Threat Level: green Handler on Duty: Tom Webb

SANS ISC HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.

Graph Criteria
  • Start Date:
  • End Date:
  • Header:
All Headers Active In The Past Month
Header Popularity
Content-Type
Date
Server
Connection
Set-Cookie
Cache-Control
X-Powered-By
Vary
Content-Length
Expires
Last-Modified
Pragma
Accept-Ranges
ETag
X-Pingback
P3P
X-AspNet-Version
Link
X-Content-Type-Options
X-XSS-Protection
Age
X-Cache
Alternate-Protocol
Content-Language
X-UA-Compatible
Via
Content-Location
Keep-Alive
CF-RAY
X-Varnish
X-Adblock-Key
X-Frame-Options
P3p
X-Check
X-Cacheable
X-Language
X-Buckets
X-Template
X-Generator
Access-Control-Allow-Origin
X-Hacker
X-Drupal-Cache
WP-Super-Cache
Status
MS-Author-Via
X-Powered-By-Plesk
X-AspNetMvc-Version
X-Pad
X-Runtime
X-Geo-Port
X-Geo
X-Request-Id
MicrosoftOfficeWebServer
X-Powered-CMS
X-Server
X-Cache-Lookup
X-Host
Access-Control-Allow-Credentials
X-Type
X-Cache-Group
X-Logged-In
Strict-Transport-Security
Ngpass-All
X-Ua-Compatible
X-Mod-Pagespeed
X-Rack-Cache
X-UA-Device
X-XRDS-Location
MicrosoftSharePointTeamServices
X-FRAME-OPTIONS
X-Cache-Hits
Host-Header
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
Content-Encoding
X-Tumblr-Pixel-1
X-Via
SPRequestGuid
X-SharePointHealthScore
X-Robots-Tag
X-Varnish-Cache
X-INKT-URI
X-INKT-SITE
X-CF-Powered-By
X-Iinfo
X-Url
X-Tumblr-Pixel-2
X-Accel-Version
X-Cnection
X-PhApp
Composed-By
X-ServedBy
Access-Control-Allow-Headers
X-Forwarded-For
X-Ac
X-Webserver
X-Served-By
X-Backend
X-Page-Speed
Served-By
X-MS-InvokeApp
Access-Control-Allow-Methods
X-ContextId
X-Firenze-Processing-Times
X-CDN
X-ShardId
X-Alternate-Cache-Key
X-ShopId
X-XN-Trace-Token
X-XN-XNHTML
X-Hostname
X-Tumblr-Pixel-3
X-AH-Environment
X-PC-Key
X-PC-Hit
X-PC-AppVer
X-PC-Host
X-PC-Date
X-Powered-By-360WZB
X-Server-Name
X-Served-With
Content-Style-Type
Content-Script-Type
Liferay-Portal
X-Age
X-Umbraco-Version
X-Spip-Cache
X-Cache-Info
X-Port
Refresh
X-Safe-Firewall
X-Cache-Server
X-Amz-Id-2
Cf-Railgun
Powered-By-ChinaCache
X-Cache-Result
Request-Id
SPRequestDuration
SPIisLatency
X-Amz-Request-Id
X-Mobilized-By
Cartoon
Rating
X-Content-Digest
X-FB-Debug
X-HeyJason
X-Cache-Status
X-Amz-Cf-Id
X-Pass-Why
X-Outils-CS
TCN
X-FORWARDED-FOR
Real-Hostname
X-TN-ServedBy
X-PHP-Engine
X-Loop
Thanks
Magicmarker
X-VCache
X-Px
X-Request-ID
X-Tumblr-Pixel-4
X-Device
X-Node
X-W3TC-Minify
IBM-Web2-Location
X-Content-Encoded-By
X-TNCMS-Version
X-PersistenceNode
X-TNCMS-Served-By
X-TNCMS-Render-Time
X-TNCMS-Memory-Usage
X-Cached-By
X-Generated-By
X-Hyper-Cache
Page-Completion-Status
NS-RTIMER-COMPOSITE
X-Original-Content-Length
Imagetoolbar
X-Cached
X-Served-From-Cache
X-Tumblr-Content-Rating
X-Styx-Req-Id
X-Styx-Version
X-Styx-Build-Sha
X-Styx-Build-Date
X-Pantheon-Endpoint
X-Styx-Build-Num
X-Pantheon-Styx-Hostname
X-Matrix-Proxy
Content-Security-Policy
X-Matrix-Server
X-Timer
Retry-After
CF-Cache-Status
X-Powered-By-Anquanbao
X-URL
X-Varnish-Cacheable
X-From
X-Tumblr-Pixel-5
X-DynaTrace
X-SERVER
IISExport
X-HOST
X-Varnish-TTL
X-Firenze-Processing-Time
X-CMS-Version
Product
X-Cache-Enabled
Generator
Pics-Label
Time
X-HOSTNAME
DynaTrace
Access-Control-Max-Age
X-Backend-Server
X-BC-Is-HA
Node
Set-Cookie2
X-App-Hosting
X-I
X-Cache-Debug
ServedBy
X-Art-Request-Id
X-ATG-Version
X-Cache-Hit
X-DDC-Arch-Trace
X-UD-Host
X-Rendering-Engine
X-Director
X-UD-Method
X-SDS
Powered-By
X-Processed-By
X-Original-Request
X-Sol
X-Drectory-Script
X-Trace-App
X-Nitra-Side
Response
X-Purge-Host
X-Orig-Vary
Content-Encoding-Handler
X-CDN-Geo-IP
X-CDN-Geo
X-NoCache
X-CDN-Any-IP
ServerName
X-Actual-URL
X-Passed-To-BeforeDispatch
Lsrequestid
X-Passed-To
X-Returned-From
X-Returned-From-PostProcessResponse
X-Returned-From-BeforeDispatch
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Returned-From-DLL
X-Handled-By
Charset
X-PF-Uncompressing
PICS-Label
X-DynaTrace-JS-Agent
X-Cookie-Domain
X-Duration
X-DNS-Prefetch-Control
Proxy-Agent
Ngpass-Vcall
X-Purge-URL
S
X-PERF
MIME-Version
AMF-Ver
X-ApacheServer
X-Content-Options
Edge-Control
RTSS
X-Microcachable
Cache
Vacache
X-Middleton-Response
Access-Control-Request-Method
Accept-Encoding
X-Xrds-Location
X-Varnish-Backend
X-LiteSpeed-Cache
X-Expires-Orig
X-Cache-Expires
X-SRV
X-BackEnd
Fhost
X-Hosted-By
X-Hits
X-FW
COMMERCE-SERVER-SOFTWARE
X-Vary-Options
Filter-Revision
X-Cache-Control-Orig
X-Speed-Cache
X-Speed-Cache-Key
X-Ms-Invokeapp
X-GeoIP-Country-Code
X-Micro-Cache
Sprequestguid
X-Sharepointhealthscore
X-GeoIP-Country-Name
Machine
X-CJ-Soft
X-PwB-Node
NetMindSessionID
X-Content-Security-Policy
Host
Content-Disposition
SID
Accept-Charset
Surrogate-Control
X-Front
X-Beep
X-FIRSTBase
WWW-Authenticate
X-Cocoon-Version
X-CHSN
Cm-Server
X-ServerName
X-B2f-Cache-Load
X-Ar-Debug
X-FW-Static
X-Varnish-IP
NODE
X-WebKit-CSP
SEOMOZ
X-ServerID
MJ12bot
X-Permitted-Cross-Domain-Policies
Website-Info
Server-Info
X-Distil-CS
X-Cluster-Node
X-Track
X-Session-Reinit
X-Blog
X-Yadis-Location
X-Whom
X-TTL
X-Source-Host
VAR-Cache
X-Server-ID
X-Trace-Cache
CT
NtCoent-Length
MW-Webserver
X-Varnish-Hits
X-Ar-Forwarded-For
X-Srv
X-Gamma-Serve
X-WebServer
X-Varnish-Host
X-User-Agent
ServerID
UniqueName
X-LIGHTHTTP-PCDID
X-TempDebug
X-ACMCache
X-Pangea-Version
X-AOL-SNH
X-App-Start
X-Directory-Script
X-Sys-Req-ID
X-Cache-Rule
X-Bettercache-Proxy
X-CacheHits
X-Time
Req-Id
X-Server-IP
X-ID
X-StoreSense
A-Powered-By
X-Highwire-SessionId
X-Highwire-RequestId
X-AspNetWebPages-Version
X-ProStores-StoreApiEntryPoint
X-Cache-TTL
X-Cache-Action
SN
X-Ttl
X-ServerCache-Info
Nodo
Server-Name
Hamster
X-Varnish-Object-Age
X-MJ-Upstream-Addr
X-Grid-Server
X-WR-Flags
Id
X-Object-Id
X-Object-Type
Pool-Info
X-App-Status
X-Provisioner-Version
X-Domain-Checked
X-Wily-Info
X-Wily-Servlet
X-Engine
X-Expires
X-Outils-Cs
Content-Security-Policy-Report-Only
Ms
X-Transaction
Grace
Cteonnt-Length
X-Id
Provided-Host
X-N
X-Turbo-Control
From
X-MJ-Serve-Req-Time
X-Trace
X-Connection-Hash
PageSpeed
Proxy-Connection
X-Atraveo-From-Varnish-Cache
X-Atraveo-Cache-Control
X-Atraveo-TTL
Cache-By-Node
QOR-Cache
CommunityServer
X-Atraveo-NC
Server2
X-VARNISH-Cache
X-WEBSERVER
X-Atraveo-Varnish-Server-Id
Origin
X-Info
Webluker-Edge
ORIGIN
X-Varnish-Server
SiteName
X-App
X-Device-Type
X-Amz-Id-1
X-Geo-IP
X-S
MIH-PUBLIC-IDENTIFIER
X-Microcache-Status
MIH-CLIENT-FARM
MIH-PLATFORM
X-Vtex-Remote-Cache
RequestTime
X-Cache-Config
WP-Cache
Srv
F-In-Cache
X-T3CacheInfo
X-Vtex-Cache-Key
X-Response-Time
X-Cached-Status
LBVIS
SS
X-Swift-CacheTime
X-Swift-SaveTime
X-Machine-Name
X-Varnish-ID
X-Src-Webcache
X-Country-Code
X-Source-ID
X-Version
X-Old-Content-Length
Mime-Version
X-Cache-Term
Edgecast
X-Li-Pop
X-LI-UUID
X-Yqk-Set
X-PRAM
X-WR-MODIFICATION
X-ROUTE-DATA
X-Powered-By-Yqk
Apache
Pool
X-Empowered-By
Backend
X-Pixelsilk-Version
X-Pixelsilk-Server
X-Origin
X-PageCached
X-Cache-Operation
X-LB
X-Force
X-Recruiting
X-DeliveryServer
Buuteeq-Source
X-Li-Fabric
X-Amz-Meta-S3cmd-Attrs
X-Frontend
X-FS-UUID
X-ManagedFusion-Rewriter-Version
X-Rewritten-By
X-FreeTag-Count
X-REDIRECTSERVER
MirrorName
LBC
OriginServer
X-Translation
X-GeoIP
P3P:CP
Content-MD5
Open.Jobgate.Se
Beyond-Iis
Test.Executivepeople.Se
Worker
X-Phpwcms-Page-Processed-In
X-Origin-Id
Www.Mabracertifiering.Se
X-Upstream
Jobb.Passal.Se
X-Varnish-Debug-Hits
X-Varnish-Debug-Age
X-Header
Content-Transfer-Encoding
X-ORACLE-DMS-ECID
A1B2C3
Jobb.Gil.Se
X-Uid
NLCacheNote
Jobb.Assistentpoolen.Se
X-Cache-Ttl
X-Phpwcms-Release
X-Dev
Front
Author
SRV
X-ACCELERATE
Be-Ip
X-Cms-Mode
Be-Va
X-Varnish-Age
X-Debug
X-Jphone-Copyright
X-Developer
X-Conf
Www.Myjob.Se
Aoestatic
Www.Mirrorgate.Se
X-Magento-Lifetime
X-Magento-Action
X-PM-ID
X-Benchmark-Db
X-Benchmark-Sphinx
X-Benchmark-Sphinx-Count
WEBO
X-Benchmark-Total
X-Benchmark-Cache
7e-Page-Cache
X-Varnish-Cache-Hits
X-Flex-Lastmod
X-Powered-By-Server
X-UPSTREAM
X-Flex-Lang
X-Flex-Evstart
X-Vtex-Processado-Em
X-Flex-Community
X-Flex-Evend
Location
Web-Server
ScoreTracker
X-Frames-Options
X-Flex-Tag
X-Flex-Tags
X-JAL
X-Actindo-RS
SFY
X-Vhost-ID
X-Vivastreet-KiwiiPage
X-BKSrc
X-Secret
X-App-Server
X-Nginx-Backend
X-Mod-Oboe-PS
X-DTC
X-Nginx-Server
Allow
-GCR
Rt-Fastcgi-Cache
X-JSL
No
X-CS
X-Cache-On
X-GLaDOS
X-Haiku
X-ATM-RTime
Rt-Server
X-Farm-Server
X-Varnish-Cache-Server
X-User-Id
X-GSL-Server
Il-Cl
X-Kirra-SiteId
X-ATM-RServer
Hash
Dispatcher
X-Framework
X-Varnish-Action
Copyright
Ksid
Progma
X-Response
Powered
MASTERWEBLET
X-Vivastreet
SIP
X-Vhost
X-Varnish-Device
Compression-Control
X-Server-Id
X-VarnCache
X-TISSERVER
X-Ocache
X-Content-Age
X-SN
ExecutionTime
Pagely
X-Via-Kemp
X-Kermit
X-T3Cache
X-T3CacheTags
X-B2f-Not-Route
Server-IP
Warning
X-Varnish-Cache-Local
X-Route
X-B
CDN
X-T
X-Hash
X-Stage
Cluster-ID
Content-Instance
LFY
HCVer
HAVer
X-Catalyst
BKREF
X-ASTRO-REWRITE
X-Powered
Publisher
Cmstype
At-Isb
X-Geo-IPV
X-Geo-IP-Region
X-Dynatrace-Js-Agent
X-Cache-Age
SynthaSite-ID
X-Geo-IP-Metro
At-Shoptype
X-BackendServer
X-MobileDetected
X-EdgeRouter
X-Accelerated-By
X-Geo-IP-Country
Atp-Isdpp
X-Cache-Lifetime
X-Real-Server
Cmsid
X-Hrouter
X-Venda-Hitid
X-GC-Read
X-Monstercache-Timeout
X-WP
X-Stale
X-GC-App
X-Tumblr-Pixel-6
X-FCMS-Cache
X-Channel-Maxage
X-Host-Url
IsFullSiteRequest
CP
X-Artvisual-Server
X-Remote-Addr
X-PvInfo
X-MCB-Server
X-Purge-Level
X-MSEdge-Ref
BM-Cache-Key
BM-Cache-Node
BM-Cache-Status
X-Allow-Redis
Tpt.Renderer1
Tpt.Renderer
X-Locale
X-OPNET-Transaction-Trace
REFRESH
X-UserAgent
X-Enhanced-By
After
Tpt
ServerConfigManager.WebBugTracker
Render
Before
X-Cache-Set
X-GC-Write
POOL
Cache-Ctrol
X-NID
X-Powered-Developer
X-Time-Microsecs
XDisk
X-7d-Version
X-Hit
X-GitHub-Request-Id
X-UD-Loopcounter
Ttl
X-UD-REMOTE-ADDR
X-UD-Target
X-Author
Provider
X-7dig
X-Varnish-Beresp-Status
D
Ec
OGHopCount
X-NGINX-CACHED-AT
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-NGINX-CACHED
X-Varnish-Abtest-Expires
Noahs-Classifieds
X-SilverStripe-Cache
X-Jcms-Ajax-Id
X-PBY
X-Web-Node
X-Hc-Host
PowerCDN
INCOMING-TIME
X-Uplex
X-Varnish-Debug-Fetch-Host
Http
X-SERVER-ID
Servername
X-Hosting-Env
X-Internal-IP
If-Modified-Since
X-TLServer
DCGI-Server
X-Cache-Key
X-Nginx-Cache
X-Mii-Cache-Hit
X-Client-IP
X-Device-Group
X-Nucleus-Cache
X-Goog-Hash
Expire
X-Pb-Mii
X-VTEX-Router-JanusNet-BackEndLatency
X-VTEX-Router-JanusNet-AspNetLatency
X-VTEX-Router-Backend-App
X-VarnPar2
X-VTEX-Router-JanusNet-JanusLatency
MachineName
X-ChromeLogger-Data
X-VTEX-Router-Powered-By
X-SATserver
User-Cache-Control
Content
X-ERM-ServerName
X-Original-IP
X-PoolMember
X-Ratelimit
Xc
X-Monstercache-Host
X-Monstercache-Hash
X-Feed
X-Garden-Version
X-Monstercache
XDomainRequestAllowed
X-ACLR-Version
X-CacheServer
X-MidCOM-Meta-Cache
ExecuteNonQuerySQLParam
Disaptch-Cache-Rule
Web-Head
X-Yottaa-Optimizations
X-Http-Host
X-Status
X-Yottaa-Metrics
X-DC-Origin-IP
X-Cache-Backend
X-ERM-ServerName-AppPage
X-JSON-API-AGE
X-JSON-API-LATENCY
X-JSON-API-TTL
X-ERM-RunTime
X-Continum-Server
HTTP
Source
WEB-CLUSTER-NODE
X-Nginx-Host
X-Oracle-DMS-ECID
X-Would-Your-GrandPa-Wait
X-XHR-Current-Location
X-Your-GrandPa-Would-Wait
SAVVIS
X-TTL-Age
X-Stackable-Node
X-Page-Generated-At
X-Page-Generation-Time
X-Reject
SBMCLOUD
X-ATP-Server
UNIQUE-ID
X-Binarysec-Via
X-Location
Accept
Accept-Language
X-HITS
Hej
X-Back
X-PP
X-Varnish-Count
X-RemovedCookies
X-Seschat-URL
X-SeschatDID
X-VG-WebCache
X-Cluster-ID
X-Varnish-HitMiss
X-Max-Age
X-CacheTTL
Esi-Enabled
Ngpass-Static
X-CMS-Sid
X-CMS-Stage
X-CMS-State
X-CMS-Server
X-CMS-Nid
X-CMS-Collection
X-CMS-CRMSet
X-CMS-Live
X-CMS-Tid
Telligent-Evolution
X-D-Time
X-Generation-Time
X-S-Misc
Powered-By-VeryCDN
X-XFPC-Cache-Active
SVR
X-WorkerInstancename
X-XFPC-Cache
X-SeschatLayout
X-Platform
Svr
Requested-Host
X-Server-By
X-NginX-Cache
X-IDS-WS
X-Client-Vid
X-EPiphany-Vid
X-Server-Node
Content-ID
X-SERVERID
Www.Aujourdhui.Com
X-VarnPar1
X-Fett
XX
ProxiaInstanceId
X-Client-Addr
X-NginX-Server
X-Mobile
X-SeschatRedID
X-SeschatTemplateID
X-ProcessESI
X-Node-Name
X-CCM
X-Box
X-Nocache
X-ServerId
X-FW-Hash
X-PHP-Cache
Smug-Env
X-Life
X-Config-By
X-SmugMug-Hiring
X-Test
X-Resolver-IP
X-FarmId
X-DSMX-Render-MS
Server-Optimized-By
X-JG-Page-Cache
X-Gondor-Server
X-AISO-Server
X-AISO-Cache
X-Loopia-Cache
X-DefendeR-Runtime
Server-N
X-Loc
X-Backend-Status
Host-Service
X-TTFB-L
X-Varnish-URL
X-Varnish-Set-Cookie
Mark
X-VTEX-Cache-Status-Janus-Edge
X-Panel-Name
AV1080
X-Webstats-RespID
X-PROCESSED-BY
X-Varnish-Debug-Varnish-TTL-Set-From-Server
X-VHOST
X-DSMX-Rewrite-MS
X-Powered-By-VTEX-Janus-Edge
X-Varnish-Hashed-On
X-DELIVERYSERVER
X-Extra-Header
X-Url-Store
X-TTFB
X-MadeOn
CountryCode
X-Dokk-PortalId
X-Panel-Id
X-Cookie-Store
AcceptLangage
X-SmugMug-Values
CacheControlHeader
X-Location-Id
X-User-Authenticated
X-Execution-Time
Redirect
HostName
X-User-Login-Url
X-Caching-Rule-Id
Apple-Itunes-App
Mobiquo-Is-Login
X-R4L-VHOST
X-Header-Set-Id
Foglight-Request-UUID
X-PoweredBy
X-WHOIS-Cached
X-Webapp
Front-End-Https
X-V
WP-AdvCache-MemCached
X-APP
X-UseReverse-Proxy
X-Router
X-Router-Backend
X-Sw-Accesskey
X-RSS-CACHE-STATUS
X-Adobe-Content
X-Cluster-Host
X-Varnish-Cookie-Debug
X-WLD-LB
X-Server-Instance
X-SDE-Name
Bs-Header
EI-UNIQUE-ID
X-HOSTTYPE
SLB
HostGen
Head
X-USERNAME
X-Varnish-Max-Age
X-WAP
X-Cluster
X-ErrorPage
Test
X-VTEX-Cache
X-Real-IP
X-ServerID-App
X-Cache-Me-Harder
X-PS-MURDOCK-ORIG-PROTOCOL
X-PS-MURDOCK-ORIG-FILEEXT
X-PS-MURDOCK-CASE-NORMALIZATION
X-IP-Address
X-Bcwwwid