Threat Level: green Handler on Duty: Scott Fendley

SANS ISC HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.

Graph Criteria
  • Start Date:
  • End Date:
  • Header:
All Headers Active In The Past Month
Header Popularity
Content-Type
Date
Server
Connection
Set-Cookie
Cache-Control
X-Powered-By
Vary
Content-Length
Expires
Last-Modified
Pragma
Accept-Ranges
ETag
X-Pingback
P3P
X-AspNet-Version
Link
X-Content-Type-Options
X-XSS-Protection
Age
X-Cache
Alternate-Protocol
Content-Language
X-UA-Compatible
Via
Content-Location
X-Frame-Options
Keep-Alive
P3p
CF-RAY
X-Varnish
X-Adblock-Key
X-Cacheable
X-Check
X-Language
X-Buckets
X-Template
X-Generator
Access-Control-Allow-Origin
X-Hacker
X-Drupal-Cache
WP-Super-Cache
Status
MS-Author-Via
X-Powered-By-Plesk
X-AspNetMvc-Version
X-Ac
X-Pad
X-Geo
X-Geo-Port
X-Runtime
MicrosoftOfficeWebServer
X-Powered-CMS
X-Request-Id
X-Server
X-Host
X-Cache-Lookup
X-Type
X-Cache-Group
Access-Control-Allow-Credentials
Strict-Transport-Security
X-Logged-In
Ngpass-All
X-Xss-Protection
MicrosoftSharePointTeamServices
X-Mod-Pagespeed
X-UA-Device
X-Rack-Cache
X-Cache-Hits
Host-Header
X-XRDS-Location
SPRequestGuid
X-SharePointHealthScore
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Forwarded-For
X-Via
Content-Encoding
X-Url
X-Tumblr-Pixel-1
X-CF-Powered-By
X-Robots-Tag
X-Varnish-Cache
X-INKT-SITE
X-INKT-URI
X-Iinfo
X-Accel-Version
X-Tumblr-Pixel-2
X-Backend
X-PhApp
Access-Control-Allow-Headers
X-Webserver
X-ServedBy
X-Cnection
X-MS-InvokeApp
X-Served-By
Composed-By
X-Page-Speed
Access-Control-Allow-Methods
Served-By
X-Hostname
X-ContextId
X-Alternate-Cache-Key
X-ShopId
X-ShardId
X-CDN
X-Firenze-Processing-Times
X-Request-ID
X-BC-Is-HA
X-XN-Trace-Token
X-XN-XNHTML
X-Tumblr-Pixel-3
X-Ua-Compatible
X-AH-Environment
X-PC-Key
X-PC-Hit
X-Safe-Firewall
X-PC-AppVer
X-PC-Host
X-PC-Date
X-Served-With
X-Age
X-Powered-By-360WZB
Content-Script-Type
Content-Style-Type
Liferay-Portal
X-Umbraco-Version
X-Server-Name
X-Port
X-Cache-Info
X-Spip-Cache
X-Pass-Why
Powered-By-ChinaCache
X-Amz-Id-2
X-Cache-Server
Refresh
X-Amz-Request-Id
Cf-Railgun
X-HeyJason
X-Cache-Result
Request-Id
SPIisLatency
SPRequestDuration
X-Amz-Cf-Id
X-Mobilized-By
Cartoon
X-FB-Debug
X-Device
X-Content-Digest
Rating
X-Outils-CS
X-Cache-Status
TCN
X-Px
Real-Hostname
X-TN-ServedBy
Thanks
X-PHP-Engine
X-Loop
Content-Security-Policy
X-VCache
X-Hyper-Cache
Magicmarker
X-Cached-By
Page-Completion-Status
X-W3TC-Minify
NS-RTIMER-COMPOSITE
X-TNCMS-Render-Time
X-TNCMS-Served-By
X-TNCMS-Version
X-PersistenceNode
X-TNCMS-Memory-Usage
X-From
X-Content-Encoded-By
CF-Cache-Status
IBM-Web2-Location
X-Tumblr-Pixel-4
X-Timer
X-Cached
Imagetoolbar
X-DynaTrace
X-Varnish-Cacheable
X-Generated-By
X-Styx-Build-Sha
X-Styx-Build-Num
X-Styx-Build-Date
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Styx-Version
X-Original-Content-Length
X-Pantheon-Endpoint
X-Served-From-Cache
X-Varnish-Forwarded-For
X-Tumblr-Content-Rating
X-Varnish-TTL
DynaTrace
X-SERVER
X-Node
X-HOST
X-Matrix-Proxy
IISExport
X-Matrix-Server
X-Varnish-IP
X-Powered-By-Anquanbao
Retry-After
PICS-Label
X-Xrds-Location
X-Tumblr-Pixel-5
Access-Control-Max-Age
Product
X-Firenze-Processing-Time
X-Backend-Server
X-Cache-Enabled
X-CMS-Version
X-SDS
Generator
X-Processed-By
X-I
X-Rendering-Engine
Node
Set-Cookie2
X-DynaTrace-JS-Agent
Powered-By
ServedBy
X-App-Hosting
Time
X-Expires-Orig
X-Cache-Debug
X-NoCache
X-Drectory-Script
X-CDN-Geo
X-CDN-Any-IP
X-Content-Options
X-URL
X-CDN-Geo-IP
X-Nitra-Side
X-Duration
X-Director
X-Cache-Hit
X-Original-Request
X-PF-Uncompressing
Charset
X-DDC-Arch-Trace
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Passed-To
X-Returned-From
X-Actual-URL
X-Handled-By
X-Returned-From-DLL
Pics-Label
X-Returned-From-PostProcessResponse
X-Returned-From-BeforeDispatch
X-Trace-App
X-Passed-To-BeforeDispatch
X-Orig-Vary
MIME-Version
Content-Encoding-Handler
X-Cache-Control-Orig
ServerName
Edge-Control
X-ATG-Version
X-UD-Host
X-Purge-Host
X-UD-Method
Response
X-PERF
X-ApacheServer
Proxy-Agent
X-Cookie-Domain
Lsrequestid
X-Content-Security-Policy
X-Cache-Expires
X-FW
X-DNS-Prefetch-Control
X-Sol
X-Varnish-Backend
Ngpass-Vcall
X-Srv
X-Purge-URL
S
X-Front
Content-Disposition
AMF-Ver
X-Hosted-By
COMMERCE-SERVER-SOFTWARE
X-Speed-Cache
X-Speed-Cache-Key
X-LiteSpeed-Cache
X-Yadis-Location
NtCoent-Length
X-Whom
RTSS
Filter-Revision
X-Hits
Access-Control-Request-Method
Vacache
X-Vary-Options
X-User-Agent
X-GeoIP-Country-Code
X-GeoIP-Country-Name
Accept-Encoding
X-Middleton-Response
Grace
X-PwB-Node
Fhost
X-Micro-Cache
X-ServerID
Cache
SID
X-ServerName
X-WebKit-CSP
Id
X-ACMCache
X-Cache-TTL
X-Ar-Debug
X-CJ-Soft
UniqueName
X-FIRSTBase
Cache-By-Node
X-Permitted-Cross-Domain-Policies
X-Varnish-Host
Accept-Charset
X-TTL
X-SRV
Cm-Server
Host
X-Source-Host
X-FW-Hash
WWW-Authenticate
X-ID
X-HOSTNAME
X-Art-Request-Id
X-Track
SEOMOZ
MJ12bot
X-FW-Static
X-CHSN
X-Ar-Forwarded-For
X-Distil-CS
Machine
X-Session-Reinit
X-Microcachable
X-Blog
X-MJ-Upstream-Addr
Website-Info
Server-Info
X-Swift-CacheTime
Srv
SN
X-Bettercache-Proxy
X-Cluster-Node
X-Cocoon-Version
NODE
X-Swift-SaveTime
Req-Id
X-Trace-Cache
X-Sys-Req-ID
X-Cache-Config
X-Time
X-MJ-Serve-Req-Time
X-Varnish-Object-Age
NetMindSessionID
Nodo
X-App-Start
X-TempDebug
X-SN
X-AspNetWebPages-Version
X-AOL-SNH
CT
X-LIGHTHTTP-PCDID
X-Pangea-Version
A-Powered-By
MIH-CLIENT-FARM
ServerID
X-Object-Type
Surrogate-Control
X-Gamma-Serve
X-Cache-Rule
X-Engine
X-Geo-IP
MIH-PLATFORM
X-Object-Id
MIH-PUBLIC-IDENTIFIER
MW-Webserver
X-Varnish-Server
X-Domain-Checked
X-Ttl
X-Powered-By-Yqk
X-App
X-Yqk-Set
X-App-Status
X-Provisioner-Version
X-Highwire-RequestId
X-Cache-Action
X-Highwire-SessionId
Proxy-Connection
VAR-Cache
From
X-Trace
X-Varnish-Hits
X-BackendServer
Server2
X-Server-ID
X-FORWARDED-FOR
Webluker-Edge
X-Id
X-Tumblr-Pixel-6
X-WR-MODIFICATION
Server-Name
X-Secret
X-Expires
X-WebServer
X-N
X-Grid-Server
X-CacheHits
X-Beep
CommunityServer
QOR-Cache
X-Machine-Name
X-Microcache-Status
X-ProStores-StoreApiEntryPoint
X-Vtex-Remote-Cache
X-Stage
X-Amz-Meta-S3cmd-Attrs
X-Wily-Info
SS
X-Atraveo-NC
X-Turbo-Control
X-Atraveo-Varnish-Server-Id
X-StoreSense
X-Device-Type
X-Atraveo-From-Varnish-Cache
X-Atraveo-Cache-Control
X-S
X-Wily-Servlet
X-Atraveo-TTL
X-Developer
Origin
X-Recruiting
X-WR-Flags
SiteName
Content-MD5
X-Nginx-Server
Front
X-Geo-IP-Country
X-Vtex-Cache-Key
X-Source-ID
NLCacheNote
X-T3CacheInfo
X-Cms-Mode
X-Dev
X-Jphone-Copyright
X-Geo-IP-Region
X-Geo-IPV
X-Geo-IP-Metro
Provided-Host
X-Directory-Script
Buuteeq-Source
X-Origin-Id
X-Old-Content-Length
PageSpeed
X-Frontend
X-Src-Webcache
X-Cached-Status
Worker
X-Framework
Beyond-Iis
WP-Cache
X-Varnish-Action
X-Version
X-Amz-Id-1
X-FreeTag-Count
Backend
Cteonnt-Length
X-Benchmark-Cache
X-Benchmark-Db
X-Benchmark-Sphinx
RequestTime
X-Benchmark-Total
Pool
X-Benchmark-Sphinx-Count
X-Cache-Term
X-Conf
X-PageCached
X-NGINX-CACHED
Content-Transfer-Encoding
X-Kirra-SiteId
BALANCEDTO
X-Request-Locale
X-NGINX-CACHED-AT
X-Varnish-Cache-Server
X-Phpwcms-Page-Processed-In
X-Phpwcms-Release
Apache
X-GeoIP
-GCR
Edgecast
X-Varnish-Cache-Hits
X-MidCOM-Meta-Cache
X-Farm-Server
X-Actindo-RS
X-CacheServer
Cluster-ID
CDN
X-ServerCache-Info
X-DTC
X-Nginx-Backend
X-ATM-RTime
X-CS
X-ATM-RServer
Ksid
Dispatcher
X-Response-Time
Ms
X-Rewritten-By
X-FullPageCaching
X-ManagedFusion-Rewriter-Version
7e-Page-Cache
Author
LBVIS
MirrorName
X-Vtex-Processado-Em
X-Max-Age
X-Transaction
X-Connection-Hash
X-Force
X-PRAM
X-Country-Code
X-Cache-Age
X-ORACLE-DMS-ECID
X-FW-Type
X-Uid
Warning
Web-Server
X-FW-Serve
X-Hosting-Env
ScoreTracker
X-Magento-Lifetime
X-FS-UUID
X-Li-Fabric
X-Magento-Action
No
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Purge-Level
X-DeliveryServer
X-App-Server
X-Allow-Redis
X-LI-UUID
X-Hash
X-Varnish-Debug-Hits
X-Li-Pop
X-Content-Age
Aoestatic
Www.Myjob.Se
Location
X-Cache-Lifetime
Rt-Server
X-Cache-On
X-Cache-Operation
X-Response
X-Empowered-By
X-Translation
X-Remote-Addr
X-ACCELERATE
X-LB
X-Venda-Hitid
Hamster
X-Header
X-Varnish-Debug-Age
Il-Cl
Jobb.Gil.Se
Jobb.Passal.Se
Open.Jobgate.Se
BM-Cache-Status
BM-Cache-Node
A1B2C3
BM-Cache-Key
P3P:CP
Jobb.Assistentpoolen.Se
Www.Mabracertifiering.Se
Www.Mirrorgate.Se
Test.Executivepeople.Se
X-Powered-By-Server
OriginServer
X-Accelerated-By
SRV
X-Router-Backend
X-UPSTREAM
Qs-Cache
X-Stale
REFRESH
X-Webapp
X-UseReverse-Proxy
X-SilverStripe-Cache
X-Router
X-ROUTE-DATA
X-SERVER-ID
No-Cookie
Be-Va
X-Server-Id
X-Info
X-ASTRO-REWRITE
X-Monstercache-Timeout
SIP
Cache-Ctrol
Servername
X-Mobile
Bs-Header
X-Debug
X-RemovedCookies
X-ProcessESI
X-UD-Loopcounter
PowerCDN
X-WP
Compression-Control
X-Garden-Version
X-B2f-Not-Route
Cmstype
X-REDIRECTSERVER
Cmsid
X-GSL-Server
X-VarnPar1
X-Upstream
X-TISSERVER
X-VarnCache
X-Varnish-Device
X-Varnish-ID
X-User-Id
X-Resolver-IP
X-Mod-Oboe-PS
X-Enhanced-By
X-T3Cache
X-T3CacheTags
X-UD-Target
X-Powered
Copyright
Powered
X-OPNET-Transaction-Trace
X-Origin
X-Via-Kemp
X-Varnish-Cache-Local
X-Frames-Options
X-UD-REMOTE-ADDR
Be-Ip
Hash
XX
ORIGIN
X-7d-Version
X-7dig
X-Cache-Set
X-Node-Name
X-Author
X-Flex-Tag
Publisher
X-GLaDOS
X-Flex-Community
X-Flex-Tags
X-Flex-Lang
X-Hit
X-PvInfo
X-Flex-Lastmod
X-Flex-Evend
X-Haiku
LBC
X-Route
X-Flex-Evstart
X-Vhost
X-JSON-API-TTL
X-JSON-API-LATENCY
X-JSON-API-AGE
X-Test
Acdc-Web
Progma
X-SDE-Name
X-Page-Generation-Time
X-Uplex
X-TTL-Age
HAVer
X-UserAgent
X-Varnish-Debug-Fetch-Host
Content-Instance
X-Would-Your-GrandPa-Wait
Server-IP
OGHopCount
X-FCMS-Cache
X-MiniProfiler-Ids
X-EPiphany-Vid
X-Hostingcenter
X-Page-Generated-At
X-Client-Vid
X-Locale
ExecuteNonQuerySQLParam
X-PBY
X-VTEX-Router-Backend-App
X-Pixelsilk-Server
X-VTEX-Router-JanusNet-AspNetLatency
X-VTEX-Router-JanusNet-JanusLatency
X-VTEX-Router-JanusNet-BackEndLatency
X-VTEX-Cache-Status-Janus-Edge
X-MCB-Server
X-BKSrc
CP
X-Powered-By-VTEX-Janus-Edge
X-GitHub-Request-Id
X-Http-Host
X-Hc-Host
X-VTEX-Router-Powered-By
X-Artvisual-Server
X-PM-ID
X-Your-GrandPa-Would-Wait
X-B2f-Cache-Load
X-Nginx-Host
After
Before
IsFullSiteRequest
ExecutionTime
Tpt.Renderer
Tpt.Renderer1
X-Pixelsilk-Version
ServerConfigManager.WebBugTracker
Render
X-Web-Node
HCVer
X-HOSTTYPE
X-NID
X-Time-Spent
WP-AdvCache-MemCached
X-Vhost-ID
X-USERNAME
BKREF
At-Shoptype
Atp-Isdpp
At-Isb
X-Vivastreet-KiwiiPage
POOL
Provider
X-GC-Write
X-GC-App
Content-ID
Requested-Host
X-Jcms-Ajax-Id
SVR
X-Server-Instance
X-Varnish-Cookie-Debug
X-GC-Read
X-WLD-LB
X-VG-WebCache
Backend-Host
X-ACLR-Version
X-Vivastreet
X-Monstercache
X-Monstercache-Host
Noahs-Classifieds
Source
X-Monstercache-Hash
X-DefendeR-Runtime
X-Req-Url
X-Real-Server
X-Created
INCOMING-TIME
X-Server-Node
X-Internal-IP
X-Loc
X-Req-Host
X-Life
X-NginX-Cache
X-NginX-Server
X-V-TTL
Http
WEBO
X-V-Outer
X-V-I-TTL
X-ChromeLogger-Data
X-Channel-Maxage
X-Accel-Expires
SAVVIS
X-Cache-Backend
Pramga
X-Varnish-Age
X-Mii-Cache-Hit
X-Device-Group
X-Cluster-Host
X-Nucleus-Cache
X-Abuse
X-VarnPar2
AV1080
X-Client-IP
X-Pb-Mii
Portlet.Expiration-Cache
X-Feed
X-IP-Address
X-Status
RATING
X-Ratelimit
Ec
X-Proxy-Cache
X-Vtex-Processed-At
Ozcache
X-SV
X-Hrouter
X-EdgeRouter
XDomainRequestAllowed
ServerIP
X-Dokk-PortalId
X-Clientip
X-Powered-Developer
X-MobileDetected
DCGI-Server
X-LAvg
X-DC-Origin-IP
X-MSEdge-Ref
X-CMS
Svr
X-Name
X-PoolMember
Mime-Version
X-Original-IP
RequestId
If-Modified-Since
X-Lb
X-Binarysec-Via
X-Generation-Time
X-S-Misc
X-WorkerInstancename
X-XFPC-Cache
X-D-Time
X-CMS-Tid
X-CMS-Sid
X-CMS-Stage
X-CMS-State
X-XFPC-Cache-Active
Esi-Enabled
X-Gondor-Server
B-Powered-By
Cneonction
UNIQUE-ID
X-Dynatrace-Js-Agent
X-AISO-Server
Front-End-Https
No-Cache
X-AISO-Cache
X-CMS-Server
X-CMS-Nid
EI-UNIQUE-ID
Pool-Info
X-Cached-Page
X-PoweredBy
X-Varnish-Id
X-Box
Content-Security-Policy-Report-Only
Mark
X-Time-Microsecs
Accept
Accept-Language
X-CMS-Collection
X-CMS-CRMSet
X-CMS-Live
X-Catalyst
X-Cache-Key
Hej
Hishop
SLB
X-Host-Url
X-Bcwwwid
X-Varnish-HitMiss
X-Fett
X-Varnish-Count
Fpc-Cache-Id
X-Location-Id
Www.Aujourdhui.Com
CacheControlHeader
D
Foglight-Request-UUID
X-RequesterIP
Tpt
X-Crafted
X-IDS-WS
Redirect
X-CCM
X-ATP-Server
X-Cache-Ttl
X-ServerId
X-XHR-Current-Location
X-Backend-Name
X-DELIVERYSERVER
X-Header-Set-Id
X-HITS
X-Caching-Rule-Id
HostName
ProxiaInstanceId
X-Wikidot-Backend
X-TLServer
EZ-Origin
WSCPUB-Version
X-Src-Loadbalancer
X-Process-Time
Head
X-FarmId
X-App-TTL
X-RSS-CACHE-STATUS
X-Wikidot-Static-Cache
X-CacheTTL
X-VarnishServer
X-UA-Class
X-Sto
X-Varnish-Beresp-Grace
Ttl
X-Adobe-Content
Test
User-Cache-Control
MachineName
HTTP
X-WAP
X-Gannett-Site-Version
X-Job-Offer
X-ESI-Processing
X-Server-Generated
Server-Ip
X-Varnish-Max-Age
X-Req-Counter
X-Source
X-Rot
Rt-Fastcgi-Cache
CACHED-RESPONSE
X-Nginx-Cache
Content-Cache
OutputRewritten
Content
LFY
X-PS-MURDOCK-ORIG-FILEEXT
X-PS-MURDOCK-ORIG-PROTOCOL
X-PS-MURDOCK-CASE-NORMALIZATION
TP-Cache
SFY
X-R4L-VHOST
X-Edge-Location
X-Url-Store
X-Kermit
F-In-Cache
X-Oracle-DMS-ECID
X-Varnish-Mode
Host-Service
X-Webstats-RespID
X-Forwarded-Proto
SBMCLOUD
Pagely
WEB-CLUSTER-NODE
X-Config-By
X-Continum-Server
X-Reject
X-Back
X-Cookie-Store
CountryCode
X-Backend-Status
X-Location
X-Obvious-Info
X-GL-SRV
X-Cluster-ID
CacheControl
X-Stackable-Node
X-Obvious-Tid
MASTERWEBLET
AcceptLangage
Language
X-Distributed-By
Mobiquo-Is-Login
X-Edge-IP
X-Cache-Extended
X-Varnish-Hashed-On
W
Expire
XDisk
X-Unbounce-PageId
X-Unbounce-Variant
X-Varnish-Beresp-Status
X-V
X-Varnish-Beresp-Ttl
X-Application
X-SeschatTemplateID
X-Server-By
X-Varnish-Debug-Varnish-TTL-Set-From-Server
X-Server-IP
X-DSMX-Rewrite-MS
X-DSMX-Render-MS
X-Varnish-URL
Xc
X-UA
X-SeschatRedID
X-SeschatLayout
X-SeschatDID
X-Seschat-URL
X-Unbounce-VisitorID