Threat Level: green Handler on Duty: Russ McRee

SANS ISC HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.

Graph Criteria
  • Start Date:
  • End Date:
  • Header:
All Headers Active In The Past Month
Header Popularity
Content-Type
Date
Server
Connection
Set-Cookie
Cache-Control
X-Powered-By
Vary
Content-Length
Expires
Last-Modified
Pragma
Accept-Ranges
ETag
X-Pingback
P3P
X-AspNet-Version
Link
X-Content-Type-Options
X-XSS-Protection
Age
X-Cache
Alternate-Protocol
Content-Language
X-UA-Compatible
Via
Content-Location
Keep-Alive
CF-RAY
X-Varnish
X-Frame-Options
X-Adblock-Key
P3p
X-Check
X-Cacheable
X-Language
X-Template
X-Buckets
X-Generator
Access-Control-Allow-Origin
X-Hacker
X-Drupal-Cache
WP-Super-Cache
Status
MS-Author-Via
X-Powered-By-Plesk
X-AspNetMvc-Version
X-Pad
X-Runtime
X-Geo
X-Geo-Port
X-Request-Id
MicrosoftOfficeWebServer
X-Powered-CMS
X-Server
X-Host
X-Cache-Lookup
Access-Control-Allow-Credentials
X-Type
X-Cache-Group
X-Logged-In
Strict-Transport-Security
Ngpass-All
X-Ua-Compatible
X-Mod-Pagespeed
X-Rack-Cache
X-UA-Device
X-XRDS-Location
MicrosoftSharePointTeamServices
X-Cache-Hits
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
Host-Header
Content-Encoding
X-Tumblr-Pixel-1
SPRequestGuid
X-Via
X-SharePointHealthScore
X-Robots-Tag
X-INKT-URI
X-INKT-SITE
X-Varnish-Cache
X-Iinfo
X-CF-Powered-By
X-Tumblr-Pixel-2
X-Url
X-FRAME-OPTIONS
X-Cnection
X-Accel-Version
X-PhApp
X-Webserver
Access-Control-Allow-Headers
X-ServedBy
X-Forwarded-For
X-Served-By
X-Backend
X-Page-Speed
Composed-By
X-MS-InvokeApp
Served-By
X-Firenze-Processing-Times
Access-Control-Allow-Methods
X-CDN
X-ContextId
X-Alternate-Cache-Key
X-ShardId
X-ShopId
X-XN-Trace-Token
X-XN-XNHTML
X-Hostname
X-Ac
X-Tumblr-Pixel-3
X-AH-Environment
X-PC-Key
X-PC-Hit
X-PC-Host
X-PC-AppVer
X-PC-Date
X-Powered-By-360WZB
X-Server-Name
Content-Style-Type
Content-Script-Type
Liferay-Portal
X-Age
X-Served-With
X-Request-ID
X-Umbraco-Version
X-Cache-Info
Refresh
X-Port
X-Spip-Cache
X-Cache-Server
Cf-Railgun
X-Safe-Firewall
X-Mobilized-By
X-Amz-Id-2
X-Cache-Result
Cartoon
Powered-By-ChinaCache
Request-Id
SPIisLatency
SPRequestDuration
X-HeyJason
X-Amz-Request-Id
Rating
X-FB-Debug
X-Amz-Cf-Id
X-Content-Digest
X-TN-ServedBy
Real-Hostname
X-PHP-Engine
TCN
X-Loop
X-Pass-Why
X-VCache
X-FORWARDED-FOR
X-Px
Thanks
X-Outils-CS
X-W3TC-Minify
X-Tumblr-Pixel-4
X-Cache-Status
X-TNCMS-Version
X-PersistenceNode
X-TNCMS-Memory-Usage
X-TNCMS-Render-Time
X-TNCMS-Served-By
Magicmarker
X-Node
X-SERVER
IBM-Web2-Location
X-Generated-By
X-Cached-By
Page-Completion-Status
Imagetoolbar
X-Original-Content-Length
X-Device
X-Content-Encoded-By
X-Hyper-Cache
X-Timer
NS-RTIMER-COMPOSITE
X-Matrix-Proxy
X-Matrix-Server
X-Served-From-Cache
X-Varnish-Cacheable
X-Tumblr-Content-Rating
X-Cached
Content-Security-Policy
X-Pantheon-Endpoint
X-Styx-Req-Id
X-Styx-Version
X-Styx-Build-Sha
X-Styx-Build-Date
X-Pantheon-Styx-Hostname
X-Powered-By-Anquanbao
X-Styx-Build-Num
CF-Cache-Status
X-Tumblr-Pixel-5
X-URL
X-DynaTrace
X-From
X-Firenze-Processing-Time
Retry-After
X-HOST
X-CMS-Version
X-Varnish-TTL
Product
IISExport
X-HOSTNAME
Time
Pics-Label
Generator
Set-Cookie2
DynaTrace
X-Cache-Enabled
X-Cache-Debug
Access-Control-Max-Age
X-DDC-Arch-Trace
ServedBy
X-Cache-Hit
Node
X-App-Hosting
Lsrequestid
X-CDN-Geo
X-CDN-Any-IP
X-CDN-Geo-IP
X-Rendering-Engine
X-Backend-Server
ServerName
Powered-By
X-Nitra-Side
X-Purge-Host
X-Trace-App
Charset
PICS-Label
X-I
X-UD-Method
MIME-Version
X-Original-Request
X-UD-Host
X-SDS
X-PERF
X-ApacheServer
Content-Encoding-Handler
X-NoCache
X-Sol
X-Drectory-Script
X-Microcachable
X-Duration
Cache
X-Handled-By
X-Cache-Expires
X-Processed-By
X-Returned-From-PostProcessResponse
X-ATG-Version
X-Returned-From-DLL
X-Passed-To
X-Actual-URL
X-Returned-From
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Returned-From-BeforeDispatch
X-Passed-To-PostProcessResponse
Response
X-PF-Uncompressing
X-Purge-URL
X-Cookie-Domain
Access-Control-Request-Method
X-Content-Options
X-Art-Request-Id
COMMERCE-SERVER-SOFTWARE
X-Hits
S
Ngpass-Vcall
X-DynaTrace-JS-Agent
Proxy-Agent
SID
Accept-Encoding
X-Xrds-Location
X-SRV
X-BackEnd
Vacache
X-Director
X-Middleton-Response
X-Varnish-Backend
X-LiteSpeed-Cache
Server-Info
X-ServerID
Website-Info
Fhost
X-Ms-Invokeapp
AMF-Ver
X-Expires-Orig
Filter-Revision
X-Speed-Cache-Key
X-Speed-Cache
X-Vary-Options
X-BC-Is-HA
X-GeoIP-Country-Code
X-Orig-Vary
X-Sharepointhealthscore
Sprequestguid
Host
X-Content-Security-Policy
Machine
X-DNS-Prefetch-Control
X-CJ-Soft
X-Micro-Cache
X-Front
X-Cache-Control-Orig
X-ServerName
Edge-Control
X-GeoIP-Country-Name
X-Beep
Cm-Server
X-FW
X-PwB-Node
RTSS
X-Track
Surrogate-Control
WWW-Authenticate
NODE
X-VARNISH-Cache
SEOMOZ
CT
X-B2f-Cache-Load
MJ12bot
X-Hosted-By
X-FW-Static
X-FIRSTBase
Origin
Content-Disposition
X-Varnish-Object-Age
X-Directory-Script
Accept-Charset
X-Trace-Cache
X-WebKit-CSP
VAR-Cache
X-User-Agent
A-Powered-By
X-Varnish-Host
X-Yadis-Location
X-Server-ID
X-Cocoon-Version
X-Source-Host
X-TTL
X-WR-Flags
X-Gamma-Serve
X-Varnish-IP
Server-Name
CommunityServer
SN
X-Pangea-Version
X-AOL-SNH
ServerID
X-ACMCache
UniqueName
X-App-Start
QOR-Cache
NetMindSessionID
X-WebServer
X-AspNetWebPages-Version
X-Highwire-RequestId
MW-Webserver
X-Highwire-SessionId
X-Whom
X-ID
X-Session-Reinit
X-Blog
X-Varnish-Hits
X-MJ-Upstream-Addr
X-StoreSense
X-Ar-Debug
X-Permitted-Cross-Domain-Policies
X-Srv
X-ProStores-StoreApiEntryPoint
Pool-Info
X-LIGHTHTTP-PCDID
X-CacheHits
X-Atraveo-Cache-Control
X-Atraveo-TTL
X-Atraveo-Varnish-Server-Id
X-CHSN
NtCoent-Length
Hamster
Id
X-Cluster-Node
X-Atraveo-NC
X-Ttl
X-Cache-TTL
X-Atraveo-From-Varnish-Cache
X-Distil-CS
X-Cache-Action
Req-Id
X-Server-IP
X-Outils-Cs
Nodo
X-ServerCache-Info
X-Time
X-Cache-Rule
X-Grid-Server
X-Provisioner-Version
X-Domain-Checked
X-App-Status
X-Engine
Cteonnt-Length
X-Wily-Servlet
X-Bettercache-Proxy
From
X-Sys-Req-ID
X-Wily-Info
X-Trace
Server2
LBVIS
X-Vtex-Remote-Cache
Webluker-Edge
X-MJ-Serve-Req-Time
X-Vtex-Cache-Key
Cache-By-Node
X-Cache-Config
X-Id
Ms
X-Info
X-Transaction
X-Geo-IP
Content-Security-Policy-Report-Only
Proxy-Connection
X-TempDebug
X-Varnish-Server
X-Cached-Status
X-WEBSERVER
X-Ar-Forwarded-For
X-Microcache-Status
X-Force
MIH-PUBLIC-IDENTIFIER
WP-Cache
MIH-PLATFORM
X-PRAM
Grace
X-App
MIH-CLIENT-FARM
X-Device-Type
X-Recruiting
X-Powered-By-Yqk
F-In-Cache
X-N
X-Frontend
Beyond-Iis
X-Yqk-Set
X-ManagedFusion-Rewriter-Version
MirrorName
Srv
X-Rewritten-By
X-Source-ID
X-Src-Webcache
X-DeliveryServer
X-Machine-Name
X-Magento-Lifetime
X-Magento-Action
Aoestatic
X-Object-Type
X-Country-Code
X-Object-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-Varnish-ID
Web-Server
X-S
X-FS-UUID
X-Li-Fabric
X-Vhost
X-Li-Pop
Compression-Control
X-LI-UUID
X-B2f-Not-Route
X-REDIRECTSERVER
Edgecast
X-Developer
X-Cache-Operation
X-Real-Server
X-ASTRO-REWRITE
X-Uid
X-Powered
X-Empowered-By
X-Via-Kemp
X-Turbo-Control
X-FreeTag-Count
X-Expires
X-LB
X-ROUTE-DATA
Apache
X-Amz-Meta-S3cmd-Attrs
X-Origin
Backend
X-Amz-Id-1
X-Old-Content-Length
SiteName
ORIGIN
PageSpeed
X-Connection-Hash
SS
X-ORACLE-DMS-ECID
Buuteeq-Source
X-Vtex-Processado-Em
X-Frames-Options
LBC
X-Translation
X-Version
X-SN
No
Pagely
LFY
X-Phpwcms-Page-Processed-In
SIP
X-Origin-Id
X-WR-MODIFICATION
X-Varnish-Action
X-Varnish-Debug-Age
X-Phpwcms-Release
X-Pixelsilk-Server
X-VarnCache
X-User-Id
X-Response-Time
X-TISSERVER
Be-Ip
SFY
X-T3CacheInfo
X-Pixelsilk-Version
Content-Transfer-Encoding
Be-Va
X-GeoIP
X-JAL
Warning
X-Varnish-Age
X-Varnish-Debug-Hits
X-JSL
X-Secret
X-OPNET-Transaction-Trace
X-Kermit
RequestTime
SRV
Author
X-ACCELERATE
Content-MD5
X-Oracle-DMS-ECID
X-Jphone-Copyright
X-Dev
Front
Worker
X-Upstream
X-Cms-Mode
Mime-Version
If-Modified-Since
Provided-Host
X-Flex-Evstart
X-Flex-Lang
X-Flex-Lastmod
X-Flex-Tag
X-Hash
X-Flex-Evend
OriginServer
Location
7e-Page-Cache
X-Flex-Community
X-UPSTREAM
X-Flex-Tags
X-Powered-By-Server
ScoreTracker
X-Route
X-Vivastreet-KiwiiPage
CDN
Www.Myjob.Se
X-B
Test.Executivepeople.Se
X-Vivastreet
X-PvInfo
X-T
X-Ocache
Jobb.Gil.Se
Pool
Www.Mabracertifiering.Se
X-Catalyst
X-Server-Id
Jobb.Passal.Se
Open.Jobgate.Se
P3P:CP
X-Varnish-Cache-Local
Www.Mirrorgate.Se
Cluster-ID
X-Kirra-SiteId
Powered
X-Varnish-Abtest-Expires
X-Mod-Oboe-PS
SynthaSite-ID
X-Farm-Server
X-Framework
Progma
X-CS
X-ATM-RTime
X-GSL-Server
X-ATM-RServer
X-Cache-Ttl
X-Varnish-Cache-Server
X-GLaDOS
X-Haiku
X-Cache-On
Rt-Server
X-Nginx-Server
Il-Cl
MASTERWEBLET
Ksid
X-EdgeRouter
X-Cache-Term
X-Debug
X-Actindo-RS
X-Hrouter
NLCacheNote
X-MobileDetected
X-DTC
Jobb.Assistentpoolen.Se
Dispatcher
Hash
X-Vhost-ID
X-Response
X-Nginx-Backend
X-PageCached
Content-Instance
Copyright
X-T3CacheTags
ExecutionTime
X-Continum-Server
X-Internal-IP
-GCR
X-XHR-Current-Location
Server-IP
X-T3Cache
Source
Allow
X-Nginx-Host
X-ERM-ServerName-AppPage
X-ERM-RunTime
A1B2C3
CP
X-ERM-ServerName
DCGI-Server
X-Varnish-Device
X-Geo-IP-Region
X-Content-Age
X-Nginx-Cache
Cmstype
X-BackendServer
WEBO
X-Geo-IP-Metro
X-Cache-Age
X-Dynatrace-Js-Agent
At-Isb
At-Shoptype
Atp-Isdpp
X-Accelerated-By
X-Cache-Lifetime
Cmsid
X-Geo-IPV
X-Geo-IP-Country
X-VTEX-Router-Backend-App
Before
X-VTEX-Router-JanusNet-BackEndLatency
X-VTEX-Router-JanusNet-AspNetLatency
X-Varnish-Cache-Hits
X-VTEX-Router-JanusNet-JanusLatency
X-VTEX-Router-Powered-By
Content
IsFullSiteRequest
REFRESH
X-Conf
Render
X-Header
X-Jcms-Ajax-Id
X-NID
X-NGINX-CACHED
X-NGINX-CACHED-AT
X-Venda-Hitid
X-Cache-Set
X-7dig
X-7d-Version
X-VarnPar2
POOL
X-SilverStripe-Cache
X-Web-Node
Ttl
X-Goog-Hash
After
Tpt
X-Page-Generation-Time
X-WP
X-Remote-Addr
X-Powered-Developer
Cache-Ctrol
X-Page-Generated-At
X-Locale
X-Artvisual-Server
ServerConfigManager.WebBugTracker
X-JSON-API-LATENCY
X-JSON-API-TTL
X-Monstercache-Timeout
X-FCMS-Cache
X-App-Server
X-Would-Your-GrandPa-Wait
X-Your-GrandPa-Would-Wait
Provider
X-UserAgent
X-Channel-Maxage
X-TTL-Age
X-Tumblr-Pixel-6
X-GC-Write
X-GC-Read
X-Host-Url
X-JSON-API-AGE
X-Cache-Me-Harder
X-PM-ID
Tpt.Renderer
WEB-CLUSTER-NODE
X-UD-Loopcounter
Tpt.Renderer1
X-Reject
X-Stackable-Node
X-UD-REMOTE-ADDR
X-Enhanced-By
D
Ec
X-GC-App
X-UD-Target
Publisher
Servername
INCOMING-TIME
X-TLServer
PowerCDN
X-Hosting-Env
X-Back
Rt-Fastcgi-Cache
X-S-Misc
X-XFPC-Cache-Active
X-Location
Esi-Enabled
X-Binarysec-Via
X-D-Time
X-Varnish-HitMiss
UNIQUE-ID
X-PP
X-Platform
X-Generation-Time
X-Varnish-Count
X-Server-By
X-Mii-Cache-Hit
X-MSEdge-Ref
X-Nucleus-Cache
X-Pb-Mii
X-Device-Group
X-Client-IP
X-Allow-Redis
X-ATP-Server
X-Cache-Key
X-Purge-Level
X-SATserver
Disaptch-Cache-Rule
ExecuteNonQuerySQLParam
X-ChromeLogger-Data
X-VarnPar1
X-MidCOM-Meta-Cache
X-CacheServer
SBMCLOUD
X-Cluster
X-ErrorPage
Www.Aujourdhui.Com
BM-Cache-Status
X-SeschatTemplateID
X-CCM
X-Client-Addr
X-Client-Vid
X-SeschatRedID
X-SeschatLayout
X-Cluster-ID
X-Seschat-URL
X-SeschatDID
X-EPiphany-Vid
X-IDS-WS
ProxiaInstanceId
X-Fett
BM-Cache-Key
BM-Cache-Node
X-Server-Node
X-XFPC-Cache
X-MCB-Server
X-NginX-Cache
X-NginX-Server
X-CacheTTL
X-Max-Age
X-Benchmark-Db
X-Benchmark-Sphinx
X-Benchmark-Sphinx-Count
X-Benchmark-Total
X-Benchmark-Cache
X-Author
MachineName
OGHopCount
User-Cache-Control
X-GitHub-Request-Id
X-Hit
HAVer
HCVer
Noahs-Classifieds
BKREF
X-Varnish-Beresp-Ttl
X-Time-Microsecs
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
HTTP
X-Ratelimit
X-ServerID-App
X-Uplex
X-Varnish-Debug-Fetch-Host
Http
Expire
X-VTEX-Cache
X-Config-By
X-MadeOn
X-Real-IP
SAVVIS
X-Cache-Backend
X-Monstercache-Host
X-Original-IP
X-PoolMember
X-WorkerInstancename
X-Monstercache
X-DC-Origin-IP
X-Feed
X-Garden-Version
X-BKSrc
X-Monstercache-Hash
Ngpass-Static
Powered-By-VeryCDN
SVR
X-CMS-Tid
Accept-Language
X-RemovedCookies
X-VG-WebCache
Accept
Telligent-Evolution
X-CMS-Collection
X-CMS-Server
X-CMS-Sid
X-CMS-Stage
X-CMS-State
X-CMS-Nid
X-CMS-CRMSet
X-CMS-Live
X-ProcessESI
Hej
X-PBY
X-Box
X-Mobile
Svr
Requested-Host
X-Node-Name
XX
Content-ID
X-SERVERID
X-Nocache
X-FarmId
AcceptLangage
X-DefendeR-Runtime
X-Bcwwwid
Web-Head
X-Life
Host-Service
X-Extra-Header
X-Loc
X-Powered-By-VTEX-Janus-Edge
Bs-Header
X-VTEX-Cache-Status-Janus-Edge
HostGen
Head
X-USERNAME
X-HOSTTYPE
X-WLD-LB
X-Varnish-Cookie-Debug
SLB
X-SDE-Name
X-Server-Instance
EI-UNIQUE-ID
X-PHP-Cache
X-Panel-Name
X-PROCESSED-BY
X-Panel-Id
X-TTFB-L
X-TTFB
X-Resolver-IP
X-Varnish-Hashed-On
X-DSMX-Rewrite-MS
X-DELIVERYSERVER
X-V
X-VHOST
X-SmugMug-Values
X-SmugMug-Hiring
X-AISO-Server
X-DSMX-Render-MS
X-Stale
WebDevSrc
X-Gondor-Server
X-JG-Page-Cache
Smug-Env
X-Yottaa-Optimizations
Server-N
Server-Optimized-By
X-AISO-Cache
X-IP-Address
X-UseReverse-Proxy
X-Caching-Rule-Id
X-Sw-Accesskey
X-User-Login-Url
X-User-Authenticated
Test
X-Header-Set-Id
X-RSS-CACHE-STATUS
X-WHOIS-Cached
X-R4L-VHOST
X-Webapp
X-Router-Backend
X-Router
Redirect
HostName
Foglight-Request-UUID
X-Hc-Host
Mobiquo-Is-Login
XDisk
X-PoweredBy
X-Location-Id
X-Execution-Time
Apple-Itunes-App
X-Adobe-Content
X-APP
X-WAP
Xc
CountryCode
X-PS-MURDOCK-ORIG-PROTOCOL
X-PS-MURDOCK-ORIG-FILEEXT
XDomainRequestAllowed
X-ACLR-Version
X-Varnish-Max-Age
X-Status
X-SERVER-ID
X-Http-Host
X-PS-MURDOCK-CASE-NORMALIZATION
Ozcache
X-Url-Store
X-Webstats-RespID
WP-AdvCache-MemCached
X-Cluster-Host
CacheControlHeader
Front-End-Https
X-Backend-Status
X-Cookie-Store
X-Dokk-PortalId
X-Head
X-Yottaa-Metrics