path
X-Agile
Healthy
L5d-Success-Class
X-Origin-Hint
DB-Nickname
X-Content-Type
X-Origin
X-TWH-CORRELATION-ID
Property-Id
X-VG-TLSProxy
Access-Control-Allow-Method
X-Agile-Id
X-Agile-Age
X-Environment-Context
Fastcgi-Useragent
Cache-Name
X-FC-Vary-Parameters
X-OCL
X-EIG-Tracking-Id
X-Birta-Cache-Post
S-Rt
X-Upstream-CT
Xserver
X-TNCMS
X-Distil-CS
X-Loop
X-Cache-Category-Id
X-Upstream-HT
X-Birta-Served
X-Grey
X-Via-Fastly
X-Human
X-Viewer-Country
X-PCL
X-Cluster-Node
X-Labrador-Cache-Channel
X-AWS-Id
X-LJ-Flow-ID
X-BYPASS-REASON
X-OVcl
X-ProcessESI
X-VWS-Id
X-Pc-Key
X-CCM
X-ProxyCache-Key
X-RemovedCookies
X-Xfnlog-Site
X-ProxyCache-Status
X-Pc-Appver
X-Pc-Hit
X-SplitTest
X-Original-Request
X-OVcl-Cache
IBM-Web2-Location
X-IP
X-Timing-Wait
X-Microcachable
X-Ms-Version
X-Www-Served-By
X-Pubstack
X-Ms-Request-Id
Accept-Language
X-Ms-Lease-Status
Selected-FE
X-Proxy-Build
X-Ms-Blob-Type
X-Cache-Enabled
X-ShopId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
Access-Control-Request-Headers
X-NodeID
X-ShardId
X-Alternate-Cache-Key
X-Path-Route
X-RTag
X-GRACE
X-Guploader-Uploadid
X-Connection-Hash
Cache-Hits
X-Port
X-Twitter-Response-Tags
X-Via-CDN
X-Transaction
X-Web-Node
X-Unique-ID
X-HOST
Ms-Operation-Id
X-Cache-Remote
User-Agent
X-MP-GENERATED-AT
Origin-Edge-Control
Origin-Cache-Control
Time
Backend
NtCoent-Length
X-Varnish-Cacheable
X-Geo
X-Origin-CC
X-UA
X-Edge-IP
X-Varnish-Cache-Hits
X-Nginx-Cache
X-Debug-Cache
X-Cdn-Forward
X-Cache-TTL
X-NODE
Mail-Subject
X-Sucuri-Cache
We-Hiring
X-CACHE-KEY
X-Real-Ip
X-Internal-Host
X-NCache
X-Pc-Host
X-APP-VERSION
X-Pc-Date
X-Tumblr-Pixel-3
Fastly-SSL
NGB
X-Proto
X-Csrf-Token
X-Mrs-Cache
Filters
X-Mshield-Cache-Status
X-Mrs-Cache-Hits
X-Newrelic-Synthetics
X-Mrs-Age
X-Ruxit-Js-Agent
X-CACHE-GROUP
X-PERF
Warning
X-ApacheServer
X-Ratelimit-Limit
X-Ua
X-Vgn-Hpd-Reason
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
X-Time-Microsecs
X-Storage
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-C
X-CDN-Forward
Cache-Key
X-Akamai-Request-ID
X-Webstats-RespID
X-Dc
X-Nc
X-ElasticPress-Search
X-EdgeConnect-Cache-Status
X-Backend-Name
X-Endurance-Cache-Level
WZWS-RAY
X-Powered-By-ANYU
X-CACHE-AGE
User-Cache-Control
Arc-Country
X-CF-Lambda-Fn
Apple-News-Services-Request-Url
HA-Cloudapp
HA-Geocity
X-CGP
X-CF-Lambda-Version
GMS-Ver
X-Date
TSSecure
Viewtype
X-DPWN-IS-SECURE
FSS-Proxy
X-Core-Mission
X-Died
X-Destination
X-Croise-Owner
Cache-Prefix
X-Developers
HA-Geocountry
X-D
Fly-Cache
X-Developer
BehaviorPad-Version
FSS-Cache
Fly-Request-Id
Ec-Rule-Version
X-Distributor
UCS
Thinkindot-CacheControl-Type
X-Amz-Meta-Cache-Control
X-Aed
X-Accel-Expires-Debug
Rendered-Blocks
X-Application
X-B-Cookie
Odigeo-Trace-Id
Origin
SN
Www
X-A-Wwc
X-A-Dgt
Section-Io-Cache
Server-Host
X-A
Server-Int
Rt-Proxy-Cache
X-A-Ccd
X-A-Dcw
Resin-Trace
X-A-Dam
NodeID
Mobile-Detection-Method
HA-Ipaddr
HA-Servedtime
HA-Urlpath
X-Cache-Srv
HA-Host
Thinkindot-Control
HA-Geolon
HA-Georegion
Ha-Gx-Prefs
IsBot
X-Cache-Bucket
X-BB-ID
Thinkindot-CacheControl
VivaBuild
X-Backend-TTL
Meta-Geo-Continent
X-BBXSRF
Magicmarker
MD5-Digest
Apple-News-Services-Parsed-Url
HA-Geolat
X-Gannett-Site-Version
X-Region-Sid
X-Platform
X-Rewrite-Enabled
X-Rojux
X-ScT
X-S-Cookie
X-Phone
X-PAYTM-SRV-ID
X-MSEdge-Features
X-Matched-Rule
X-MSEdge-Flight
X-Nginx-Cache-Key
X-Org
Apple-News-Services-Host
X-Secret
X-Server-By
X-Via-Edge
X-VG-WebServer
X-Via-SSL
X-Wikidot-Backend
Xc-Version
X-Wikidot-Static-Cache
X-Up
X-UE-Client-Country
X-SIPLIST1
X-Server-Time
X-SRCache-Key
X-Store
X-Trv-Group
X-Thinkindot-L3
X-Logtrace-Id
X-NU-AKA-ACS-Version
X-GeoIP-Country-Code
X-G
X-F5-Cache
X-Hash
X-Fastly-Cache
Cache-Tags
V-Age
X-Generated-In
X-From
X-Fetched-On
X-External-Request-Id
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Eu-Site
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-Hl-Ver
Ajk
X-Irp-Debug
X-Epic-Correlation-Id
Apple-News-Services-Handled
X-IN-WAF
X-Fstrz
X-FW-Version
X-ABtesting
X-Debug-Cookies
X-Swa-Ws
X-VServer
X-Dispatcher-Server
X-We-Are-Hiring
X-UnsetCookies
X-Debug-Log
X-Flog
X-Sn-Servicetimems
X-Backend-Host
X-NX-Host
X-Cache-CFC
X-Owner
X-Clientip
X-Hello
X-Cache-Host
X-Layer
X-Location
X-Cdn-Origin
X-No-Session
X-Reboot
X-Backend-Url
X-Response-By
X-Key
X-Auto-Login
X-Core-Value
X-Request-Start
X-Release
X-Redis-Cache
X-GeoIP-City
X-Backend-State
X-S-Maxage
X-Cache-Expires
GW-Server
Heartbleed
Content-Disposition
Pramga
Frame-Options
Cache-Cookie-Set-Lfrom
Memcached
AKAMAI
Backend-Name
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Countrycode
Country-Code
Server-ID
RNT-Time
X-Cache-Backend
RNT-Machine
Release
X-Varnish-Beresp-Ttl
X-B3-Spanid
X-Datadome
X-NC
X-BB-IP
X-TT-LOGID
X-CUA
Adler-Geo
Fastly-Soc-X-Request-Id
X-V
X-Device-Os
CDCHOST
Esi-Enabled
X-Variation
Decoy-Debug-Key
Decoy-Debug-Status
X-Gen-Mode
X-Worker
X-Li-Pop
X-WebServer
X-Hnp-Log
X-Li-Fabric
Decoy-Debug-TTL
X-LI-Proto
X-User
X-Node-Id
X-Request-URI
X-Var-Ttl
X-MI-In-Market
X-LI-UUID
X-VCT
X-Varnish-Action
X-ServiceProvider
X-Trace-Id
X-Request-UUID
Uber-Trace-Id
Pragrma
X-Returned-From
Platform
MI-Cache-Age
X-Rebelmouse-Surrogate-Control
X-Sf
MI-Cache
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Served-From
Web-Mar-Node
X-Sentry-ID
X-Server-IP
X-Returned-From-PostProcessResponse
X-Actual-URL
Request-Country
Request-EU
Fastly-Backend-Name
X-Bip
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Block-Status
X-Passed-To
X-Instance-Name
X-Crawler
Fastly-SIE
Fastly-SWR
X-Cache-URL
X-Thanos
Is-Eu
X-Cache-Debug
Kp-EeAlive
X-Rebelmouse-Cache-Control
X-Stale
X-RCS-CacheZone
X-Policy
X-Cache-Id
Pagetype
X-UA-Device-Type
X-PHP-Backend
X-Via-NSCOPI
On-Server
X-Ms-Lease-State
X-Info
True-Client-Country-4JS
Proxy-Connection
X-P-T
X-Qloud-Router
REQUESTUUID
X-DC
Amp-Access-Control-Allow-Source-Origin
HTTPS
Cteonnt-Length
RequestId
MI-API
X-SN
ProcessTime
X-Ckpd-Fst-Backend
X-Be
Powered-By
X-Page-Type
X-Pjax-Url
X-CLOUD-TRACE-CONTEXT
MIME-Version
X-Servername
X-Req
X-Refresh
X-Dynatrace-Js-Agent
X-Kong-Upstream-Latency
Cdn
X-Kong-Proxy-Latency
X-Oracle-Dms-Ecid
X-NWS-UUID-VERIFY
Memory
X-Oss-Hash-Crc64ecma
X-MServer
X-Origin-TTL
X-Oss-Object-Type
X-GZip
X-SVT-ORM-VERSION
X-Oss-Request-Id
X-Oss-Storage-Class
X-SVT-ORM-RULES
X-Oss-Server-Time
Version
X-Origin-Response-Time
X-Content-Age
X-Parent-Response-Time
X-Cache-FS-Status
CF-IPCountry
Mime-Version
X-Unique-Id-Primal
Group
V-Cache
X-Aicache-OS
Who
X-ND-Cache
X-Servedbyhost
X-Varnish-Url
X-Time
X-Vcache
X-Pf-Uncompressing
X-COUNTRY
X-Generation-Time
X-RateLimit-Remaining-Second
Fusion-Source
X-RateLimit-Limit-Second
GeoIP-Country-Code
X-Wa
X-FireWall-Port
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Source
SS
X-Varnish-Beresp-TTL
Fusion-Content-Id
X-GEO
CDN
GeoIP-Latitude
X-Cache-Info
Cdn-Request-Time
X-Unique-Id
X-SRV
Cdn-Host
X-Fastly-Cache-Hits
X-Edge-Server
PageType
Get-Access-Time
Is-Session-Tracking
X-M-Reqid
X-M-Log
XServer
X-Qnm-Cache
X-Protected-By
GeoIp-Country-Code
X-EC-Security-Audit
X-CS
Geoip-Latitude
X-B3-Traceid
X-Surge-Debug
Serverid
X-Server-W
T-Server
X-WA
X-APP
NGX
X-Server-Group
Load-Balancing
ServerName
X-Ratelimit-Remaining
X-Requestid
X-HTML-Minification-Powered-By
SD-X-WS
X-Check-Cacheable
X-Origin-Expires
X-Origin-Date
Nel
X-CSRF-Token
Cf-Ipcountry
X-ID
A
X-Nananana
DataCenter
X-StackifyID
X-RequestId
X-ARC
X-SERVER-NAME
X-HS-Status
X-Skip-Cache
X-ServedByHost
X-Alicdn-Da-Ups-Status
Hostname
X-FORWARDED-FOR
Processtime
X-Proxy-Server
X-Feature
URI
X-Fastly-Country-Code
X-NGINX-Cache
X-Gdpr
X-UPSTREAM-Address
X-GZIP
PICS-Label
X-Load-Cache
X-PF-Uncompressing
X-ServerName
WP-Super-Cache
X-B3-SpanId
Cache-Provider
X-Fe
Node
X-PHP-Host
X-BE
X-VG-WebCache
X-Origin-Host
X-DataStream-Origin-MEX-Latency
X-Cdn-Srv
X-DataStream-MidMile-RTT
Cneonction
Powered
X-PAGE-TYPE
Lfy
X-Atg-Version
RequestUuid
X-HTML-Edge-Cache
X-Proxy-Upstream
Requestid
VIX-Pulpo-Node
X-IPS-LoggedIn
X-Content-Encoded-By
X-PJAX-URL
X-Proxy-Cache-Status
VIX-Pulpo-Upstream-Status
Https
X-Fastly-Backend-Reqs
X-From-Cache
Vix-Hermes-Req-Id
X-VC
N-Cache
X-Cache-Ttl
X-SB
Sid
X-Distil-Cs
X-GDPR
X-CSRF-TOKEN
X-Akamai-SSL-Client-Sid
Pics-Label
X-Serial
X-RAMCache
X-WR-MODIFICATION
PFcat
X-Grace-Duration
X-Gen-Id
X-Dw-Trace-Id
SID
Build-Number
Host-ID
Cdn-Src-Port
Xet-Cookie