Threat Level: green Handler on Duty: Tom Webb

SANS ISC HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.

Graph Criteria
  • Start Date:
  • End Date:
  • Header:
All Headers Active In The Past Month
Header Popularity
Content-Type
Date
Server
Connection
Set-Cookie
Cache-Control
X-Powered-By
Vary
Content-Length
Expires
Last-Modified
Pragma
Accept-Ranges
ETag
X-Pingback
P3P
X-AspNet-Version
Link
X-Content-Type-Options
X-XSS-Protection
Age
X-Cache
Alternate-Protocol
Content-Language
X-UA-Compatible
Via
Content-Location
Keep-Alive
CF-RAY
X-Varnish
X-Frame-Options
X-Adblock-Key
P3p
X-Check
X-Cacheable
X-Language
X-Template
X-Buckets
X-Generator
Access-Control-Allow-Origin
X-Hacker
X-Drupal-Cache
WP-Super-Cache
Status
MS-Author-Via
X-Powered-By-Plesk
X-AspNetMvc-Version
X-Pad
X-Runtime
X-Geo-Port
X-Geo
X-Request-Id
MicrosoftOfficeWebServer
X-Powered-CMS
X-Server
X-Host
X-Cache-Lookup
Access-Control-Allow-Credentials
X-Type
X-Cache-Group
X-Logged-In
Strict-Transport-Security
Ngpass-All
X-Ua-Compatible
X-Mod-Pagespeed
X-UA-Device
X-Rack-Cache
X-XRDS-Location
MicrosoftSharePointTeamServices
X-Cache-Hits
Host-Header
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
Content-Encoding
X-Tumblr-Pixel-1
X-Via
SPRequestGuid
X-SharePointHealthScore
X-Robots-Tag
X-Varnish-Cache
X-INKT-SITE
X-INKT-URI
X-CF-Powered-By
X-FRAME-OPTIONS
X-Iinfo
X-Url
X-Tumblr-Pixel-2
X-Accel-Version
X-Cnection
X-PhApp
X-ServedBy
Composed-By
Access-Control-Allow-Headers
X-Forwarded-For
X-Webserver
X-Served-By
X-Backend
X-Page-Speed
X-MS-InvokeApp
Served-By
X-Ac
X-Firenze-Processing-Times
Access-Control-Allow-Methods
X-ContextId
X-CDN
X-Alternate-Cache-Key
X-ShopId
X-ShardId
X-XN-Trace-Token
X-XN-XNHTML
X-Hostname
X-Tumblr-Pixel-3
X-AH-Environment
X-PC-Key
X-PC-Hit
X-Powered-By-360WZB
X-PC-Date
X-PC-Host
X-PC-AppVer
X-Server-Name
X-Served-With
Content-Style-Type
Content-Script-Type
Liferay-Portal
X-Age
X-Umbraco-Version
X-Spip-Cache
X-Cache-Info
Refresh
X-Port
X-Safe-Firewall
X-Cache-Server
Cf-Railgun
X-Cache-Result
X-Amz-Id-2
Powered-By-ChinaCache
Request-Id
X-Mobilized-By
X-Amz-Request-Id
SPIisLatency
SPRequestDuration
Rating
X-Content-Digest
Cartoon
X-FB-Debug
X-HeyJason
X-Amz-Cf-Id
X-Cache-Status
X-FORWARDED-FOR
TCN
X-Outils-CS
X-Pass-Why
X-TN-ServedBy
Real-Hostname
X-Loop
X-PHP-Engine
Thanks
X-Px
X-VCache
Magicmarker
X-Request-ID
X-Tumblr-Pixel-4
X-Node
X-W3TC-Minify
X-Device
IBM-Web2-Location
X-TNCMS-Version
X-TNCMS-Memory-Usage
X-PersistenceNode
X-TNCMS-Render-Time
X-TNCMS-Served-By
X-Generated-By
X-Content-Encoded-By
X-Cached-By
X-Hyper-Cache
Page-Completion-Status
Imagetoolbar
X-Original-Content-Length
NS-RTIMER-COMPOSITE
X-Tumblr-Content-Rating
X-Served-From-Cache
X-Cached
X-Matrix-Server
X-Matrix-Proxy
X-Styx-Build-Sha
X-Styx-Version
Content-Security-Policy
X-Styx-Req-Id
X-Styx-Build-Num
X-Styx-Build-Date
X-Pantheon-Styx-Hostname
X-Pantheon-Endpoint
X-Timer
Retry-After
X-URL
X-Varnish-Cacheable
CF-Cache-Status
X-From
X-Powered-By-Anquanbao
X-Tumblr-Pixel-5
X-DynaTrace
X-SERVER
X-HOST
X-Varnish-TTL
X-CMS-Version
X-Firenze-Processing-Time
Product
X-HOSTNAME
IISExport
Time
Generator
X-Cache-Enabled
DynaTrace
Pics-Label
Node
X-Backend-Server
Access-Control-Max-Age
X-Cache-Debug
X-App-Hosting
X-Art-Request-Id
Set-Cookie2
X-Director
X-DDC-Arch-Trace
ServedBy
X-I
X-Cache-Hit
X-BC-Is-HA
X-Rendering-Engine
Powered-By
X-SDS
X-Trace-App
X-Original-Request
X-UD-Method
X-UD-Host
X-ATG-Version
X-CDN-Geo
X-CDN-Any-IP
X-CDN-Geo-IP
X-Processed-By
X-Sol
X-Passed-To-DLL
Response
X-Passed-To
Lsrequestid
X-Passed-To-BeforeDispatch
X-Returned-From-PostProcessResponse
X-Purge-Host
X-Drectory-Script
X-Actual-URL
X-Passed-To-PostProcessResponse
X-Handled-By
X-Returned-From
X-Returned-From-BeforeDispatch
X-Nitra-Side
X-Returned-From-DLL
Content-Encoding-Handler
X-NoCache
PICS-Label
ServerName
X-DNS-Prefetch-Control
Charset
X-PF-Uncompressing
X-DynaTrace-JS-Agent
Ngpass-Vcall
X-Cookie-Domain
X-Duration
Proxy-Agent
MIME-Version
X-Content-Options
X-Orig-Vary
RTSS
X-Microcachable
X-Purge-URL
Vacache
Cache
AMF-Ver
S
X-Xrds-Location
X-Cache-Expires
Accept-Encoding
X-BackEnd
X-SRV
X-Middleton-Response
Access-Control-Request-Method
X-LiteSpeed-Cache
Edge-Control
X-PERF
X-ApacheServer
X-Expires-Orig
X-Varnish-Backend
Fhost
COMMERCE-SERVER-SOFTWARE
X-Hits
X-Speed-Cache-Key
X-Speed-Cache
X-Vary-Options
X-GeoIP-Country-Code
X-Ms-Invokeapp
Filter-Revision
X-Cache-Control-Orig
X-Sharepointhealthscore
Sprequestguid
X-Hosted-By
X-GeoIP-Country-Name
X-Micro-Cache
Machine
X-CJ-Soft
NetMindSessionID
X-Content-Security-Policy
Host
SID
X-FW
X-Front
X-Beep
X-PwB-Node
Surrogate-Control
X-FIRSTBase
Accept-Charset
Content-Disposition
X-ServerName
X-B2f-Cache-Load
Cm-Server
X-FW-Static
X-Cocoon-Version
WWW-Authenticate
X-ServerID
Website-Info
SEOMOZ
NODE
MJ12bot
Server-Info
X-WebKit-CSP
X-Varnish-IP
X-Track
X-Source-Host
X-Trace-Cache
VAR-Cache
X-Permitted-Cross-Domain-Policies
X-Yadis-Location
X-Distil-CS
X-CHSN
X-Gamma-Serve
X-Varnish-Hits
X-Session-Reinit
X-Ar-Debug
X-ACMCache
X-Server-ID
X-Blog
X-User-Agent
X-App-Start
X-Varnish-Host
ServerID
CT
X-Pangea-Version
X-TTL
UniqueName
X-WebServer
X-AOL-SNH
Req-Id
X-CacheHits
X-Sys-Req-ID
X-Directory-Script
X-Cluster-Node
X-Srv
X-LIGHTHTTP-PCDID
MW-Webserver
X-Whom
X-Server-IP
X-StoreSense
X-ProStores-StoreApiEntryPoint
X-Cache-Rule
X-AspNetWebPages-Version
X-Cache-TTL
SN
A-Powered-By
X-Highwire-RequestId
X-Highwire-SessionId
X-Varnish-Object-Age
Hamster
X-Time
X-Ttl
X-Grid-Server
X-MJ-Upstream-Addr
Id
Server-Name
X-WR-Flags
X-TempDebug
X-Ar-Forwarded-For
NtCoent-Length
Pool-Info
X-Domain-Checked
X-App-Status
X-Engine
X-Provisioner-Version
X-Bettercache-Proxy
Ms
X-Transaction
X-Outils-Cs
Content-Security-Policy-Report-Only
Nodo
X-ID
Grace
X-ServerCache-Info
X-Wily-Info
X-Cache-Action
X-Wily-Servlet
X-Id
Cteonnt-Length
Proxy-Connection
QOR-Cache
X-Connection-Hash
PageSpeed
From
Cache-By-Node
Origin
X-N
X-Trace
X-Atraveo-TTL
CommunityServer
X-MJ-Serve-Req-Time
Server2
X-Atraveo-Varnish-Server-Id
X-Atraveo-NC
X-WEBSERVER
X-Info
X-VARNISH-Cache
Webluker-Edge
X-Atraveo-Cache-Control
X-Atraveo-From-Varnish-Cache
X-App
X-S
X-Microcache-Status
X-Geo-IP
MIH-PUBLIC-IDENTIFIER
X-Object-Id
MIH-CLIENT-FARM
X-Object-Type
SiteName
MIH-PLATFORM
X-Device-Type
X-Expires
X-Amz-Id-1
X-Varnish-Server
X-Cached-Status
X-Cache-Config
X-Vtex-Cache-Key
LBVIS
Srv
X-Vtex-Remote-Cache
Provided-Host
WP-Cache
F-In-Cache
X-Turbo-Control
ORIGIN
X-Swift-CacheTime
X-Country-Code
SS
X-Swift-SaveTime
X-Source-ID
X-Src-Webcache
Mime-Version
X-Machine-Name
X-Varnish-ID
X-Response-Time
X-Yqk-Set
X-Powered-By-Yqk
X-WR-MODIFICATION
X-PRAM
X-ROUTE-DATA
X-FS-UUID
X-Li-Fabric
X-Li-Pop
X-Force
X-LB
X-Origin
Backend
X-LI-UUID
Apache
X-Amz-Meta-S3cmd-Attrs
RequestTime
Edgecast
X-FreeTag-Count
X-Recruiting
X-Cache-Operation
X-Frontend
X-ManagedFusion-Rewriter-Version
X-Rewritten-By
Buuteeq-Source
X-Empowered-By
X-T3CacheInfo
X-DeliveryServer
X-Old-Content-Length
MirrorName
X-Version
LBC
X-REDIRECTSERVER
OriginServer
X-Translation
Jobb.Assistentpoolen.Se
A1B2C3
Jobb.Gil.Se
Pool
Www.Mabracertifiering.Se
X-PM-ID
Www.Mirrorgate.Se
Test.Executivepeople.Se
Www.Myjob.Se
Open.Jobgate.Se
P3P:CP
Jobb.Passal.Se
X-Cache-Ttl
X-GeoIP
X-Developer
X-Header
Front
Be-Va
X-Phpwcms-Release
Be-Ip
Content-Transfer-Encoding
X-Jphone-Copyright
X-ACCELERATE
Beyond-Iis
Author
Worker
X-Dev
X-Cms-Mode
X-Cache-Term
Content-MD5
X-Pixelsilk-Server
X-Pixelsilk-Version
X-PageCached
X-ORACLE-DMS-ECID
X-Upstream
X-Uid
X-Varnish-Age
X-Magento-Lifetime
SRV
X-Origin-Id
X-Varnish-Debug-Hits
X-Varnish-Debug-Age
X-Magento-Action
Aoestatic
X-Phpwcms-Page-Processed-In
X-Varnish-Cache-Hits
X-Flex-Tag
X-Flex-Lang
X-Flex-Tags
X-UPSTREAM
Web-Server
X-Flex-Evstart
X-Flex-Evend
X-Powered-By-Server
X-Vtex-Processado-Em
WEBO
X-Flex-Community
ScoreTracker
X-Flex-Lastmod
Location
X-Frames-Options
7e-Page-Cache
Ksid
Dispatcher
X-Actindo-RS
Hash
Server-IP
X-ATM-RServer
SFY
X-App-Server
MASTERWEBLET
Compression-Control
X-ATM-RTime
X-DTC
X-Nginx-Backend
ExecutionTime
Copyright
X-Debug
Powered
Pagely
X-Vhost
X-Vhost-ID
X-Farm-Server
X-User-Id
X-Response
X-Catalyst
X-Kirra-SiteId
X-Haiku
X-T3Cache
X-T3CacheTags
X-Vivastreet-KiwiiPage
X-Via-Kemp
X-Vivastreet
X-Varnish-Action
X-Server-Id
X-GLaDOS
X-Cache-On
Allow
X-B2f-Not-Route
X-Framework
X-Hash
X-CS
-GCR
X-Secret
Il-Cl
Rt-Server
X-Varnish-Cache-Server
X-Kermit
X-Stage
Warning
X-Conf
X-SN
X-Ocache
X-Route
X-Powered
X-ASTRO-REWRITE
X-B
X-Nginx-Server
X-T
SIP
No
X-Content-Age
X-VarnCache
X-TISSERVER
Progma
X-Varnish-Device
LFY
X-Varnish-Cache-Local
NLCacheNote
X-JSL
X-Mod-Oboe-PS
X-GSL-Server
CDN
Content-Instance
Cluster-ID
X-JAL
X-Geo-IP-Country
X-BackendServer
X-Geo-IP-Metro
At-Isb
X-Cache-Lifetime
X-Geo-IP-Region
X-Dynatrace-Js-Agent
Publisher
X-Cache-Age
Atp-Isdpp
X-Accelerated-By
At-Shoptype
X-Geo-IPV
X-Hrouter
SynthaSite-ID
X-EdgeRouter
X-Real-Server
X-MobileDetected
Cmsid
Cmstype
X-Host-Url
Before
X-FCMS-Cache
CP
After
BM-Cache-Status
X-Cache-Set
Cache-Ctrol
BM-Cache-Key
BM-Cache-Node
X-OPNET-Transaction-Trace
X-UserAgent
REFRESH
X-Artvisual-Server
X-Purge-Level
X-MSEdge-Ref
Rt-Fastcgi-Cache
X-Enhanced-By
Tpt.Renderer1
Tpt.Renderer
ServerConfigManager.WebBugTracker
Render
Tpt
X-PvInfo
X-Remote-Addr
X-Allow-Redis
X-Venda-Hitid
X-GC-Write
IsFullSiteRequest
X-Locale
X-GC-App
X-GC-Read
X-Tumblr-Pixel-6
Provider
X-Benchmark-Sphinx
X-Benchmark-Db
X-Benchmark-Sphinx-Count
X-WP
POOL
X-Monstercache-Timeout
Ttl
D
X-NGINX-CACHED
X-Jcms-Ajax-Id
X-7dig
X-7d-Version
X-SilverStripe-Cache
X-PBY
X-Varnish-Beresp-Grace
X-Varnish-Abtest-Expires
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
Ec
X-Time-Microsecs
X-Powered-Developer
X-Web-Node
X-Benchmark-Total
X-GitHub-Request-Id
X-Hit
X-NGINX-CACHED-AT
X-Benchmark-Cache
X-Channel-Maxage
X-UD-REMOTE-ADDR
OGHopCount
X-NID
X-Stale
X-UD-Target
X-UD-Loopcounter
X-Author
X-Varnish-Debug-Fetch-Host
X-Internal-IP
If-Modified-Since
X-SERVER-ID
Servername
PowerCDN
INCOMING-TIME
Http
X-TLServer
X-Hosting-Env
X-Uplex
X-CacheServer
X-VarnPar1
X-VarnPar2
X-Yottaa-Optimizations
X-SATserver
ExecuteNonQuerySQLParam
X-Mii-Cache-Hit
X-ATP-Server
X-Goog-Hash
X-Cache-Key
X-Client-IP
X-Nginx-Cache
X-Nucleus-Cache
X-Pb-Mii
X-Device-Group
Www.Aujourdhui.Com
Disaptch-Cache-Rule
X-MidCOM-Meta-Cache
X-ChromeLogger-Data
XDomainRequestAllowed
X-JSON-API-LATENCY
X-JSON-API-TTL
X-Feed
X-DC-Origin-IP
X-JSON-API-AGE
X-Garden-Version
X-ERM-RunTime
X-ERM-ServerName
X-ERM-ServerName-AppPage
X-Monstercache
X-Nginx-Host
X-Oracle-DMS-ECID
SAVVIS
X-Your-GrandPa-Would-Wait
X-XHR-Current-Location
X-TTL-Age
X-Stackable-Node
X-Reject
X-Page-Generated-At
X-Cache-Backend
X-Page-Generation-Time
X-Continum-Server
X-Monstercache-Hash
X-VTEX-Router-JanusNet-BackEndLatency
X-VTEX-Router-JanusNet-JanusLatency
X-VTEX-Router-Powered-By
X-Would-Your-GrandPa-Wait
X-ACLR-Version
X-Http-Host
X-VTEX-Router-JanusNet-AspNetLatency
X-Yottaa-Metrics
X-Status
Content
DCGI-Server
X-Original-IP
Source
X-Monstercache-Host
WEB-CLUSTER-NODE
X-PoolMember
X-Ratelimit
Xc
Expire
SBMCLOUD
X-VTEX-Router-Backend-App
X-SeschatLayout
X-CMS-CRMSet
X-CMS-Live
X-CMS-Nid
X-CMS-Server
X-CMS-Collection
Telligent-Evolution
Ngpass-Static
Powered-By-VeryCDN
SVR
X-CMS-Sid
X-CMS-Stage
X-D-Time
X-Generation-Time
X-S-Misc
Esi-Enabled
X-XFPC-Cache-Active
X-XFPC-Cache
X-CMS-State
X-CMS-Tid
X-WorkerInstancename
Hej
Accept-Language
HCVer
Noahs-Classifieds
X-BKSrc
X-Hc-Host
HAVer
BKREF
HTTP
MachineName
User-Cache-Control
XX
Content-ID
X-ProcessESI
X-VG-WebCache
X-Max-Age
Accept
X-Node-Name
X-Mobile
Requested-Host
Svr
X-Box
X-Back
X-RemovedCookies
X-CCM
X-Client-Addr
X-Client-Vid
X-SeschatTemplateID
X-SeschatRedID
X-Seschat-URL
X-SeschatDID
X-EPiphany-Vid
X-IDS-WS
X-Server-Node
X-Fett
X-Server-By
X-NginX-Server
X-MCB-Server
X-NginX-Cache
X-Cluster-ID
ProxiaInstanceId
UNIQUE-ID
X-Location
X-Platform
X-Binarysec-Via
X-PP
X-SERVERID
X-Varnish-HitMiss
X-Varnish-Count
X-CacheTTL
X-FW-Hash
X-ServerId
X-Nocache
X-Varnish-Hashed-On
X-TTFB-L
X-TTFB
X-SmugMug-Values
X-PROCESSED-BY
X-Panel-Id
X-Panel-Name
X-Resolver-IP
Front-End-Https
X-Loc
Test
X-Life
X-FarmId
X-DefendeR-Runtime
Host-Service
X-AISO-Cache
Server-N
Smug-Env
X-JG-Page-Cache
X-Gondor-Server
X-AISO-Server
X-SmugMug-Hiring
X-DSMX-Rewrite-MS
X-Dokk-PortalId
X-Url-Store
X-Cookie-Store
X-Backend-Status
CountryCode
X-Varnish-Debug-Varnish-TTL-Set-From-Server
X-Webstats-RespID
X-Test
X-Varnish-URL
X-Varnish-Set-Cookie
AV1080
AcceptLangage
X-VTEX-Cache-Status-Janus-Edge
X-Bcwwwid
X-DSMX-Render-MS
X-DELIVERYSERVER
X-Header-Set-Id
Server-Optimized-By
X-PHP-Cache
X-Powered-By-VTEX-Janus-Edge
X-MadeOn
X-Extra-Header
X-Config-By
X-VHOST
EI-UNIQUE-ID
X-V
CacheControlHeader
X-Cache-Me-Harder
X-PoweredBy
X-Router
X-R4L-VHOST
X-IP-Address
X-Cluster
X-Cluster-Host
X-Location-Id
X-Execution-Time
X-Router-Backend
X-Sw-Accesskey
X-Real-IP
Foglight-Request-UUID
X-ServerID-App
WP-AdvCache-MemCached
HostName
Redirect
X-UseReverse-Proxy
X-Webapp
X-WHOIS-Cached
X-ErrorPage
X-PS-MURDOCK-CASE-NORMALIZATION
X-PS-MURDOCK-ORIG-FILEEXT
X-Server-Instance
X-Varnish-Cookie-Debug
X-SDE-Name
X-Caching-Rule-Id
Bs-Header
X-WLD-LB
X-VTEX-Cache
HostGen
Head
X-USERNAME
X-HOSTTYPE
Apple-Itunes-App
Web-Head
X-RSS-CACHE-STATUS
XDisk
X-WAP
X-PS-MURDOCK-ORIG-PROTOCOL
X-Adobe-Content
Mobiquo-Is-Login
X-APP
X-User-Login-Url
X-Varnish-Max-Age
X-User-Authenticated
SLB