Threat Level: green Handler on Duty: Scott Fendley

SANS ISC HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.

Graph Criteria
  • Start Date:
  • End Date:
  • Header:
All Headers Active In The Past Month
Header Popularity
Content-Type
Date
Server
Connection
Set-Cookie
Cache-Control
X-Powered-By
Vary
Content-Length
Expires
Last-Modified
Pragma
Accept-Ranges
ETag
X-Pingback
P3P
X-AspNet-Version
Link
X-Content-Type-Options
X-XSS-Protection
Age
X-Cache
Alternate-Protocol
Content-Language
X-UA-Compatible
Via
Content-Location
X-Frame-Options
Keep-Alive
CF-RAY
P3p
X-Adblock-Key
X-Varnish
X-Cacheable
X-Check
X-Language
X-Template
X-Buckets
X-Generator
Access-Control-Allow-Origin
X-Hacker
X-Drupal-Cache
WP-Super-Cache
Status
MS-Author-Via
X-Powered-By-Plesk
X-AspNetMvc-Version
X-Ac
X-Pad
X-Geo
X-Geo-Port
X-Runtime
MicrosoftOfficeWebServer
X-Powered-CMS
X-Request-Id
X-Server
X-Host
X-Cache-Lookup
X-Type
Strict-Transport-Security
X-Cache-Group
Access-Control-Allow-Credentials
X-Logged-In
Ngpass-All
X-Xss-Protection
MicrosoftSharePointTeamServices
X-Mod-Pagespeed
X-UA-Device
X-Rack-Cache
X-Cache-Hits
X-XRDS-Location
Host-Header
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Via
SPRequestGuid
X-SharePointHealthScore
X-Forwarded-For
Content-Encoding
X-Tumblr-Pixel-1
X-CF-Powered-By
X-Url
X-Robots-Tag
X-Varnish-Cache
X-INKT-URI
X-INKT-SITE
X-Iinfo
X-Tumblr-Pixel-2
X-Backend
X-ServedBy
X-PhApp
X-Webserver
X-Accel-Version
Access-Control-Allow-Headers
X-Cnection
X-MS-InvokeApp
X-Served-By
X-Page-Speed
Access-Control-Allow-Methods
Served-By
X-ContextId
Composed-By
X-ShopId
X-ShardId
X-Alternate-Cache-Key
X-CDN
X-Hostname
X-Firenze-Processing-Times
X-Request-ID
X-BC-Is-HA
X-Tumblr-Pixel-3
X-XN-Trace-Token
X-XN-XNHTML
X-PC-Hit
X-PC-Key
X-AH-Environment
X-Ua-Compatible
X-PC-Host
X-PC-AppVer
X-PC-Date
X-Safe-Firewall
X-Served-With
X-Powered-By-360WZB
X-Age
Content-Style-Type
Content-Script-Type
Liferay-Portal
X-Umbraco-Version
X-Server-Name
X-Port
X-Cache-Info
X-Spip-Cache
Powered-By-ChinaCache
X-Pass-Why
X-Amz-Id-2
Cf-Railgun
X-Amz-Request-Id
Refresh
X-Cache-Server
SPIisLatency
Request-Id
SPRequestDuration
X-HeyJason
X-Cache-Result
Rating
X-Mobilized-By
Cartoon
X-Amz-Cf-Id
X-FB-Debug
X-DynaTrace
TCN
X-Outils-CS
X-Device
X-Content-Digest
Thanks
DynaTrace
X-Px
X-TN-ServedBy
Real-Hostname
Content-Security-Policy
X-PHP-Engine
X-Loop
X-VCache
X-Cache-Status
X-Hyper-Cache
X-Tumblr-Pixel-4
X-Cached-By
Page-Completion-Status
X-PersistenceNode
X-TNCMS-Memory-Usage
X-TNCMS-Served-By
X-TNCMS-Render-Time
X-TNCMS-Version
Magicmarker
X-Served-From-Cache
X-W3TC-Minify
NS-RTIMER-COMPOSITE
X-Timer
CF-Cache-Status
X-Generated-By
X-Content-Encoded-By
X-From
X-Original-Content-Length
Imagetoolbar
X-Styx-Build-Sha
X-Pantheon-Endpoint
X-Styx-Build-Num
X-Pantheon-Styx-Hostname
X-Styx-Version
X-Styx-Build-Date
X-Styx-Req-Id
X-Tumblr-Content-Rating
X-Cached
X-Varnish-Cacheable
IBM-Web2-Location
X-Node
X-Varnish-Forwarded-For
X-Xrds-Location
X-Varnish-TTL
X-Tumblr-Pixel-5
X-Powered-By-Anquanbao
X-URL
X-Matrix-Server
X-SERVER
X-Matrix-Proxy
Product
X-HOST
X-Varnish-IP
IISExport
Access-Control-Max-Age
X-CMS-Version
Retry-After
X-Cache-Enabled
X-Backend-Server
X-Firenze-Processing-Time
PICS-Label
X-Rendering-Engine
X-SDS
Generator
X-Processed-By
X-HOSTNAME
X-DynaTrace-JS-Agent
Powered-By
ServedBy
X-I
Pics-Label
X-Cache-Hit
Node
Set-Cookie2
X-Original-Request
MIME-Version
X-App-Hosting
Time
X-DDC-Arch-Trace
X-Content-Options
X-Passed-To
X-Returned-From-PostProcessResponse
X-Actual-URL
X-Handled-By
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-CDN-Geo-IP
X-Passed-To-PostProcessResponse
X-CDN-Geo
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-CDN-Any-IP
X-Returned-From
X-Nitra-Side
X-Expires-Orig
X-ApacheServer
X-PERF
X-UD-Method
X-Duration
X-UD-Host
X-Cache-Debug
X-Drectory-Script
Content-Encoding-Handler
X-NoCache
Charset
X-PF-Uncompressing
X-ATG-Version
X-Purge-Host
Proxy-Agent
X-Cache-Expires
Lsrequestid
Response
Edge-Control
X-Trace-App
ServerName
X-Cache-Control-Orig
X-Content-Security-Policy
X-Varnish-Backend
X-FW
X-Cookie-Domain
Ngpass-Vcall
X-DNS-Prefetch-Control
X-Orig-Vary
X-Purge-URL
AMF-Ver
X-Front
COMMERCE-SERVER-SOFTWARE
X-Srv
X-Vary-Options
Id
X-Hits
NtCoent-Length
X-Sol
Accept-Encoding
X-Yadis-Location
Filter-Revision
X-Director
X-PwB-Node
X-Whom
Content-Disposition
X-Speed-Cache-Key
X-Speed-Cache
S
Access-Control-Request-Method
X-Hosted-By
X-ServerID
X-User-Agent
X-Micro-Cache
Accept-Charset
Host
Cache
Grace
Vacache
X-GeoIP-Country-Name
X-LiteSpeed-Cache
X-GeoIP-Country-Code
Fhost
X-ServerName
SID
X-FW-Hash
WWW-Authenticate
X-ACMCache
X-CJ-Soft
X-Blog
X-Session-Reinit
X-FIRSTBase
X-ID
UniqueName
X-Varnish-Host
Website-Info
Server-Info
X-Distil-CS
X-SRV
X-Middleton-Response
Cache-By-Node
RTSS
X-FW-Static
X-Cache-TTL
X-WebKit-CSP
X-Art-Request-Id
SN
X-Track
X-LIGHTHTTP-PCDID
Machine
Cm-Server
X-Microcachable
X-Gamma-Serve
X-Ar-Debug
X-Time
SEOMOZ
X-TTL
MJ12bot
X-Permitted-Cross-Domain-Policies
X-Swift-SaveTime
X-App
X-Source-Host
X-Swift-CacheTime
X-Trace
NODE
VAR-Cache
X-MJ-Upstream-Addr
A-Powered-By
X-Varnish-Object-Age
X-Ar-Forwarded-For
X-Bettercache-Proxy
ServerID
X-CHSN
X-Cache-Config
X-AspNetWebPages-Version
X-BackendServer
X-Varnish-Server
X-AOL-SNH
X-Pangea-Version
MIH-PLATFORM
X-SN
X-Cocoon-Version
X-App-Start
X-Sys-Req-ID
X-Ttl
MIH-PUBLIC-IDENTIFIER
X-Trace-Cache
MIH-CLIENT-FARM
Nodo
X-MJ-Serve-Req-Time
Surrogate-Control
X-Tumblr-Pixel-6
Req-Id
X-Cluster-Node
MW-Webserver
Srv
X-Highwire-RequestId
Webluker-Edge
X-Highwire-SessionId
X-Cache-Action
X-Server-ID
CT
X-Geo-IP
REFRESH
X-Object-Id
From
X-Yqk-Set
Proxy-Connection
X-Powered-By-Yqk
X-Varnish-Hits
X-Object-Type
X-Id
NetMindSessionID
X-Cache-Rule
Server2
X-Developer
X-Provisioner-Version
X-App-Status
X-TempDebug
X-Domain-Checked
X-FORWARDED-FOR
X-Frontend
Content-MD5
Server-Name
X-WebServer
X-Engine
CommunityServer
X-Secret
X-N
X-FreeTag-Count
X-Device-Type
X-Microcache-Status
X-Wily-Info
X-WR-MODIFICATION
X-Amz-Meta-S3cmd-Attrs
X-Vtex-Remote-Cache
X-Machine-Name
Apache
X-Wily-Servlet
-GCR
X-Atraveo-TTL
X-Atraveo-Varnish-Server-Id
Location
X-Atraveo-Cache-Control
X-Atraveo-From-Varnish-Cache
QOR-Cache
X-Atraveo-NC
Front
X-Varnish-Cache-Hits
X-Grid-Server
X-Expires
X-WR-Flags
X-Accelerated-By
Origin
SiteName
X-CacheHits
Worker
X-Src-Webcache
X-StoreSense
SS
Content-Transfer-Encoding
X-Country-Code
NLCacheNote
X-Directory-Script
X-Origin-Id
Buuteeq-Source
X-Beep
X-S
X-Source-ID
X-ProStores-StoreApiEntryPoint
X-Dev
X-Jphone-Copyright
X-Cms-Mode
X-Phpwcms-Page-Processed-In
X-GeoIP
X-Turbo-Control
X-Vtex-Cache-Key
X-Old-Content-Length
X-ManagedFusion-Rewriter-Version
X-Rewritten-By
Author
X-Cached-Status
X-Phpwcms-Release
X-Varnish-Action
Cteonnt-Length
WP-Cache
Ms
X-Recruiting
X-Version
Backend
X-Transaction
X-Connection-Hash
X-Framework
Beyond-Iis
X-Nginx-Server
X-FW-Type
X-FW-Serve
X-Cache-Age
Ksid
X-DTC
X-Response-Time
X-CacheServer
X-Varnish-Cache-Server
X-T3CacheInfo
X-Farm-Server
X-MidCOM-Meta-Cache
X-CS
X-ATM-RTime
X-Response
Cluster-ID
X-WP
X-NGINX-CACHED
X-Cache-Lifetime
X-Actindo-RS
X-NGINX-CACHED-AT
X-Kirra-SiteId
No-Cookie
Dispatcher
CDN
X-LB
X-Nginx-Backend
X-ATM-RServer
BALANCEDTO
MirrorName
X-Vtex-Processado-Em
X-Force
X-PRAM
X-Request-Locale
Warning
ScoreTracker
Rt-Server
7e-Page-Cache
X-FullPageCaching
X-Geo-IP-Country
X-Geo-IP-Metro
X-Geo-IPV
X-Geo-IP-Region
Edgecast
Il-Cl
X-Stage
LBVIS
X-Monstercache-Timeout
X-Cache-On
Cache-Ctrol
X-Uid
X-Max-Age
Web-Server
X-Powered-By-Server
PageSpeed
SRV
X-ORACLE-DMS-ECID
X-MCB-Server
X-PageCached
X-ServerCache-Info
X-Empowered-By
X-DefendeR-Runtime
X-Benchmark-Total
X-Conf
X-Translation
Provided-Host
X-Cache-Term
X-Cache-Operation
X-USERNAME
X-GC-App
No
X-LI-UUID
X-Vivastreet
X-GC-Read
X-ACCELERATE
X-FS-UUID
X-GC-Write
X-Benchmark-Sphinx
X-Vivastreet-KiwiiPage
X-Benchmark-Sphinx-Count
X-Remote-Addr
X-Content-Age
X-Benchmark-Db
X-Varnish-Debug-Hits
X-Magento-Action
X-Magento-Lifetime
X-DeliveryServer
X-Li-Pop
Be-Va
X-Header
X-Amz-Id-1
Be-Ip
X-Hash
X-Debug
X-Varnish-Debug-Age
X-Resolver-IP
Aoestatic
Hamster
X-Li-Fabric
X-HOSTTYPE
RequestTime
X-App-Server
Pool
X-Benchmark-Cache
X-Loc
X-ROUTE-DATA
Qs-Cache
X-SilverStripe-Cache
X-Stale
OriginServer
X-Hosting-Env
X-UPSTREAM
X-Life
X-Haiku
X-GLaDOS
SVR
Compression-Control
X-NID
X-Purge-Level
X-Allow-Redis
X-ASTRO-REWRITE
X-Info
X-Powered
SIP
X-S-Misc
X-Generation-Time
X-D-Time
BM-Cache-Status
X-TISSERVER
X-Upstream
X-UD-Loopcounter
X-UD-REMOTE-ADDR
X-UD-Target
BM-Cache-Node
X-VarnPar1
X-Varnish-ID
X-VarnCache
X-Varnish-Device
Hej
BM-Cache-Key
Jobb.Assistentpoolen.Se
Open.Jobgate.Se
P3P:CP
Test.Executivepeople.Se
Www.Mabracertifiering.Se
Jobb.Passal.Se
X-Venda-Hitid
X-MiniProfiler-Ids
X-GSL-Server
X-Garden-Version
Copyright
Www.Mirrorgate.Se
Powered
X-Webapp
Acdc-Web
Cmsid
X-OPNET-Transaction-Trace
X-UseReverse-Proxy
X-Router-Backend
Www.Myjob.Se
Progma
Cmstype
X-Router
Jobb.Gil.Se
A1B2C3
X-Mobile
X-Cache-Set
X-7dig
X-7d-Version
X-Frames-Options
X-Server-Id
X-B2f-Not-Route
X-User-Id
X-REDIRECTSERVER
X-Via-Kemp
Hash
X-Mod-Oboe-PS
Content-Instance
X-Enhanced-By
X-FCMS-Cache
X-Origin
X-T3CacheTags
X-Node-Name
XX
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-T3Cache
X-Varnish-Cache-Local
X-Flex-Community
X-Flex-Lang
X-Flex-Lastmod
X-Flex-Tag
X-Flex-Tags
X-Flex-Evstart
X-Flex-Evend
INCOMING-TIME
LBC
X-PvInfo
PowerCDN
X-Route
Tpt.Renderer
ServerConfigManager.WebBugTracker
Render
X-Monstercache
X-VTEX-Cache-Status-Janus-Edge
X-VTEX-Router-Backend-App
X-Artvisual-Server
Tpt.Renderer1
IsFullSiteRequest
X-Monstercache-Hash
X-TLServer
Before
After
X-Powered-By-VTEX-Janus-Edge
Content-Cache
ExecuteNonQuerySQLParam
X-Monstercache-Host
WP-AdvCache-MemCached
X-VTEX-Router-JanusNet-AspNetLatency
X-Author
X-TTL-Age
X-Uplex
X-UserAgent
X-Page-Generation-Time
X-Page-Generated-At
X-JSON-API-LATENCY
X-JSON-API-TTL
X-Locale
X-Vhost
X-Varnish-Debug-Fetch-Host
X-VTEX-Router-Powered-By
X-VTEX-Router-JanusNet-JanusLatency
X-VTEX-Router-JanusNet-BackEndLatency
ExecutionTime
X-Nginx-Host
X-Would-Your-GrandPa-Wait
X-Your-GrandPa-Would-Wait
CP
X-JSON-API-AGE
X-CMS-Nid
Accept-Language
Accept
X-Cached-Page
At-Isb
Server-IP
Atp-Isdpp
At-Shoptype
EI-UNIQUE-ID
X-Client-Vid
X-ProcessESI
X-Jcms-Ajax-Id
X-RemovedCookies
X-Server-Instance
X-VG-WebCache
X-Varnish-Cookie-Debug
Hishop
Front-End-Https
X-Catalyst
X-CMS-Stage
X-CMS-Collection
X-CMS-Sid
X-CMS-CRMSet
X-CMS-Server
X-Bcwwwid
X-CMS-State
Esi-Enabled
SLB
X-XFPC-Cache-Active
X-XFPC-Cache
X-CMS-Tid
X-WorkerInstancename
Requested-Host
X-EPiphany-Vid
X-B2f-Cache-Load
Provider
X-Web-Node
POOL
X-Hostingcenter
ORIGIN
X-CMS-Live
X-SERVER-ID
X-WLD-LB
Content-ID
X-Vhost-ID
X-Time-Spent
Noahs-Classifieds
Source
Http
X-NginX-Cache
Servername
WEBO
X-NginX-Server
X-Server-Node
X-V-I-TTL
X-Real-Server
Publisher
Bs-Header
Head
X-Internal-IP
X-V-TTL
X-Req-Host
X-Req-Url
X-V-Outer
X-Created
X-Hit
Foglight-Request-UUID
X-Original-IP
X-Feed
X-DC-Origin-IP
X-Cache-Backend
X-Channel-Maxage
X-PM-ID
X-PoolMember
XDomainRequestAllowed
Ec
X-Client-IP
X-Status
X-Powered-Developer
X-Ratelimit
X-Accel-Expires
Redirect
X-Crafted
X-CCM
X-VarnPar2
X-IP-Address
X-Box
B-Powered-By
Cneonction
X-Varnish-Age
SAVVIS
X-Binarysec-Via
Portlet.Expiration-Cache
Tpt
UNIQUE-ID
OGHopCount
X-ACLR-Version
Mime-Version
X-Vtex-Processed-At
X-ChromeLogger-Data
RATING
X-Lb
Backend-Host
D
X-SDE-Name
X-Process-Time
X-Varnish-HitMiss
X-FarmId
X-Varnish-Count
CacheControlHeader
X-RequesterIP
X-CMS
X-BKSrc
X-PBY
X-Pixelsilk-Server
X-Http-Host
X-Hc-Host
X-Clientip
X-GitHub-Request-Id
X-Pixelsilk-Version
BKREF
Svr
X-Host-Url
RequestId
HCVer
HAVer
X-IDS-WS
AV1080
If-Modified-Since
Ngpass-Ngall
W
DCGI-Server
X-AISO-Server
Pool-Info
X-Name
X-Gannett-Site-Version
X-Dynatrace-Js-Agent
X-Proxy-Cache
X-Location-Id
X-AISO-Cache
Fpc-Cache-Id
X-Nucleus-Cache
X-Pb-Mii
X-Mii-Cache-Hit
X-Device-Group
X-Cluster-Host
X-Cache-Key
X-ATP-Server
X-Fett
No-Cache
Mobiquo-Is-Login
Www.Aujourdhui.Com
X-Varnish-Id
X-Back
X-Hrouter
ServerIP
X-MobileDetected
X-EdgeRouter
X-Dokk-PortalId
X-Gondor-Server
Ozcache
X-MSEdge-Ref
X-Test
Disaptch-Cache-Rule
X-Cache-Ttl
X-ServerId
X-XHR-Current-Location
HostName
X-PS-MURDOCK-CASE-NORMALIZATION
X-IsPremium
X-HasAuthorization
TP-Cache
Srv-N
ProxiaInstanceId
X-Wikidot-Static-Cache
X-SV
X-UA-Class
SFY
X-Sto
X-RSS-CACHE-STATUS
X-VarnishServer
LFY
X-CacheTTL
CACHED-RESPONSE
Content
X-App-TTL
X-Wikidot-Backend
Xonnection
Device
X-Header-Set-Id
X-Adobe-Content
X-WAP
X-DELIVERYSERVER
X-Caching-Rule-Id
X-Abuse
User-Cache-Control
OutputRewritten
MachineName
Mark
X-R4L-VHOST
Test
X-Job-Offer
X-Nginx-Cache
Ap-Exec-Time-Mks
X-PS-MURDOCK-ORIG-PROTOCOL
HTTP
Robots
X-PS-MURDOCK-ORIG-FILEEXT
X-Rot
X-Pagename
X-Time-Microsecs
X-Req-Counter
X-Varnish-Max-Age
X-Source
X-Hit-Cache
X-Backend-Name
Xc
AcceptLangage
CountryCode
X-SeschatRedID
X-SeschatTemplateID
X-Reject
X-Stackable-Node
Expire
X-Backend-Status
X-Seschat-URL
X-Cache-Extended
X-SeschatDID
X-SeschatLayout
X-Cookie-Store
X-Oracle-DMS-ECID
X-Kermit
X-UA
X-PoweredBy
Content-Security-Policy-Report-Only
Host-Service
Ttl
F-In-Cache
X-Varnish-Hashed-On
Pagely
X-Continum-Server
X-Forwarded-Proto
X-Config-By
WEB-CLUSTER-NODE
SBMCLOUD
X-Server-By
CacheControl
X-LAvg
X-Obvious-Info
X-Edge-Location
X-Edge-IP
Pramga
X-Location
X-Obvious-Tid
X-V
X-Src-Loadbalancer
EZ-Origin
X-Unbounce-VisitorID
X-Unbounce-Variant
X-Unbounce-PageId
X-Application
X-Varnish-URL
X-Webstats-RespID
X-Varnish-Mode
X-DSMX-Render-MS
X-Url-Store
X-DSMX-Rewrite-MS
MASTERWEBLET
X-Cluster-ID
X-Server-IP
X-Varnish-Debug-Varnish-TTL-Set-From-Server
X-GL-SRV
X-Distributed-By
Language
WSCPUB-Version