Threat Level: green Handler on Duty: Russ McRee

SANS ISC HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.

Graph Criteria
  • Start Date:
  • End Date:
  • Header:
All Headers Active In The Past Month
Header Popularity
Content-Type
Date
Server
Connection
Set-Cookie
Cache-Control
X-Powered-By
Vary
Expires
Content-Length
Last-Modified
Pragma
Accept-Ranges
ETag
X-Pingback
P3P
X-AspNet-Version
Link
X-Content-Type-Options
X-XSS-Protection
Age
X-Cache
Alternate-Protocol
Content-Language
X-UA-Compatible
Via
Content-Location
P3p
X-Frame-Options
CF-RAY
Keep-Alive
X-Adblock-Key
X-Varnish
X-Cacheable
X-Check
X-Language
X-Template
X-Buckets
X-Generator
X-Hacker
Access-Control-Allow-Origin
X-Drupal-Cache
WP-Super-Cache
Status
MS-Author-Via
X-Powered-By-Plesk
X-Ac
X-AspNetMvc-Version
X-Geo-Port
X-Geo
X-Pad
X-Runtime
X-Powered-CMS
X-Request-Id
MicrosoftOfficeWebServer
X-Server
Strict-Transport-Security
X-Type
X-Cache-Group
X-Host
X-Cache-Lookup
Access-Control-Allow-Credentials
X-Logged-In
X-UA-Device
Ngpass-All
X-Xss-Protection
X-Mod-Pagespeed
MicrosoftSharePointTeamServices
X-Rack-Cache
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Cache-Hits
Host-Header
X-Tumblr-Pixel-1
X-XRDS-Location
SPRequestGuid
X-SharePointHealthScore
X-Via
Content-Encoding
X-Robots-Tag
X-Forwarded-For
X-Tumblr-Pixel-2
X-Url
X-CF-Powered-By
X-Varnish-Cache
X-Iinfo
X-INKT-SITE
X-INKT-URI
X-Accel-Version
X-ServedBy
X-Backend
X-MS-InvokeApp
X-Cnection
Access-Control-Allow-Headers
X-Served-By
X-PhApp
X-Webserver
Composed-By
X-Alternate-Cache-Key
X-ShardId
X-ShopId
X-Page-Speed
X-ContextId
Served-By
Access-Control-Allow-Methods
X-CDN
X-BC-Is-HA
X-Firenze-Processing-Times
X-XN-Trace-Token
X-XN-XNHTML
X-Request-ID
X-Tumblr-Pixel-3
X-Hostname
X-PC-Hit
X-PC-Key
X-Ua-Compatible
X-Safe-Firewall
X-AH-Environment
X-PC-AppVer
X-PC-Date
X-PC-Host
X-Served-With
Content-Style-Type
Liferay-Portal
Content-Script-Type
X-Age
X-Powered-By-360WZB
X-Server-Name
X-Umbraco-Version
X-Spip-Cache
X-Port
X-Pass-Why
Refresh
X-Amz-Id-2
X-Cache-Info
Request-Id
SPIisLatency
SPRequestDuration
Cf-Railgun
X-Amz-Request-Id
Rating
X-Cache-Server
Powered-By-ChinaCache
X-HeyJason
X-Amz-Cf-Id
X-Outils-CS
X-Content-Digest
X-Cache-Result
X-FB-Debug
Cartoon
X-Mobilized-By
TCN
X-Device
Content-Security-Policy
X-TN-ServedBy
Real-Hostname
X-Tumblr-Pixel-4
X-Loop
X-PHP-Engine
X-Hyper-Cache
X-Cached-By
Thanks
X-Cache-Status
X-VCache
X-Xrds-Location
X-HOST
X-Px
X-Generated-By
X-W3TC-Minify
X-Tumblr-Content-Rating
X-DynaTrace
X-TNCMS-Version
X-TNCMS-Served-By
X-TNCMS-Render-Time
X-TNCMS-Memory-Usage
X-PersistenceNode
X-Content-Encoded-By
IBM-Web2-Location
CF-Cache-Status
X-Styx-Build-Date
X-Styx-Build-Sha
X-Styx-Build-Num
X-Styx-Req-Id
X-Styx-Version
X-Pantheon-Endpoint
X-Cached
X-Pantheon-Styx-Hostname
Magicmarker
DynaTrace
Page-Completion-Status
NS-RTIMER-COMPOSITE
Imagetoolbar
X-Served-From-Cache
X-Timer
X-Original-Content-Length
X-Tumblr-Pixel-5
X-Node
X-Matrix-Proxy
Product
X-Matrix-Server
X-URL
X-SERVER
Ngpass-Ngall
X-CMS-Version
X-Varnish-Cacheable
Time
X-From
X-Backend-Server
X-Powered-By-Anquanbao
X-Varnish-TTL
X-Rendering-Engine
X-Cache-Enabled
Retry-After
X-Firenze-Processing-Time
Powered-By
PICS-Label
ServedBy
X-Varnish-IP
Access-Control-Max-Age
IISExport
Set-Cookie2
X-DDC-Arch-Trace
X-App-Hosting
X-HOSTNAME
Node
X-Varnish-Forwarded-For
Generator
X-Original-Request
X-Cache-Debug
X-Cache-Hit
X-NoCache
X-I
X-Content-Options
X-CDN-Geo
X-CDN-Geo-IP
X-CDN-Any-IP
X-Returned-From-BeforeDispatch
X-Actual-URL
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Handled-By
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-SDS
X-Passed-To-BeforeDispatch
X-Passed-To
X-Returned-From
X-Drectory-Script
Lsrequestid
X-DynaTrace-JS-Agent
Proxy-Agent
MIME-Version
X-Duration
X-Nitra-Side
Content-Encoding-Handler
X-Expires-Orig
Pics-Label
X-Cache-Expires
X-Content-Security-Policy
Charset
X-Purge-Host
X-PF-Uncompressing
X-Processed-By
X-Cookie-Domain
ServerName
X-UD-Method
X-UD-Host
X-ApacheServer
X-PERF
Response
X-Purge-URL
X-Trace-App
X-DNS-Prefetch-Control
COMMERCE-SERVER-SOFTWARE
X-ATG-Version
X-Cache-Control-Orig
X-FIRSTBase
AMF-Ver
X-Whom
X-Speed-Cache
X-Speed-Cache-Key
Accept-Encoding
X-Front
X-Sol
Cache
X-Micro-Cache
X-Hits
Edge-Control
X-Varnish-Backend
X-PwB-Node
Ngpass-Vcall
Access-Control-Request-Method
X-Hosted-By
X-FW-Hash
X-GeoIP-Country-Name
X-GeoIP-Country-Code
X-Yadis-Location
X-Track
X-WebKit-CSP
X-CJ-Soft
X-FORWARDED-FOR
X-Director
X-User-Agent
S
X-Vary-Options
Content-Disposition
X-FW-Static
Grace
Filter-Revision
Host
Fhost
X-Orig-Vary
X-Session-Reinit
X-Middleton-Response
X-Blog
Machine
Accept-Charset
X-ServerID
Cm-Server
X-FW
Id
X-TTL
X-Varnish-Host
Surrogate-Control
X-ID
SID
SN
Vacache
X-LiteSpeed-Cache
NtCoent-Length
X-ServerName
X-Srv
Website-Info
X-Permitted-Cross-Domain-Policies
Server-Info
X-Trace
X-Art-Request-Id
Req-Id
RTSS
X-Cache-Config
X-App
Proxy-Connection
X-Cache-TTL
X-Distil-CS
X-AspNetWebPages-Version
X-Microcachable
NODE
X-SRV
X-LIGHTHTTP-PCDID
MJ12bot
Cache-By-Node
X-Source-Host
SEOMOZ
ServerID
WWW-Authenticate
X-Geo-IP
X-Time
X-Server-ID
X-Trace-Cache
X-Ar-Debug
X-Gamma-Serve
X-AOL-SNH
X-App-Start
X-SN
X-Highwire-RequestId
X-ACMCache
X-Pangea-Version
X-Swift-CacheTime
X-Highwire-SessionId
X-Swift-SaveTime
X-Varnish-Hits
X-Cocoon-Version
X-Developer
A-Powered-By
MW-Webserver
X-Cluster-Node
X-Varnish-Object-Age
X-Tumblr-Pixel-6
X-BackendServer
UniqueName
X-FW-Type
X-FW-Serve
VAR-Cache
X-MJ-Upstream-Addr
X-Varnish-Server
X-N
Buuteeq-Source
Webluker-Edge
X-Ttl
Server2
From
X-CHSN
X-App-Status
-GCR
Content-MD5
X-Domain-Checked
NetMindSessionID
X-Provisioner-Version
X-Ar-Forwarded-For
CT
Server-Name
X-FullPageCaching
X-S
Author
X-Sys-Req-ID
X-Powered-By-Yqk
X-Yqk-Set
SRV
X-Grid-Server
X-Vtex-Remote-Cache
X-FreeTag-Count
X-Cache-Action
X-MJ-Serve-Req-Time
X-Cache-Age
Edgecast
X-WebServer
X-Secret
Apache
X-Engine
X-Cache-Rule
CommunityServer
Origin
X-Bettercache-Proxy
X-Vtex-Processado-Em
X-Cache-Lifetime
MIH-PLATFORM
MIH-PUBLIC-IDENTIFIER
X-Info
MIH-CLIENT-FARM
QOR-Cache
Content-Transfer-Encoding
X-Atraveo-Varnish-Server-Id
X-Request-Locale
X-Amz-Meta-S3cmd-Attrs
X-TempDebug
X-ProStores-StoreApiEntryPoint
X-Atraveo-TTL
X-Atraveo-Cache-Control
X-Atraveo-From-Varnish-Cache
X-Atraveo-NC
NLCacheNote
X-StoreSense
No
Ms
X-Object-Type
X-Object-Id
Beyond-Iis
X-CacheHits
X-Transaction
X-Connection-Hash
Nodo
X-Geo-IP-Country
X-Geo-IPV
X-Geo-IP-Region
X-Geo-IP-Metro
SiteName
X-Id
X-Frontend
X-WR-Flags
X-Microcache-Status
X-Device-Type
Location
X-Src-Webcache
X-WR-MODIFICATION
X-Varnish-Debug-Hits
X-ManagedFusion-Rewriter-Version
X-Varnish-Debug-Age
X-Rewritten-By
X-Resolver-IP
X-Source-ID
Hamster
X-Accelerated-By
Srv
X-GeoIP
X-Country-Code
PageSpeed
X-Yottaa-Optimizations
WP-Cache
X-Yottaa-Metrics
X-GSL-Server
MirrorName
Copyright
Powered
X-Phpwcms-Page-Processed-In
X-Empowered-By
Worker
Warning
X-Cached-Status
X-PRAM
X-Phpwcms-Release
X-Varnish-Cache-Hits
X-Turbo-Control
REFRESH
X-Force
X-EPiphany-Vid
X-UPSTREAM
X-LB
X-Client-Vid
X-Expires
X-Jphone-Copyright
X-Hash
X-T3CacheInfo
X-Dev
X-Machine-Name
X-Wily-Servlet
X-Wily-Info
X-Directory-Script
X-Stage
X-Origin-Id
X-Vtex-Cache-Key
X-Cms-Mode
Backend
X-Remote-Addr
SS
No-Cookie
X-VTEX-Router-Backend-App
X-Powered-By-VTEX-Janus-Edge
X-VTEX-Router-JanusNet-AspNetLatency
X-VTEX-Cache-Status-Janus-Edge
X-Old-Content-Length
X-ORACLE-DMS-ECID
X-VTEX-Router-Powered-By
X-VTEX-Router-JanusNet-JanusLatency
X-Version
X-VTEX-Router-JanusNet-BackEndLatency
X-Varnish-Action
X-Uid
Web-Server
X-Response-Time
X-Response
Rt-Server
X-LI-UUID
X-ACCELERATE
X-Cache-On
X-Beep
X-WP
Il-Cl
Cteonnt-Length
X-Monstercache-Timeout
Provided-Host
X-FS-UUID
X-Kirra-SiteId
X-Li-Fabric
BALANCEDTO
Cache-Ctrol
Be-Va
Be-Ip
X-Li-Pop
X-Cache-Set
LBVIS
IsFullSiteRequest
X-Recruiting
X-Magento-Lifetime
Before
X-Translation
X-GC-Read
X-Venda-Hitid
X-GC-Write
Front
X-Header
ExecuteNonQuerySQLParam
X-Amz-Id-1
Aoestatic
X-Server-Node
X-DeliveryServer
X-NginX-Cache
X-NginX-Server
X-Content-Age
ServerConfigManager.WebBugTracker
Render
Cmstype
X-Enhanced-By
X-Garden-Version
SVR
X-Magento-Action
Cmsid
After
X-MCB-Server
X-GC-App
X-App-Server
Tpt.Renderer
Tpt.Renderer1
X-Stale
X-Vtex-Processed-At
OriginServer
X-Powered-By-Server
X-PvInfo
X-Max-Age
X-ROUTE-DATA
X-Framework
Qs-Cache
7e-Page-Cache
X-Nginx-Server
Mime-Version
Redirect
X-Author
X-Location-Id
BM-Cache-Key
Foglight-Request-UUID
X-User-Id
X-Varnish-Cache-Local
X-Benchmark-Sphinx-Count
X-Conf
X-Cache-Term
X-PageCached
CDN
X-Actindo-RS
Cluster-ID
X-Benchmark-Total
X-Server-Id
Pool
Www.Myjob.Se
RequestTime
X-Benchmark-Cache
X-Benchmark-Sphinx
X-Benchmark-Db
X-CacheServer
X-DTC
X-MidCOM-Meta-Cache
X-Farm-Server
X-NGINX-CACHED
X-NGINX-CACHED-AT
Acdc-Web
X-Varnish-Cache-Server
X-CS
X-ATM-RTime
Dispatcher
X-Nginx-Backend
Ksid
ScoreTracker
X-ATM-RServer
Www.Mirrorgate.Se
Www.Mabracertifiering.Se
X-Upstream
X-TISSERVER
X-VarnCache
X-Varnish-Device
X-VarnPar1
X-Varnish-ID
X-ServerCache-Info
X-Purge-Level
SIP
BM-Cache-Status
X-Allow-Redis
X-ASTRO-REWRITE
X-Powered
X-Debug
Compression-Control
X-B2f-Not-Route
Jobb.Gil.Se
Jobb.Assistentpoolen.Se
Jobb.Passal.Se
Open.Jobgate.Se
Test.Executivepeople.Se
P3P:CP
A1B2C3
X-T3CacheTags
X-Via-Kemp
X-REDIRECTSERVER
X-Frames-Options
X-Mod-Oboe-PS
X-T3Cache
BM-Cache-Node
X-Artvisual-Server
X-Dynatrace
X-DefendeR-Runtime
X-Vivastreet
X-Catalyst
X-Cache-Operation
Progma
Provider
INCOMING-TIME
X-Vivastreet-KiwiiPage
X-UD-Target
X-UD-Loopcounter
X-Origin
X-Dynatrace-Js-Agent
X-FCMS-Cache
Server-IP
X-UD-REMOTE-ADDR
X-OPNET-Transaction-Trace
X-Hosting-Env
X-Server-By
X-Route
X-Flex-Evend
X-Flex-Community
X-Flex-Evstart
X-Flex-Lang
X-Flex-Lastmod
X-Flex-Tag
X-Loc
X-Life
X-Flex-Tags
POOL
X-Mobile
X-Hostingcenter
X-Web-Node
X-B2f-Cache-Load
Atp-Isdpp
X-CMS-Collection
X-CMS-Nid
X-CMS-Live
X-CMS-Server
X-CMS-Sid
X-Router-Backend
X-CMS-CRMSet
X-Nginx-Host
X-Router
Hishop
SLB
X-Bcwwwid
ExecutionTime
X-Vhost-ID
X-Uplex
X-UserAgent
X-TTL-Age
X-Page-Generation-Time
X-Page-Generated-At
X-Varnish-Debug-Fetch-Host
X-Would-Your-GrandPa-Wait
X-Monstercache-Hash
X-Monstercache-Host
X-Monstercache
WP-AdvCache-MemCached
X-Your-GrandPa-Would-Wait
X-Locale
X-JSON-API-TTL
X-Vhost
Accept-Language
At-Isb
At-Shoptype
X-7d-Version
X-SERVER-ID
X-SilverStripe-Cache
X-JSON-API-AGE
X-JSON-API-LATENCY
Accept
X-CMS-Stage
XX
X-7dig
Hej
Front-End-Https
X-USERNAME
X-SeschatTemplateID
X-SeschatRedID
X-Varnish-Hashed-On
X-NID
Esi-Enabled
HostName
X-CCM
ORIGIN
X-SeschatLayout
X-SeschatDID
X-MiniProfiler-Ids
X-IDS-WS
X-Gondor-Server
X-Crafted
X-AISO-Server
X-AISO-Cache
X-CacheTTL
X-Seschat-URL
Cneonction
X-XFPC-Cache-Active
X-HOSTTYPE
X-D-Time
X-CMS-Tid
X-Webapp
D
X-XFPC-Cache
X-Host-Url
CacheControlHeader
X-Varnish-Count
X-UseReverse-Proxy
X-CMS-State
X-Varnish-HitMiss
CP
X-ChromeLogger-Data
X-Haiku
X-Generation-Time
Language
X-S-Misc
X-WorkerInstancename
X-Binarysec-Via
X-GLaDOS
X-Sto
X-UA-Class
Bs-Header
PowerCDN
X-Real-Server
X-App-TTL
EZ-Origin
X-Hit
Disaptch-Cache-Rule
X-Internal-IP
Publisher
LBC
Servername
WEBO
Http
EI-UNIQUE-ID
X-Pixelsilk-Server
HAVer
X-PBY
X-ACLR-Version
Content-Instance
X-Pixelsilk-Version
X-RemovedCookies
X-Http-Host
BKREF
X-GitHub-Request-Id
X-Gannett-Site-Version
X-IP-Address
X-Name
X-V
X-SDE-Name
X-Varnish-Cookie-Debug
X-VarnPar2
HCVer
X-Clientip
X-Varnish-Age
X-VG-WebCache
X-Hc-Host
RequestId
X-Wikidot-Backend
X-SV
X-WLD-LB
X-CMS
X-Wikidot-Static-Cache
X-RSS-CACHE-STATUS
X-Time-Spent
X-Server-Instance
X-TLServer
X-FarmId
Head
Backend-Host
Content-ID
X-Cached-Page
X-Node-Name
X-ProcessESI
X-Lb
Svr
Content-Cache
X-BKSrc
Hash
RATING
Requested-Host
Noahs-Classifieds
X-Original-IP
DCGI-Server
If-Modified-Since
X-Pb-Mii
X-Nucleus-Cache
X-Device-Group
X-Mii-Cache-Hit
Source
X-Proxy-Cache
X-Hrouter
X-MobileDetected
X-EdgeRouter
X-Dokk-PortalId
Ozcache
ServerIP
X-Cluster-Host
X-Client-IP
X-Test
X-Back
B-Powered-By
Tpt
UNIQUE-ID
MASTERWEBLET
No-Cache
Fpc-Cache-Id
X-ATP-Server
X-Cache-Key
OGHopCount
F-In-Cache
X-Fett
X-MSEdge-Ref
Www.Aujourdhui.Com
X-Feed
X-RequesterIP
X-Channel-Maxage
X-Cache-Backend
X-Accel-Expires
X-PM-ID
X-PoolMember
XDomainRequestAllowed
Ec
X-Status
X-Ratelimit
X-Powered-Developer
SAVVIS
X-DC-Origin-IP
Portlet.Expiration-Cache
AV1080
X-V-I-TTL
X-Req-Host
X-V-Outer
X-Req-Url
X-V-TTL
X-Created
X-Cache-Ttl
X-XHR-Current-Location
X-ServerId
X-Nginx-Cache
X-Rot
X-GL-SRV
X-PS-MURDOCK-ORIG-PROTOCOL
X-Adobe-Content
X-Source
HTTP
X-R4L-VHOST
X-WAP
OutputRewritten
X-PS-MURDOCK-ORIG-FILEEXT
LFY
Content
CACHED-RESPONSE
X-Location
SFY
X-Obvious-Info
X-PS-MURDOCK-CASE-NORMALIZATION
TP-Cache
Pool-Info
X-VHOST
X-Client-Addr
X-Lang
X-Varnish-Mode
W
X-Box
X-Varnish-Max-Age
X-Time-Microsecs
X-Hit-Cache
X-Pagename
X-HasAuthorization
X-SmugMug-Hiring
Smug-Env
Device
X-Req-Counter
X-Job-Offer
Test
User-Cache-Control
X-IsPremium
Mark
MachineName
X-Header-Set-Id
X-TTFB-L
X-Obvious-Tid
X-Abuse
X-SmugMug-Values
X-TTFB
X-PROCESSED-BY
WSCPUB-Version
X-Continum-Server
X-Edge-Location
X-Edge-IP
X-Forwarded-Proto
X-Jcms-Ajax-Id
X-LAvg
SBMCLOUD
WEB-CLUSTER-NODE
Content-Security-Policy-Report-Only
X-Config-By
X-Kermit
X-Oracle-DMS-ECID
X-Backend-Status
X-Cookie-Store
X-Application
X-Webstats-RespID
Expire
CountryCode
X-Reject
X-Stackable-Node
AcceptLangage
Pramga
Pagely
X-Distributed-By
X-VarnishServer
X-Varnish-URL
X-Varnish-Debug-Varnish-TTL-Set-From-Server
X-Url-Store
CacheControl
Xc
X-Caching-Rule-Id
X-Backend-Name
ProxiaInstanceId
X-Cluster-ID
X-DSMX-Render-MS
X-Src-Loadbalancer
X-Unbounce-PageId
Mobiquo-Is-Login
Ttl
X-Varnish-Id
X-Unbounce-Variant
X-Unbounce-VisitorID
X-Process-Time
X-DSMX-Rewrite-MS
X-Server-IP
Host-Service
X-DELIVERYSERVER