Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.

Graph Criteria
  • Start Date:
  • End Date:
  • Header:
All Headers Active In The Past Month
Header Popularity
Content-Type
Date
Server
Connection
Set-Cookie
Cache-Control
X-Powered-By
Content-Length
Vary
Expires
Last-Modified
Pragma
Accept-Ranges
ETag
X-Pingback
P3P
X-AspNet-Version
Link
X-Content-Type-Options
X-XSS-Protection
Age
X-Cache
Alternate-Protocol
Content-Language
X-UA-Compatible
Content-Location
Via
X-Adblock-Key
X-Varnish
CF-RAY
Keep-Alive
X-Frame-Options
X-Check
X-Language
X-Template
X-Buckets
P3p
X-Cacheable
X-Generator
X-Hacker
X-Drupal-Cache
Access-Control-Allow-Origin
WP-Super-Cache
Status
MS-Author-Via
X-Powered-By-Plesk
X-Pad
X-AspNetMvc-Version
X-Runtime
MicrosoftOfficeWebServer
X-Powered-CMS
X-Geo
X-Geo-Port
X-Server
X-Request-Id
X-Host
X-Cache-Lookup
Access-Control-Allow-Credentials
X-Type
X-Cache-Group
X-Logged-In
X-XRDS-Location
X-Mod-Pagespeed
X-Rack-Cache
X-UA-Device
MicrosoftSharePointTeamServices
Strict-Transport-Security
Ngpass-All
Content-Encoding
X-Cache-Hits
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Host-Header
X-Tumblr-Pixel-1
SPRequestGuid
X-SharePointHealthScore
X-Via
X-INKT-SITE
X-INKT-URI
X-Robots-Tag
X-Tumblr-Pixel-2
X-Varnish-Cache
X-Webserver
X-Iinfo
X-CF-Powered-By
X-PhApp
X-Url
X-Forwarded-For
X-Cnection
Composed-By
X-ServedBy
X-Request-ID
Served-By
X-Accel-Version
X-Page-Speed
X-Firenze-Processing-Times
Access-Control-Allow-Headers
X-MS-InvokeApp
X-Backend
X-Hostname
X-Served-By
X-ContextId
Access-Control-Allow-Methods
X-CDN
X-Tumblr-Pixel-3
X-XN-Trace-Token
X-XN-XNHTML
X-ShardId
X-ShopId
X-Alternate-Cache-Key
X-Powered-By-360WZB
X-AH-Environment
X-PC-Hit
X-PC-Key
X-Stats-Visit-Token
X-PC-Date
X-Stats-Unique-Token
X-PC-Host
X-PC-AppVer
X-Umbraco-Version
Liferay-Portal
Content-Style-Type
Content-Script-Type
X-Cache-Info
X-Server-Name
X-FRAME-OPTIONS
X-Mobilized-By
Powered-By-ChinaCache
Cartoon
Refresh
X-From
X-Spip-Cache
X-HeyJason
X-Amz-Id-2
X-Cache-Server
X-Ac
Rating
X-Amz-Request-Id
SPRequestDuration
Request-Id
SPIisLatency
X-Outils-CS
Cf-Railgun
TCN
Thanks
Magicmarker
X-Content-Digest
X-W3TC-Minify
X-Amz-Cf-Id
X-Px
X-FB-Debug
X-TN-ServedBy
Real-Hostname
X-Cache-Status
X-PHP-Engine
X-Loop
X-VCache
Page-Completion-Status
X-Device
X-Generated-By
X-Content-Encoded-By
X-TNCMS-Version
X-TNCMS-Served-By
X-TNCMS-Render-Time
X-TNCMS-Memory-Usage
Imagetoolbar
X-Tumblr-Pixel-4
X-Original-Content-Length
X-Tumblr-Content-Rating
X-Powered-By-Anquanbao
X-SERVER
NS-RTIMER-COMPOSITE
X-Cached-By
IBM-Web2-Location
X-Served-From-Cache
X-Matrix-Proxy
X-Matrix-Server
X-Cached
Retry-After
X-PersistenceNode
PICS-Label
X-Cache-Result
X-Port
Set-Cookie2
X-Varnish-Cacheable
X-Art-Request-Id
X-Tumblr-Pixel-5
X-Firenze-Processing-Time
X-Timer
IISExport
X-Pantheon-Styx-Hostname
X-Pantheon-Endpoint
X-Varnish-TTL
X-Safe-Firewall
X-CMS-Version
X-Node
X-Backend-Server
X-SDS
Product
X-URL
CF-Cache-Status
X-DynaTrace
Access-Control-Max-Age
X-Age
X-Trace-App
X-PF-Uncompressing
X-Cache-Enabled
X-Cache-Hit
X-PERF
X-ApacheServer
X-Processed-By
X-I
X-DynaTrace-JS-Agent
X-FORWARDED-FOR
DynaTrace
Generator
X-Nitra-Side
X-Drectory-Script
X-UD-Host
X-ATG-Version
X-UD-Method
Pics-Label
X-Director
X-Purge-Host
S
X-Cache-Debug
Powered-By
X-Duration
Lsrequestid
X-DDC-Arch-Trace
RTSS
MIME-Version
ServerName
X-Rendering-Engine
Charset
X-ServerID
ServedBy
X-Srv
X-Varnish-Backend
X-App-Hosting
X-Vtex-Remote-Cache
X-Vtex-Cache-Key
X-DNS-Prefetch-Control
Content-Encoding-Handler
Proxy-Agent
AMF-Ver
X-Hits
X-Purge-URL
Cache
NODE
Accept-Encoding
Access-Control-Request-Method
Content-Security-Policy
X-NoCache
X-Cache-Expires
COMMERCE-SERVER-SOFTWARE
Surrogate-Control
Cm-Server
X-Distil-CS
VAR-Cache
X-CDN-Geo-IP
X-CDN-Geo
X-CDN-Any-IP
Filter-Revision
Edge-Control
X-Orig-Vary
X-Content-Options
X-Cookie-Domain
X-Xrds-Location
X-Sol
X-Expires-Orig
WWW-Authenticate
X-ServerName
CT
X-Server-ID
X-Vary-Options
X-Yadis-Location
Host
X-CJ-Soft
UniqueName
Id
MIH-CLIENT-FARM
X-Original-Request
X-AOL-SNH
SID
X-Cdn
X-Trace-Cache
MIH-PUBLIC-IDENTIFIER
MIH-PLATFORM
X-Microcachable
X-Hosted-By
Node
Accept-Charset
X-FW-Static
X-Actual-URL
X-Handled-By
X-Passed-To-BeforeDispatch
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Passed-To
X-Cache-Control-Orig
X-Returned-From-BeforeDispatch
X-FIRSTBase
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Returned-From
Content-Disposition
Machine
X-Time
X-PwB-Node
X-Gamma-Serve
X-LIGHTHTTP-PCDID
NetMindSessionID
X-CHSN
NtCoent-Length
X-ACMCache
QOR-Cache
SEOMOZ
X-SRV
X-Directory-Script
MJ12bot
X-Cluster-Node
LFY
SFY
X-TTL
X-Speed-Cache-Key
Server-Info
X-Pass-Why
X-Cache-TTL
X-Speed-Cache
Website-Info
MW-Webserver
A-Powered-By
X-HOSTNAME
Fhost
X-Front
Pool
X-LiteSpeed-Cache
X-Blog
Debug
Debug-Begin-IP
Debug-IP-Cntry
X-Session-Reinit
X-Engine
X-Sys-Req-ID
Pool-Info
X-GeoIP-Country-Code
X-Cache-Rule
X-Cache-Action
X-GeoIP-Country-Name
CommunityServer
X-Hyper-Cache
X-Permitted-Cross-Domain-Policies
X-Source-Host
X-Turbo-Control
Cache-By-Node
Location
Proxy-Connection
X-FW
X-UPSTREAM
X-MJ-Upstream-Addr
Webluker-Edge
X-Highwire-RequestId
X-WR-Flags
X-Ms-Invokeapp
X-ID
X-Id
X-Highwire-SessionId
X-Track
X-User-Agent
X-ProStores-StoreApiEntryPoint
X-Ttl
X-AspNetWebPages-Version
X-ACCELERATE
X-StoreSense
X-Cocoon-Version
X-ASTRO-REWRITE
X-Varnish-Hits
From
ORIGIN
Cteonnt-Length
X-Micro-Cache
X-Bettercache-Proxy
SN
Req-Id
Nodo
X-Object-Type
F-In-Cache
X-Version
X-Object-Id
Content-Security-Policy-Report-Only
X-Expires
X-ManagedFusion-Rewriter-Version
X-Cache-Operation
X-Trace
Server2
X-MJ-Serve-Req-Time
X-B2f-Cache-Load
X-Varnish-Action
X-Info
X-App-Start
X-Rewritten-By
ScoreTracker
X-Pangea-Version
X-App-Server
X-Atraveo-From-Varnish-Cache
X-Atraveo-NC
X-Atraveo-TTL
X-Atraveo-Cache-Control
Hamster
X-ROUTE-DATA
X-Atraveo-Varnish-Server-Id
-GCR
X-Phpwcms-Release
SynthaSite-ID
X-Machine-Name
X-Frontend
X-Phpwcms-Page-Processed-In
X-Yqk-Set
Mime-Version
Backend
Content-MD5
X-Hrouter
X-Powered-By-Yqk
X-Jphone-Copyright
X-EdgeRouter
X-Cms-Mode
X-Provisioner-Version
X-Transaction
Ms
X-Amz-Id-1
X-Dev
Worker
X-Country-Code
X-Varnish-Cache-Hits
X-Wily-Servlet
SS
X-Response-Time
X-Magento-Lifetime
X-WP
X-T3CacheInfo
Apache
Ngpass-Vcall
X-Content-Age
Vacache
X-GeoIP
ServerID
Server-Name
X-Monstercache-Timeout
X-Database-Slave-Connection
X-CacheHits
X-FreeTag-Count
X-Channel-Maxage
X-Src-Webcache
X-VE-IsRobot
X-Frames-Options
X-Wily-Info
X-Magento-Action
X-Domain-Checked
X-Varnish-ID
X-Request-Duration
X-Cache-Config
X-Varnish-Host
Author
X-App
MirrorName
Bs-Header
X-Force
X-PRAM
Srv
X-Nginx-Backend
X-Debug
Ssl-Enabled
NLCacheNote
X-Actindo-RS
X-Via-Kemp
A1B2C3
Web-Server
CountryCode
WP-Cache
X-Cache-Term
Compression-Control
Be-Ip
Be-Va
X-PageCached
X-B2f-Not-Route
X-Varnish-Device
X-Li-Fabric
X-Li-Pop
X-LI-UUID
X-Jcms-Ajax-Id
X-FS-UUID
Cluster-ID
X-Geo-IP
LBVIS
X-Varnish-Debug-Age
X-DTC
CDN
RequestTime
X-Varnish-Debug-Hits
X-Oracle-DMS-ECID
X-Powered
X-Vhost
X-MidCOM-Meta-Cache
X-Kirra-SiteId
X-UD-Target
Jobb.Passal.Se
X-Cache-On
X-GC-Write
X-UD-REMOTE-ADDR
X-Powered-By-Server
Open.Jobgate.Se
X-Vivastreet-KiwiiPage
X-Cache-Me-Harder
X-Conf
X-UD-Loopcounter
X-GC-App
Il-Cl
WEBO
Www.Myjob.Se
Www.Mirrorgate.Se
X-Varnish-Server
Buuteeq-Source
Jobb.Assistentpoolen.Se
Rt-Server
X-GC-Read
Jobb.Gil.Se
X-Content-Security-Policy
Www.Mabracertifiering.Se
X-Vivastreet
X-Upstream
OriginServer
Response
X-CS
X-Varnish-Cache-Server
Cdate
X-NGINX-CACHED-AT
X-NGINX-CACHED
X-T
X-Farm-Server
X-Ocache
X-B
X-ATM-RServer
P3P:CP
Cache-Ctrol
Test.Executivepeople.Se
Powered-By-VeryCDN
X-Haiku
X-GLaDOS
X-Accelerated-By
X-T3CacheTags
X-T3Cache
X-ATM-RTime
Ksid
X-Grid-Server
X-ServerCache-Info
Pagely
X-Amz-Meta-S3cmd-Attrs
Warning
X-Kermit
Ibm-Web2-Location
X-Recruiting
Front
Provided-Host
X-Uplex
X-Varnish-Debug-Fetch-Host
Http
Aoestatic
X-N
X-MobileDetected
X-DeliveryServer
X-Uid
X-Swift-CacheTime
X-Swift-SaveTime
X-CMS-Server
X-Empowered-By
X-S
X-Varnish-IP
X-Monstercache-Host
LBC
X-Enhanced-By
X-Monstercache
X-Monstercache-Hash
Content-Transfer-Encoding
X-Response
D
Hash
Dispatcher
X-PM-ID
X-Hosting-Env
X-Nginx-Server
MASTERWEBLET
OHS-WebNode
X-Allow-Redis
X-MCB-Server
X-Purge-Level
X-ERM-RunTime
X-ERM-ServerName
X-Device-Type
X-Microcache-Status
X-Req-Host
Origin
X-ERM-ServerName-AppPage
X-Benchmark-Sphinx-Count
X-Benchmark-Total
X-Header
Hostname
X-Origin-Id
7e-Page-Cache
X-TISSERVER
X-VarnCache
X-Created
X-Source-ID
X-SN
X-VarnPar1
SIP
X-Varnish-Age
X-Cached-Status
Sql-Debug
X-Developer
X-Benchmark-Sphinx
X-REDIRECTSERVER
X-Flex-Lastmod
X-V-TTL
X-Flex-Community
X-Flex-Lang
X-Req-Url
X-Test
X-Flex-Evstart
X-Flex-Tag
X-Flex-Evend
X-Flex-Tags
X-Benchmark-Cache
X-Benchmark-Db
X-Old-Content-Length
X-V-Outer
X-V-I-TTL
X-Nginx-Cache
Atp-Isdpp
SRV
X-Max-Age
INCOMING-TIME
At-Isb
REFRESH
Content-Instance
X-Hash
X-Node-Name
X-Route
At-Shoptype
X-SilverStripe-Cache
X-Dynatrace-Js-Agent
XX
Publisher
Hej
SLB
X-Bcwwwid
X-LB
X-CMS-Sid
X-Server-IP
X-CMS-Collection
HostGen
X-CMS-Tid
X-XFPC-Cache-Active
X-S-Misc
X-Generation-Time
X-CMS-CRMSet
X-D-Time
X-CMS-Stage
X-CMS-State
X-XFPC-Cache
Accept-Language
X-CMS-Live
X-CMS-Nid
Accept
X-Powered-Developer
X-Vtex-Processado-Em
X-User-Id
X-JAL
X-JSL
X-GSL-Server
X-Artvisual-Server
X-Geo-IP-Region
X-Geo-IPV
X-Cache-Set
X-Geo-IP-Country
CP
BM-Cache-Key
Ec
Head
X-Loc
Allow
TMP
NnCoection
BM-Cache-Node
BM-Cache-Status
X-Secret
X-Geo-IP-Metro
Progma
X-BackendServer
Telligent-Evolution
After
Before
X-Translation
X-Servername
Rt-Fastcgi-Cache
Application-Version
X-Back
ExecuteNonQuerySQLParam
IsFullSiteRequest
X-Binarysec-Via
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
Tpt.Renderer1
Tpt.Renderer
Render
ServerConfigManager.WebBugTracker
Tpt
Esi-Enabled
X-RSS-CACHE-STATUS
X-Hit
SAVVIS
X-Vhost-ID
X-WLD-LB
Noahs-Classifieds
PageSpeed
X-PoolMember
No-Cookie
X-Webstats-RespID
X-Box
MachineName
X-RE-Ref
Content
Time
Expire
X-UA
Custom
X-Dokk-PortalId
X-HITS
ExecutionTime
X-Pixelsilk-Version
X-Pixelsilk-Server
X-Hc-Host
X-Author
X-Remote-Addr
User-Cache-Control
X-7dig
X-Venda-Hitid
X-7d-Version
X-Ratelimit
X-Time-Microsecs
X-Varnish-Debug-Varnish-TTL-Set-From-Server
X-NID
ServerId
PowerCDN
Fw-Via
X-WorkerInstancename
SVR
Backend-Host
-Onnection
X-TLServer
Cmsid
Cmstype
X-Whom
SiteName
X-ORACLE-DMS-ECID
X-ServerId
X-Header-Set-Id
X-NginX-Server
X-NginX-Cache
Provider
X-Caching-Rule-Id
X-Your-GrandPa-Would-Wait
AcceptLangage
X-Url-Store
X-UserAgent
X-Page-Generated-At
X-TTL-Age
X-Page-Generation-Time
X-Would-Your-GrandPa-Wait
X-JSON-API-TTL
X-JSON-API-AGE
X-Locale
X-JSON-API-LATENCY
X-Cookie-Store
Beyond-Iis
If-Modified-Since
X-WR-MODIFICATION
SBMCLOUD
X-XHR-Current-Location
X-Cluster-Host
X-Web-Node
X-CMS
X-PHP-Cache
X-Continum-Server
X-Stackable-Node
DCGI-Server
Source
Ozcache
X-Extra-Header
X-Papaya-Gzip
X-Nginx-Host
WEB-CLUSTER-NODE
X-Backend-Status
Optimizer
X-RemovedCookies
EI-UNIQUE-ID
X-HOSTTYPE
X-ProcessESI
Svr
X-Varnish-Id
RATING
ErrorCodeCount
X-USERNAME
X-Life
X-AISO-Cache
X-AISO-Server
X-View
X-FCMS-Cache
WebServer
X-DefendeR-Runtime
X-FarmId
Content-Cache
X-NewRelic-App-Data
TypeOfContent
HCVer
Mobiquo-Is-Login
X-Yottaa-Metrics
HAVer
X-GitHub-Request-Id
Access-Control-Expose-Headers
HTTP
OGHopCount
X-Yottaa-Optimizations
X-Source
CacheInfoFetch
X-Papaya-Cache
OriginalHost
CacheInfo
CacheDuration
X-Varnish-Hit
X-Wm-1
X-Wm-VIP
X-Garden-Version
No
X-HW
Description
Cneonction
X-Http-Host
X-PP
UNIQUE-ID
X-Platform
X-Host-Url
X-Cache-Age
X-Cache-Lifetime
X-SeschatRedID
X-SeschatTemplateID
Language
X-SeschatLayout
X-SeschatDID
Keywords
X-Varnish-Hashed-On
X-Seschat-URL
X-RequesterIP
B-Powered-By
Front-End-Https
X-Server-Id
X-Varnish-Cookie-Debug
Robots
X-LAvg
OHS-LoadBalancer
X-Cache-NHIT
X-SV
WSCPUB-Version
No-Cache
AV1080
X-Nocache
X-Internal-IP
X-LTM-ID
X-MiniProfiler-Ids
X-Varnish-Count
X-Varnish-HitMiss
X-Server-By
X-Tiny
X-Real-IP
X-VTEX-Cache
X-VTEX-Router-Backend-App
X-VTEX-Router-Powered-By
X-VTEX-Router-JanusNet-JanusLatency
WP-AdvCache-MemCached
X-Varnish-Cache-Local
X-VTEX-Router-JanusNet-BackEndLatency
X-VTEX-Router-JanusNet-AspNetLatency
X-R4L-VHOST
Ttl
X-Cache-Key
X-Nucleus-Cache
Server-Optimized-By
X-Real-Server
X-Pagecache
ProxiaInstanceId
X-Framework
X-Fett
X-DELIVERYSERVER
X-PvInfo
X-DSMX-Rewrite-MS
X-Proxy
X-DSMX-Render-MS
X-Execution-Time
X-EPiphany-Vid
X-Client-Vid
Foglight-Request-UUID
X-WebFarmNode
Expect:
X-Fortrabbit
CachedXSLT
X-Agentscape-Info
X-IDS-WS
X-Client-Addr
Servername
X-CCM
Test