Common Crawl Response Lint

Responses analyzed
122,905,867
Distinct sites analyzed
~49,341 HLL estimate
Note occurrences
1,436,089,484 across all responses
Distinct note types seen
180
CrawlCC-MAIN-2026-12
cc-lintv0.1.0
httplintv2026.5.2
Top-sites filterTranco top 100,000
Sample ceilingTranco top 10,000
Finalized2026-06-30T23:12:11Z

Percentages describe this Common Crawl result set, not the entire web. Counts reflect what Common Crawl fetched (after robots.txt, WAF, paywall, and geofence exclusions), scoped to the Tranco top-sites filter configured for this run.

Response health

Each response is bucketed by the most severe httplint finding it produced. Clean means httplint found nothing worth reporting on that response. Per-response, not per-site — popular sites contribute more responses.

The bucket is only as meaningful as httplint’s per-note severity, and one prevalent pattern can dominate. Notably, Pragma on a response is flagged BAD (REQUEST_HDR_IN_RESPONSE — Pragma is a request header), so the long-standing Pragma: no-cache response convention inflates the BAD share here.

SeverityResponses%
BAD44,810,98236.5%
WARN72,363,47458.9%
INFO5,700,0304.6%

Findings by category

CategoryOccurrences%Note types fired
Caching417,568,88329.1%43
Browser security462,830,30732.2%57
Cookies83,744,2895.8%20
Cross-origin resource sharing7,667,9740.5%3
Content negotiation2,324,4660.2%2
Partial content30,9190.0%4
Connection19,2370.0%1
General461,903,40932.2%50

Notes

Caching 417,568,883 occurrences across 43 note types (29.1% of occurrences)

BADCC_BAD_VALUE_TYPE~713 sites (1.4%) (HyperLogLog estimate of distinct sites where this note fired)879,749

The %(directive)s cache directive's value is incorrect.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
nextjs513,51458.4%6.2%
cloudflare250,20928.4%0.8%
nginx191,92521.8%0.7%
cloudfront167,81819.1%1.0%
nuxt48,6255.5%4.7%
apache38,1014.3%0.3%
fastly37,1394.2%0.4%
akamai34,9824.0%0.3%
azure-front-door32,0363.6%2.2%
envoy30,8853.5%0.6%
… 1 more layers not shown …
BADSTORE_PRIVATE_PUBLIC_CONFLICT~202 sites (0.4%) (HyperLogLog estimate of distinct sites where this note fired)180,770

This response contains both the `public` and `private` Cache-Control directives.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
nginx42,31823.4%0.2%
fastly28,73215.9%0.3%
cloudflare27,84615.4%0.1%
cloudfront25,22314.0%0.1%
akamai20,83411.5%0.2%
envoy19,48510.8%0.4%
azure-front-door17,7999.8%1.2%
apache3,9852.2%0.0%
nextjs1100.1%0.0%
nuxt280.0%0.0%
BADDATE_CLOCKLESS_BAD_HDR~36 sites (0.1%) (HyperLogLog estimate of distinct sites where this note fired)14,718
BADAGE_NEGATIVE~16 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)574
BADAGE_NOT_INT~5 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)5,351

The Age header's value should be an integer.

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
nginx3,58967.1%0.0%
akamai1,64030.6%0.0%
cloudflare1072.0%0.0%
BADCC_SHOULD_NOT_HAVE_VALUE~2 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)46,908

The %(directive)s cache directive does not accept a value.

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
nginx46,899100.0%0.2%
cloudflare90.0%0.0%
WARNFRESHNESS_HEURISTIC~25,243 sites (51.2%) (HyperLogLog estimate of distinct sites where this note fired)31,377,664

This response allows caches to assign their own freshness lifetimes to it.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
nginx7,444,24723.7%28.1%
cloudflare7,410,17223.6%24.2%
apache4,653,15414.8%35.2%
cloudfront3,585,75111.4%21.3%
akamai1,395,8204.4%10.9%
fastly1,328,0864.2%13.4%
envoy753,2562.4%15.7%
nuxt430,9911.4%42.1%
nextjs303,7951.0%3.7%
azure-front-door283,3500.9%19.8%
… 1 more layers not shown …
WARNCC_CONFLICTING~17,901 sites (36.3%) (HyperLogLog estimate of distinct sites where this note fired)35,857,883

The %(directive)s cache directive overrides other directives.

Samples (5)

directive_conflicts: long tail elided during shuffle; only the retained head is shown.

Directive → conflicts

ValueNote fires
no-store → - `no-cache` - `must-revalidate`5,011,627
no-store → - `must-revalidate` - `no-cache`4,053,809
no-store → - `no-cache`2,900,068
no-cache → - `must-revalidate`1,986,710
no-store → - `max-age` - `no-cache`1,811,138
no-store → - `no-cache` - `max-age`1,556,511
no-cache → - `max-age`1,398,765
no-store → - `private`981,213
no-store → - `no-cache` - `must-revalidate` - `max-age`486,764
no-store → - `no-cache` - `max-age` - `must-revalidate`460,957
no-store → - `max-age` - `no-cache` - `must-revalidate`445,723
no-store → - `must-revalidate` - `no-cache` - `max-age`391,113
no-store → - `max-age` - `must-revalidate` - `no-cache`356,763
no-store → - `no-cache` - `max-age` - `must-revalidate` - `private`332,868
no-store → - `must-revalidate` - `max-age` - `no-cache`330,243
no-store → - `no-cache` - `private` - `max-age` - `must-revalidate`294,887
no-store → - `max-age` - `private` - `must-revalidate` - `no-cache`291,038
no-store → - `no-cache` - `must-revalidate` - `private` - `max-age`286,813
no-store → - `no-cache` - `private` - `must-revalidate` - `max-age`286,115
no-store → - `max-age`284,071
no-store → - `must-revalidate` - `max-age` - `no-cache` - `private`281,059
no-store → - `max-age` - `no-cache` - `must-revalidate` - `private`279,047
no-store → - `no-cache` - `must-revalidate` - `max-age` - `private`278,177
no-store → - `private` - `no-cache` - `must-revalidate` - `max-age`275,189
no-cache → - `max-age` - `must-revalidate`273,073
… 1975 more values not shown …

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare8,111,89522.6%26.5%
nginx6,809,29819.0%25.7%
akamai5,463,47615.2%42.7%
apache4,208,58611.7%31.9%
nextjs3,869,98210.8%46.7%
cloudfront3,748,48610.5%22.2%
fastly2,544,9687.1%25.7%
envoy1,941,9605.4%40.4%
vercel699,1371.9%36.9%
azure-front-door379,1021.1%26.5%
… 1 more layers not shown …
WARNSTORE_PUBLIC_UNNECESSARY~10,700 sites (21.7%) (HyperLogLog estimate of distinct sites where this note fired)21,911,361

Cache-Control: public is probably not necessary.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare7,049,76032.2%23.0%
nginx4,459,48020.4%16.8%
cloudfront4,194,01619.1%24.9%
fastly3,497,57316.0%35.3%
nextjs2,361,51310.8%28.5%
akamai1,454,6976.6%11.4%
apache1,130,8535.2%8.6%
vercel1,111,9155.1%58.6%
envoy1,079,1494.9%22.4%
azure-front-door413,5021.9%29.0%
… 1 more layers not shown …
WARNFRESHNESS_NO_CACHE_NO_VALIDATOR~5,720 sites (11.6%) (HyperLogLog estimate of distinct sites where this note fired)8,737,826

This response cannot be served from cache without validation, and doesn't have a validator.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
nginx2,128,38724.4%8.0%
cloudflare1,719,04819.7%5.6%
apache1,175,09013.4%8.9%
cloudfront833,1509.5%4.9%
akamai801,9119.2%6.3%
fastly419,8204.8%4.2%
envoy291,4063.3%6.1%
nextjs62,2680.7%0.8%
azure-front-door53,7000.6%3.8%
nuxt50,0120.6%4.9%
… 1 more layers not shown …
WARNVARY_DUPLICATE~3,554 sites (7.2%) (HyperLogLog estimate of distinct sites where this note fired)5,833,157

The Vary header contains duplicate values.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
nginx2,083,31235.7%7.9%
cloudflare1,852,61631.8%6.0%
fastly1,759,15830.2%17.7%
cloudfront519,1438.9%3.1%
nextjs214,0213.7%2.6%
nuxt169,8672.9%16.6%
akamai116,8562.0%0.9%
envoy95,9941.6%2.0%
apache32,6370.6%0.2%
azure-front-door24,1930.4%1.7%
… 1 more layers not shown …
WARNVARY_COMPLEX~2,929 sites (5.9%) (HyperLogLog estimate of distinct sites where this note fired)6,155,546

This resource varies in %(vary_count)s ways.

Samples (5)

vary_count

ValueNote fires
52,641,393
42,358,021
6696,521
8241,620
793,029
964,101
1022,184
2312,379
469,821
115,175
183,493
472,452
141,815
131,765
451,043
12662
1968
202
242

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
nextjs2,518,37340.9%30.4%
cloudflare1,590,21325.8%5.2%
fastly1,518,62124.7%15.3%
vercel870,30914.1%45.9%
nginx733,41811.9%2.8%
cloudfront593,8029.6%3.5%
envoy284,3544.6%5.9%
apache202,4233.3%1.5%
akamai176,2552.9%1.4%
azure-front-door82,4991.3%5.8%
… 1 more layers not shown …
WARNVARY_USER_AGENT~2,878 sites (5.8%) (HyperLogLog estimate of distinct sites where this note fired)7,573,150

Vary: User-Agent can cause cache inefficiency.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
apache1,962,73525.9%14.9%
cloudflare1,686,73922.3%5.5%
nginx1,155,89915.3%4.4%
cloudfront987,17313.0%5.9%
akamai537,2807.1%4.2%
fastly335,7374.4%3.4%
envoy303,4074.0%6.3%
nextjs165,7932.2%2.0%
azure-front-door25,8290.3%1.8%
nuxt8,2410.1%0.8%
… 1 more layers not shown …
WARNCHECK_ALL_ZERO~2,015 sites (4.1%) (HyperLogLog estimate of distinct sites where this note fired)2,520,826

The pre-check and post-check cache directives are both '0'.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
nginx816,22232.4%3.1%
apache672,27726.7%5.1%
cloudflare508,53820.2%1.7%
fastly125,8165.0%1.3%
cloudfront114,3184.5%0.7%
akamai102,3134.1%0.8%
envoy58,4232.3%1.2%
azure-front-door2550.0%0.0%
nuxt340.0%0.0%
WARNCC_DUP~1,381 sites (2.8%) (HyperLogLog estimate of distinct sites where this note fired)2,119,181

The %(directive)s cache directive appears more than once.

Samples (5)

directive

ValueNote fires
no-cache720,208
must-revalidate421,142
no-store349,750
max-age325,606
private183,291
public87,316
s-maxage21,972
stale-while-revalidate4,522
pre-check1,813
post-check1,813
no-transform1,654
stale-if-error47
proxy-revalidate37
immutable10

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
nginx672,20531.7%2.5%
cloudflare435,73420.6%1.4%
apache314,84314.9%2.4%
cloudfront229,09010.8%1.4%
envoy103,8194.9%2.2%
nextjs99,4184.7%1.2%
akamai94,3124.5%0.7%
fastly46,5642.2%0.5%
azure-front-door3,3730.2%0.2%
vercel1,7980.1%0.1%
WARNVARY_ASTERISK~310 sites (0.6%) (HyperLogLog estimate of distinct sites where this note fired)430,052

Vary: * effectively makes this response uncacheable.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare135,44031.5%0.4%
akamai51,00311.9%0.4%
azure-front-door16,9213.9%1.2%
nginx4,7221.1%0.0%
cloudfront1,3520.3%0.0%
fastly1,3300.3%0.0%
nextjs160.0%0.0%
apache50.0%0.0%
envoy50.0%0.0%
WARNVARY_HOST~101 sites (0.2%) (HyperLogLog estimate of distinct sites where this note fired)270,019

Vary: Host is not necessary.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
apache100,99237.4%0.8%
fastly55,11220.4%0.6%
cloudflare49,45118.3%0.2%
nginx38,70514.3%0.1%
cloudfront27,72910.3%0.2%
akamai16,2456.0%0.1%
envoy12,9634.8%0.3%
nextjs11,0534.1%0.1%
azure-front-door2,5040.9%0.2%
WARNCC_MISCAP~80 sites (0.2%) (HyperLogLog estimate of distinct sites where this note fired)94,152

The %(directive)s cache directive has non-lowercase characters.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
apache20,87722.2%0.2%
nextjs18,92420.1%0.2%
cloudflare18,21519.3%0.1%
cloudfront13,07913.9%0.1%
nginx2,1782.3%0.0%
vercel1650.2%0.0%
fastly1650.2%0.0%
azure-front-door600.1%0.0%
envoy390.0%0.0%
akamai350.0%0.0%
… 1 more layers not shown …
WARNCC_WRONG_MESSAGE~39 sites (0.1%) (HyperLogLog estimate of distinct sites where this note fired)93,605

The %(directive)s cache directive has no meaning in a %(message_type)s.

Samples (5)

other_message

ValueNote fires
request93,605

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
fastly44,92648.0%0.5%
akamai13,19514.1%0.1%
cloudfront13,16914.1%0.1%
envoy13,16614.1%0.3%
apache2,0712.2%0.0%
nginx1,4551.6%0.0%
azure-front-door1,2601.3%0.1%
cloudflare8460.9%0.0%
nuxt340.0%0.0%
WARNCHECK_SINGLE~18 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)6,058

Only one of the pre-check and post-check cache directives is present.

Samples (1)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare2,83646.8%0.0%
apache1,39723.1%0.0%
akamai761.3%0.0%
nginx270.4%0.0%
WARNCC_MAX_AGE_TOO_LARGE~5 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)57

The %(directive)s cache directive is very large.

Samples (1)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare3866.7%0.0%
nginx1729.8%0.0%
cloudfront1729.8%0.0%
fastly11.8%0.0%
apache11.8%0.0%
WARNCACHE_STATUS_BAD_PARAM_VAL~2 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)1,083

The Cache-Status header has an unknown value for '%(param)s'.

Samples (1)
WARNCHECK_POST_BIGGER~1 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)65

The post-check cache directive's value is larger than pre-check's.

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
nginx65100.0%0.0%
INFOSTORE_STORABLE~38,573 sites (78.2%) (HyperLogLog estimate of distinct sites where this note fired)73,791,789

This response allows all caches to store it.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare18,898,67825.6%61.7%
nginx16,661,10322.6%62.9%
cloudfront12,011,59416.3%71.2%
apache8,296,78511.2%62.8%
fastly7,237,9369.8%73.0%
akamai6,195,1668.4%48.4%
nextjs4,224,6895.7%51.0%
envoy2,750,7383.7%57.2%
vercel1,173,1951.6%61.9%
nuxt925,5911.3%90.3%
… 1 more layers not shown …
INFOCURRENT_AGE~34,393 sites (69.7%) (HyperLogLog estimate of distinct sites where this note fired)17,918,892

This response has already been cached for %(age)s.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
nginx3,898,23021.8%14.7%
cloudfront3,279,63718.3%19.4%
cloudflare2,929,67316.3%9.6%
apache2,718,70015.2%20.6%
fastly1,700,4869.5%17.1%
nextjs1,120,1096.3%13.5%
vercel684,6003.8%36.1%
envoy473,1612.6%9.8%
akamai302,7951.7%2.4%
nuxt182,2471.0%17.8%
… 1 more layers not shown …
INFOSTALE_SERVABLE~33,734 sites (68.4%) (HyperLogLog estimate of distinct sites where this note fired)57,744,207

In exceptional circumstances, caches can serve this response stale.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare13,703,65223.7%44.7%
nginx13,130,59922.7%49.6%
cloudfront7,444,77612.9%44.1%
apache7,034,62212.2%53.3%
akamai5,337,9429.2%41.7%
fastly5,291,1119.2%53.3%
envoy1,983,4933.4%41.2%
nextjs1,235,4292.1%14.9%
azure-front-door729,7321.3%51.1%
nuxt613,7801.1%59.9%
… 1 more layers not shown …
INFOSTORE_NO_STORE~17,109 sites (34.7%) (HyperLogLog estimate of distinct sites where this note fired)32,320,663

This response can't be stored by caches.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare7,723,49123.9%25.2%
nginx6,352,10419.7%24.0%
akamai4,870,78315.1%38.1%
nextjs3,776,16711.7%45.6%
apache3,678,92211.4%27.9%
cloudfront3,421,49010.6%20.3%
fastly2,120,8916.6%21.4%
envoy1,816,4495.6%37.7%
vercel695,8122.2%36.7%
azure-front-door367,1321.1%25.7%
… 1 more layers not shown …
INFOCC_AND_EXPIRES~9,052 sites (18.3%) (HyperLogLog estimate of distinct sites where this note fired)17,043,554

Cache-Control: max-age and Expires are both present.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare4,517,79326.5%14.7%
nginx3,700,97021.7%14.0%
akamai3,561,38620.9%27.8%
apache2,127,85012.5%16.1%
fastly1,784,45210.5%18.0%
cloudfront1,358,1758.0%8.0%
nextjs448,3532.6%5.4%
envoy394,2502.3%8.2%
azure-front-door184,2551.1%12.9%
vercel39,7930.2%2.1%
… 1 more layers not shown …
INFOSTORE_PRIVATE_CC~8,893 sites (18.0%) (HyperLogLog estimate of distinct sites where this note fired)16,331,982

This response allows only private caches to store it.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare3,885,69023.8%12.7%
nginx3,439,35521.1%13.0%
akamai1,673,49810.2%13.1%
cloudfront1,415,6828.7%8.4%
apache1,227,9707.5%9.3%
fastly558,0893.4%5.6%
nextjs282,0291.7%3.4%
envoy244,8071.5%5.1%
azure-front-door146,9150.9%10.3%
vercel27,2060.2%1.4%
… 1 more layers not shown …
INFOFRESHNESS_STALE_ALREADY~8,297 sites (16.8%) (HyperLogLog estimate of distinct sites where this note fired)11,115,586

This response is stale.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare2,896,13326.1%9.5%
nginx2,340,43921.1%8.8%
cloudfront1,301,99511.7%7.7%
fastly1,098,7139.9%11.1%
apache1,040,2889.4%7.9%
vercel934,0788.4%49.3%
nextjs877,0407.9%10.6%
envoy486,3614.4%10.1%
akamai483,1034.3%3.8%
azure-front-door69,6380.6%4.9%
… 1 more layers not shown …
INFOSTALE_MUST_REVALIDATE~4,557 sites (9.2%) (HyperLogLog estimate of distinct sites where this note fired)6,225,507

This response cannot be served by a cache now that it is stale.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare1,774,34528.5%5.8%
nginx1,445,97723.2%5.5%
vercel888,99114.3%46.9%
cloudfront861,02013.8%5.1%
nextjs731,68011.8%8.8%
apache424,0956.8%3.2%
fastly255,7314.1%2.6%
akamai143,7622.3%1.1%
envoy92,8101.5%1.9%
nuxt54,5320.9%5.3%
… 1 more layers not shown …
INFOFRESH_PROXY_REVALIDATE~3,331 sites (6.8%) (HyperLogLog estimate of distinct sites where this note fired)6,014,659

This response cannot be served by a shared cache once it becomes stale.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare2,143,87935.6%7.0%
cloudfront1,659,33327.6%9.8%
nextjs1,609,74426.8%19.4%
nginx722,85412.0%2.7%
akamai488,8018.1%3.8%
fastly464,3757.7%4.7%
apache324,4205.4%2.5%
envoy242,2544.0%5.0%
azure-front-door183,2003.0%12.8%
nuxt72,3911.2%7.1%
… 1 more layers not shown …
INFOFRESH_MUST_REVALIDATE~3,010 sites (6.1%) (HyperLogLog estimate of distinct sites where this note fired)4,426,585

This response cannot be served by a cache once it becomes stale.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare1,803,42340.7%5.9%
nginx1,473,98233.3%5.6%
akamai660,36614.9%5.2%
nextjs354,3798.0%4.3%
cloudfront303,9056.9%1.8%
fastly237,7315.4%2.4%
apache156,6763.5%1.2%
nuxt99,6702.3%9.7%
envoy47,6071.1%1.0%
vercel36,8200.8%1.9%
… 1 more layers not shown …
INFOFRESHNESS_NO_CACHE~1,989 sites (4.0%) (HyperLogLog estimate of distinct sites where this note fired)2,461,482

This response cannot be served from cache without validation.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
nginx428,37617.4%1.6%
cloudflare391,78315.9%1.3%
cloudfront382,61015.5%2.3%
fastly327,16813.3%3.3%
akamai325,79713.2%2.5%
apache181,4537.4%1.4%
nextjs90,9403.7%1.1%
envoy86,4183.5%1.8%
vercel1,8400.1%0.1%
nuxt1,7970.1%0.2%
… 1 more layers not shown …
INFOSTALE_WHILE_REVALIDATE~1,943 sites (3.9%) (HyperLogLog estimate of distinct sites where this note fired)6,269,158

This response can be served stale from a cache while it is being revalidated.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudfront2,614,60141.7%15.5%
cloudflare1,722,76427.5%5.6%
nextjs1,298,88320.7%15.7%
nginx1,007,62716.1%3.8%
fastly960,57415.3%9.7%
envoy358,9915.7%7.5%
apache226,4873.6%1.7%
akamai172,9802.8%1.4%
azure-front-door118,5341.9%8.3%
nuxt104,8581.7%10.2%
… 1 more layers not shown …
INFOSTALE_IF_ERROR~1,069 sites (2.2%) (HyperLogLog estimate of distinct sites where this note fired)3,959,757

If an error occurs, caches can serve this response stale.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudfront1,834,24346.3%10.9%
cloudflare1,094,43527.6%3.6%
fastly778,77219.7%7.9%
nginx643,44116.2%2.4%
nextjs368,1129.3%4.4%
envoy219,2205.5%4.6%
apache207,8905.3%1.6%
akamai58,3761.5%0.5%
nuxt35,1520.9%3.4%
azure-front-door25,0390.6%1.8%
… 1 more layers not shown …
INFOSTALE_PROXY_REVALIDATE~665 sites (1.3%) (HyperLogLog estimate of distinct sites where this note fired)387,807

This response cannot be served by a shared cache now that it is stale.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudfront105,89927.3%0.6%
cloudflare89,83023.2%0.3%
nginx67,58217.4%0.3%
akamai51,02513.2%0.4%
nextjs50,36313.0%0.6%
envoy31,3998.1%0.7%
fastly20,9115.4%0.2%
vercel19,0664.9%1.0%
apache12,9673.3%0.1%
nuxt2,8700.7%0.3%
… 1 more layers not shown …
INFOCACHE_STATUS~456 sites (0.9%) (HyperLogLog estimate of distinct sites where this note fired)649,683

Detailed information about caching is available.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
nextjs234,09036.0%2.8%
akamai91,26614.0%0.7%
cloudfront72,34011.1%0.4%
cloudflare72,25811.1%0.2%
nginx35,9865.5%0.1%
nuxt22,9413.5%2.2%
fastly16,2082.5%0.2%
envoy13,7512.1%0.3%
apache4,2130.6%0.0%
vercel5770.1%0.0%
… 1 more layers not shown …
INFOCDN_CACHE_CONTROL_PRESENT~202 sites (0.4%) (HyperLogLog estimate of distinct sites where this note fired)356,633

This response targets cache directives to Content Delivery Networks.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare269,44975.6%0.9%
nextjs86,03224.1%1.0%
vercel81,50022.9%4.3%
nuxt28,2117.9%2.8%
cloudfront16,8994.7%0.1%
nginx13,6933.8%0.1%
envoy13,0123.6%0.3%
fastly6,8911.9%0.1%
azure-front-door5,4561.5%0.4%
akamai4,9291.4%0.0%
… 1 more layers not shown …
INFOCHECK_POST_PRE~26 sites (0.1%) (HyperLogLog estimate of distinct sites where this note fired)3,580

This response may be refreshed in the background by Internet Explorer.

Samples (1)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
apache1,01128.2%0.0%
cloudflare57416.0%0.0%
akamai1063.0%0.0%
nginx381.1%0.0%
nextjs10.0%0.0%
cloudfront10.0%0.0%
INFOPROXY_STATUS~3 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)6,391

Information about intermediaries is available.

Samples (1)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
nginx5,75290.0%0.0%
GOODFRESHNESS_FRESH~14,980 sites (30.4%) (HyperLogLog estimate of distinct sites where this note fired)29,224,248

This response is fresh for %(freshness_left)s.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare7,791,02226.7%25.4%
nginx6,671,03422.8%25.2%
cloudfront5,048,42817.3%29.9%
akamai4,398,66615.1%34.4%
fastly3,942,78013.5%39.8%
apache2,163,7117.4%16.4%
nextjs1,572,2595.4%19.0%
envoy1,041,1813.6%21.6%
azure-front-door460,6041.6%32.3%
nuxt226,5530.8%22.1%
… 1 more layers not shown …
GOODFRESHNESS_SHARED_PRIVATE~3,951 sites (8.0%) (HyperLogLog estimate of distinct sites where this note fired)7,206,965

This response is %(private_status)s for %(fresh_left)s (%(shared_status)s for %(share_left)s in shared caches).

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare2,576,21035.7%8.4%
cloudfront2,275,34231.6%13.5%
nextjs1,600,41622.2%19.3%
nginx1,087,97515.1%4.1%
fastly679,4589.4%6.9%
akamai463,3676.4%3.6%
envoy336,9234.7%7.0%
apache311,0594.3%2.4%
nuxt178,5042.5%17.4%
azure-front-door175,4812.4%12.3%
… 1 more layers not shown …

Browser security 462,830,307 occurrences across 57 note types (32.2% of occurrences)

BADHSTS_PRELOAD_NOT_SUITABLE~973 sites (2.0%) (HyperLogLog estimate of distinct sites where this note fired)3,062,354

Browser preloading is allowed, but this policy isn't suitable for it.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare1,082,26635.3%3.5%
akamai790,25625.8%6.2%
nginx734,44124.0%2.8%
cloudfront264,9248.7%1.6%
fastly264,1378.6%2.7%
apache263,8738.6%2.0%
nextjs190,3856.2%2.3%
envoy58,6271.9%1.2%
nuxt43,7201.4%4.3%
azure-front-door14,8830.5%1.0%
… 1 more layers not shown …
BADHSTS_INVALID~726 sites (1.5%) (HyperLogLog estimate of distinct sites where this note fired)430,377

This response's Strict Transport Security (HSTS) header is invalid.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare86,77120.2%0.3%
apache76,83817.9%0.6%
nginx76,23917.7%0.3%
fastly68,30515.9%0.7%
akamai45,83210.6%0.4%
cloudfront39,1949.1%0.2%
nextjs7,0921.6%0.1%
azure-front-door3,5270.8%0.2%
envoy6480.2%0.0%
nuxt2300.1%0.0%
… 1 more layers not shown …
BADHSTS_NO_MAX_AGE~72 sites (0.1%) (HyperLogLog estimate of distinct sites where this note fired)150,960

There is no max-age directive.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
akamai40,58026.9%0.3%
apache37,27024.7%0.3%
cloudflare36,73124.3%0.1%
fastly26,06817.3%0.3%
cloudfront15,44910.2%0.1%
nginx7,5865.0%0.0%
nextjs1130.1%0.0%
envoy240.0%0.0%
nuxt60.0%0.0%
BADHSTS_BAD_MAX_AGE~41 sites (0.1%) (HyperLogLog estimate of distinct sites where this note fired)85,977

The max-age directive in the HSTS header is invalid.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
fastly24,18228.1%0.2%
cloudflare20,64724.0%0.1%
nginx12,54514.6%0.0%
cloudfront6,7507.9%0.0%
apache1,4201.7%0.0%
nextjs6200.7%0.0%
akamai1610.2%0.0%
azure-front-door920.1%0.0%
envoy560.1%0.0%
BADCROSS_ORIGIN_OPENER_POLICY_BAD_VALUE~21 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)40,515

This response's %(field_name)s has an invalid value.

Samples (1)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare16,43640.6%0.1%
nginx4,0299.9%0.0%
azure-front-door4631.1%0.0%
envoy1720.4%0.0%
nuxt1330.3%0.0%
akamai390.1%0.0%
apache180.0%0.0%
cloudfront20.0%0.0%
BADCROSS_ORIGIN_EMBEDDER_POLICY_BAD_VALUE~21 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)30,697

This response's %(field_name)s has an invalid value.

Samples (1)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudfront17,52657.1%0.1%
akamai14,62447.6%0.1%
cloudflare6,67621.7%0.0%
nextjs5,02516.4%0.1%
apache3,30010.8%0.0%
envoy4911.6%0.0%
WARNHSTS_NO_SUBDOMAINS~12,236 sites (24.8%) (HyperLogLog estimate of distinct sites where this note fired)28,963,605

HSTS doesn't apply to subdomains.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare6,270,52621.6%20.5%
nginx6,141,10721.2%23.2%
fastly4,827,34416.7%48.7%
akamai4,047,95514.0%31.6%
cloudfront3,178,09211.0%18.8%
apache2,435,3688.4%18.4%
nextjs2,426,4398.4%29.3%
vercel1,358,2464.7%71.6%
envoy837,3952.9%17.4%
azure-front-door252,3980.9%17.7%
… 1 more layers not shown …
WARNCSP_UNSAFE_INLINE~6,979 sites (14.1%) (HyperLogLog estimate of distinct sites where this note fired)17,944,607

Inline scripts are allowed.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare3,939,13522.0%12.9%
nginx2,815,16315.7%10.6%
cloudfront2,772,45115.5%16.4%
akamai2,163,96512.1%16.9%
fastly1,754,1459.8%17.7%
nextjs1,292,8847.2%15.6%
apache1,263,8487.0%9.6%
envoy881,4094.9%18.3%
vercel402,8562.2%21.2%
azure-front-door335,3131.9%23.5%
… 1 more layers not shown …
WARNCSP_UNSAFE_EVAL~6,237 sites (12.6%) (HyperLogLog estimate of distinct sites where this note fired)14,952,570

Unsafe script evaluation is allowed.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare3,339,30922.3%10.9%
nginx2,393,32216.0%9.0%
cloudfront2,192,56114.7%13.0%
akamai2,009,85113.4%15.7%
fastly1,524,85810.2%15.4%
apache1,072,4457.2%8.1%
nextjs1,006,3246.7%12.1%
envoy752,6285.0%15.6%
vercel304,3132.0%16.0%
azure-front-door267,3411.8%18.7%
… 1 more layers not shown …
WARNCSP_DEPRECATED_REPORT_URI~2,567 sites (5.2%) (HyperLogLog estimate of distinct sites where this note fired)7,330,903

The deprecated report-uri directive is used.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare1,423,20219.4%4.6%
nginx1,142,77315.6%4.3%
cloudfront993,40913.6%5.9%
akamai810,01611.0%6.3%
fastly666,3419.1%6.7%
envoy540,6767.4%11.2%
apache439,4876.0%3.3%
nextjs304,2644.2%3.7%
vercel75,3271.0%4.0%
azure-front-door49,4950.7%3.5%
… 1 more layers not shown …
WARNHSTS_SHORT_MAX_AGE~1,886 sites (3.8%) (HyperLogLog estimate of distinct sites where this note fired)5,655,148

The max-age is less than one year.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
fastly1,824,35332.3%18.4%
nginx1,771,93031.3%6.7%
akamai1,306,83023.1%10.2%
cloudflare1,055,26618.7%3.4%
cloudfront373,7666.6%2.2%
nextjs353,9556.3%4.3%
apache338,9926.0%2.6%
envoy153,2602.7%3.2%
nuxt42,1980.7%4.1%
vercel38,0640.7%2.0%
… 1 more layers not shown …
WARNFRAME_OPTIONS_UNKNOWN~807 sites (1.6%) (HyperLogLog estimate of distinct sites where this note fired)1,955,158

The X-Frame-Options header contains an unknown value.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
nginx822,51942.1%3.1%
akamai467,59523.9%3.7%
cloudflare391,65120.0%1.3%
fastly296,57415.2%3.0%
cloudfront236,77912.1%1.4%
envoy121,1416.2%2.5%
apache107,4235.5%0.8%
nextjs93,9914.8%1.1%
vercel33,2151.7%1.8%
azure-front-door5,7780.3%0.4%
… 1 more layers not shown …
WARNCSP_HTTP_URI~773 sites (1.6%) (HyperLogLog estimate of distinct sites where this note fired)2,620,252

Loading from insecure HTTP sources is allowed.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare604,99123.1%2.0%
nginx260,0749.9%1.0%
fastly226,8598.7%2.3%
cloudfront218,4218.3%1.3%
nextjs139,0655.3%1.7%
apache77,9473.0%0.6%
envoy71,0622.7%1.5%
akamai66,9872.6%0.5%
azure-front-door33,1361.3%2.3%
vercel30,0071.1%1.6%
… 1 more layers not shown …
WARNREFERRER_POLICY_MULTIPLE~678 sites (1.4%) (HyperLogLog estimate of distinct sites where this note fired)1,092,847

Multiple Referrer-Policy values found; only '%(effective)s' is used.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare344,25631.5%1.1%
nginx220,74020.2%0.8%
akamai107,2299.8%0.8%
cloudfront93,5918.6%0.6%
nextjs83,9377.7%1.0%
apache55,7345.1%0.4%
fastly48,5644.4%0.5%
envoy38,9923.6%0.8%
azure-front-door10,8831.0%0.8%
vercel4,1870.4%0.2%
… 1 more layers not shown …
WARNCSP_WIDE_OPEN~640 sites (1.3%) (HyperLogLog estimate of distinct sites where this note fired)1,426,537

All sources are allowed in one or more directives.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudfront307,83221.6%1.8%
cloudflare303,94521.3%1.0%
akamai263,66718.5%2.1%
nginx195,57413.7%0.7%
nextjs122,9428.6%1.5%
apache110,8047.8%0.8%
fastly100,1607.0%1.0%
envoy70,7115.0%1.5%
vercel58,7464.1%3.1%
azure-front-door28,0892.0%2.0%
… 1 more layers not shown …
WARNHSTS_OVER_HTTP~605 sites (1.2%) (HyperLogLog estimate of distinct sites where this note fired)180,746

The HSTS header is sent over HTTP.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
nginx56,00131.0%0.2%
apache38,15821.1%0.3%
cloudflare21,25211.8%0.1%
fastly18,11410.0%0.2%
cloudfront15,5788.6%0.1%
akamai5,0552.8%0.0%
nextjs4,0802.3%0.0%
envoy5680.3%0.0%
nuxt2240.1%0.0%
azure-front-door1250.1%0.0%
… 1 more layers not shown …
WARNCOOP_UNSAFE_NONE~428 sites (0.9%) (HyperLogLog estimate of distinct sites where this note fired)318,293

This response allows sharing the browsing context with cross-origin documents%(report_only)s.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare141,38944.4%0.5%
nginx56,59817.8%0.2%
fastly46,15514.5%0.5%
nextjs36,25511.4%0.4%
vercel31,2119.8%1.6%
akamai19,3506.1%0.2%
envoy19,2146.0%0.4%
cloudfront11,7393.7%0.1%
azure-front-door6,5562.1%0.5%
apache6,1061.9%0.0%
… 1 more layers not shown …
WARNHSTS_MAX_AGE_ZERO~398 sites (0.8%) (HyperLogLog estimate of distinct sites where this note fired)1,083,198

The max-age is 0.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare534,72649.4%1.7%
nginx128,76911.9%0.5%
apache92,9368.6%0.7%
akamai86,6728.0%0.7%
nextjs55,4835.1%0.7%
cloudfront47,7264.4%0.3%
nuxt40,3683.7%3.9%
envoy30,6822.8%0.6%
vercel16,4461.5%0.9%
fastly10,8711.0%0.1%
… 1 more layers not shown …
WARNCSP_REPORT_TO_MISSING~393 sites (0.8%) (HyperLogLog estimate of distinct sites where this note fired)727,619

The report-to endpoint '%(endpoint)s' is not defined.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
nginx244,81033.6%0.9%
envoy219,96130.2%4.6%
cloudflare218,22230.0%0.7%
akamai193,05526.5%1.5%
fastly81,25611.2%0.8%
cloudfront62,8408.6%0.4%
nextjs39,1365.4%0.5%
apache23,9183.3%0.2%
azure-front-door12,1451.7%0.9%
vercel7,5271.0%0.4%
… 1 more layers not shown …
WARNPERMISSIONS_POLICY_WILDCARD~282 sites (0.6%) (HyperLogLog estimate of distinct sites where this note fired)893,926

The '%(feature)s' feature is allowed for all origins.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudfront290,85732.5%1.7%
nginx274,04330.7%1.0%
cloudflare232,10926.0%0.8%
akamai97,14910.9%0.8%
apache81,2109.1%0.6%
azure-front-door59,7596.7%4.2%
envoy41,9094.7%0.9%
fastly30,4343.4%0.3%
nextjs16,5871.9%0.2%
vercel4,5210.5%0.2%
… 1 more layers not shown …
WARNCOEP_UNSAFE_NONE~256 sites (0.5%) (HyperLogLog estimate of distinct sites where this note fired)741,603

This response allows loading cross-origin resources without restriction%(report_only)s.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare200,82127.1%0.7%
cloudfront197,58226.6%1.2%
fastly96,79113.1%1.0%
nginx91,56812.3%0.3%
akamai88,75112.0%0.7%
envoy84,50211.4%1.8%
apache43,4805.9%0.3%
nextjs6,2350.8%0.1%
azure-front-door4,7850.6%0.3%
vercel4,4940.6%0.2%
… 1 more layers not shown …
WARNPERMISSIONS_POLICY_INVALID_VALUE~193 sites (0.4%) (HyperLogLog estimate of distinct sites where this note fired)703,031

The value for '%(feature)s' should be an Inner List or the token '*'.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
akamai282,48240.2%2.2%
cloudflare158,43722.5%0.5%
nginx91,76313.1%0.3%
fastly35,5785.1%0.4%
apache29,0794.1%0.2%
azure-front-door15,9742.3%1.1%
cloudfront14,1462.0%0.1%
nextjs13,6351.9%0.2%
vercel10,4451.5%0.6%
envoy3,9890.6%0.1%
WARNENDPOINT_NOT_SECURE~193 sites (0.4%) (HyperLogLog estimate of distinct sites where this note fired)86,376

The %(name)s reporting endpoint is not secure.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudfront4,7415.5%0.0%
cloudflare5100.6%0.0%
WARNREFERRER_POLICY_UNSAFE~147 sites (0.3%) (HyperLogLog estimate of distinct sites where this note fired)409,498

This response's Referrer-Policy allows unsafe URLs.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
nginx118,32728.9%0.4%
cloudflare77,60819.0%0.3%
apache52,52112.8%0.4%
cloudfront38,5699.4%0.2%
nextjs30,3487.4%0.4%
envoy21,5455.3%0.4%
fastly20,8655.1%0.2%
akamai15,7153.8%0.1%
azure-front-door11,3032.8%0.8%
nuxt1,3180.3%0.1%
WARNCOOP_REPORT_TO_MISSING~131 sites (0.3%) (HyperLogLog estimate of distinct sites where this note fired)429,467

The report-to endpoint '%(endpoint)s' is not defined%(report_only)s.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare19,6674.6%0.1%
nginx7,8751.8%0.0%
cloudfront7,6961.8%0.0%
fastly850.0%0.0%
envoy70.0%0.0%
WARNPERMISSIONS_POLICY_UNKNOWN_TOKEN~125 sites (0.3%) (HyperLogLog estimate of distinct sites where this note fired)1,000,449

'%(token)s' is not valid in an allowlist.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudfront279,04627.9%1.7%
cloudflare183,05518.3%0.6%
envoy119,36511.9%2.5%
akamai67,2266.7%0.5%
apache40,4394.0%0.3%
nginx32,6043.3%0.1%
fastly18,1771.8%0.2%
vercel10,1491.0%0.5%
azure-front-door6,1240.6%0.4%
nextjs5,4410.5%0.1%
WARNCONTENT_TYPE_OPTIONS_UNKNOWN~90 sites (0.2%) (HyperLogLog estimate of distinct sites where this note fired)108,048

X-Content-Type-Options contains an unknown value.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
akamai27,19125.2%0.2%
nginx23,50521.8%0.1%
cloudflare13,59112.6%0.0%
azure-front-door2,8212.6%0.2%
apache2,6442.4%0.0%
cloudfront1,2641.2%0.0%
nextjs9110.8%0.0%
fastly8710.8%0.0%
envoy7250.7%0.0%
vercel320.0%0.0%
WARNCSP_DUPLICATE_DIRECTIVE~26 sites (0.1%) (HyperLogLog estimate of distinct sites where this note fired)65,402

Duplicate directives are present.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
akamai45,94270.2%0.4%
nextjs19,77230.2%0.2%
cloudfront17,87627.3%0.1%
fastly16,43525.1%0.2%
cloudflare15,49823.7%0.1%
nginx4710.7%0.0%
apache2070.3%0.0%
WARNREFERRER_POLICY_UNKNOWN~23 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)23,203

The Referrer-Policy value '%(policy)s' is unknown.

Samples (1)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
apache10,25044.2%0.1%
cloudfront6933.0%0.0%
nginx5892.5%0.0%
azure-front-door2761.2%0.0%
akamai410.2%0.0%
cloudflare400.2%0.0%
envoy320.1%0.0%
fastly10.0%0.0%
WARNCROSS_ORIGIN_RESOURCE_POLICY_BAD_VALUE~19 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)53,905

Cross-Origin-Resource-Policy has an invalid value.

value

ValueNote fires
*19,447
same-origin-allow-popups12,948
same-origin;9,816
cross-origin media.hbkworl.com js.stripe.com js.hubspot.com *.livechatinc.com *.typesense.net 'no-referrer-when-downgrade';3,708
unsafe-none3,401
cross-site2,607
same?site1,714
cross-origin;183
same-site | same-origin80
same-site www.youtube.com1

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
nginx18,72434.7%0.1%
fastly7,78914.4%0.1%
cloudflare5,96011.1%0.0%
apache800.1%0.0%
WARNHSTS_DUPLICATE_DIRECTIVE~18 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)13,097

The HSTS header contains a duplicate directive.

Samples (3)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare8,38264.0%0.0%
azure-front-door3,31025.3%0.2%
nextjs2,27917.4%0.0%
cloudfront1,47711.3%0.0%
nginx1180.9%0.0%
akamai360.3%0.0%
WARNCOEP_REPORT_TO_MISSING~13 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)137,339

The report-to endpoint '%(endpoint)s' is not defined%(report_only)s.

Samples (2)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare20,18214.7%0.1%
nginx7,8685.7%0.0%
WARNSPECULATION_RULE_NOT_SECURE~10 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)1,737

The speculation rule URL is not secure.

Samples (2)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare1,737100.0%0.0%
nextjs60.3%0.0%
WARNPERMISSIONS_POLICY_QUOTED_KEYWORD~5 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)17,780

The value '%(value)s' looks like a keyword but is a string.

Samples (1)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
apache9,26852.1%0.1%
fastly6,76238.0%0.1%
cloudfront1,7389.8%0.0%
cloudflare120.1%0.0%
WARNCOEP_REPORT_ONLY_DUPLICATE~5 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)10,326

This response has both enforcing and report-only COEP headers.

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare10,31199.9%0.0%
WARNCOOP_REPORT_ONLY_DUPLICATE~4 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)84,566

This response has both enforcing and report-only COOP headers.

Samples (1)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
nginx74,59888.2%0.3%
cloudflare9,96811.8%0.0%
INFOHSTS_NO_PRELOAD~18,372 sites (37.2%) (HyperLogLog estimate of distinct sites where this note fired)46,840,767

Browser preloading isn't allowed.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare10,093,45921.5%32.9%
nginx8,898,81219.0%33.6%
fastly6,810,99414.5%68.7%
akamai6,685,15814.3%52.3%
cloudfront6,006,72612.8%35.6%
apache3,933,5358.4%29.8%
nextjs3,449,5757.4%41.6%
envoy2,493,7495.3%51.8%
vercel1,501,9203.2%79.2%
azure-front-door731,6831.6%51.2%
… 1 more layers not shown …
INFOHSTS_SUBDOMAINS~13,978 sites (28.3%) (HyperLogLog estimate of distinct sites where this note fired)40,664,972

HSTS applies to subdomains.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare10,203,95025.1%33.3%
nginx7,134,22017.5%26.9%
cloudfront6,699,47816.5%39.7%
akamai5,875,73114.4%45.9%
fastly3,683,4249.1%37.1%
apache3,302,3018.1%25.0%
envoy2,863,7457.0%59.5%
nextjs2,574,1056.3%31.1%
azure-front-door854,5062.1%59.8%
vercel534,8001.3%28.2%
… 1 more layers not shown …
INFOHSTS_TRAILING_SEMICOLON~1,742 sites (3.5%) (HyperLogLog estimate of distinct sites where this note fired)3,465,948

The Strict-Transport-Security header has a trailing semicolon.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
nginx1,013,02229.2%3.8%
cloudflare602,68117.4%2.0%
apache545,05315.7%4.1%
cloudfront342,4899.9%2.0%
akamai243,8307.0%1.9%
fastly242,5667.0%2.4%
envoy237,1396.8%4.9%
nextjs73,7212.1%0.9%
azure-front-door48,6511.4%3.4%
vercel11,4150.3%0.6%
… 1 more layers not shown …
INFOCORP_CROSS_ORIGIN~616 sites (1.2%) (HyperLogLog estimate of distinct sites where this note fired)1,089,984

This response is available for reading to requests from all origins.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare261,32324.0%0.9%
nginx225,36520.7%0.9%
cloudfront197,38518.1%1.2%
fastly108,96110.0%1.1%
akamai79,8217.3%0.6%
envoy79,0527.3%1.6%
apache54,0545.0%0.4%
nextjs34,9753.2%0.4%
vercel7,2690.7%0.4%
azure-front-door1,5550.1%0.1%
… 1 more layers not shown …
INFOREFERRER_POLICY_EMPTY~59 sites (0.1%) (HyperLogLog estimate of distinct sites where this note fired)62,983

No valid Referrer-Policy found.

Samples (2)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
apache22,07835.1%0.2%
nginx11,52318.3%0.0%
cloudflare10,86017.2%0.0%
cloudfront4,3977.0%0.0%
azure-front-door3370.5%0.0%
envoy460.1%0.0%
akamai420.1%0.0%
INFOCSD_UNQUOTED~23 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)52,116

Clear-Site-Data contains unquoted values.

Samples (2)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare29,65156.9%0.1%
nginx19,80538.0%0.1%
akamai5611.1%0.0%
apache5601.1%0.0%
nextjs880.2%0.0%
nuxt150.0%0.0%
cloudfront80.0%0.0%
GOODHSTS_VALID~25,417 sites (51.5%) (HyperLogLog estimate of distinct sites where this note fired)69,198,200

Strict Transport Security (HSTS) is enabled.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare16,387,70523.7%53.5%
nginx13,199,08819.1%49.8%
akamai9,877,85414.3%77.2%
cloudfront9,838,37614.2%58.3%
fastly8,442,46312.2%85.1%
apache5,660,8318.2%42.9%
nextjs4,993,4527.2%60.3%
envoy3,700,4925.3%76.9%
vercel1,893,0312.7%99.8%
azure-front-door1,103,3771.6%77.3%
… 1 more layers not shown …
GOODCONTENT_TYPE_OPTIONS~20,811 sites (42.2%) (HyperLogLog estimate of distinct sites where this note fired)57,705,711

This response instructs browsers not to 'sniff' its media type.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare14,412,39025.0%47.0%
nginx11,063,98519.2%41.8%
cloudfront8,667,88015.0%51.4%
akamai7,967,57513.8%62.3%
fastly5,691,3469.9%57.4%
apache5,549,0349.6%42.0%
envoy3,228,7645.6%67.1%
nextjs3,205,3625.6%38.7%
azure-front-door840,8441.5%58.9%
vercel723,5581.3%38.2%
… 1 more layers not shown …
GOODFRAME_OPTIONS_SAMEORIGIN~18,300 sites (37.1%) (HyperLogLog estimate of distinct sites where this note fired)47,743,530

This response prevents browsers from rendering it within a frame on another site.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare10,990,58323.0%35.9%
nginx10,634,53422.3%40.1%
cloudfront6,674,94814.0%39.6%
akamai6,641,60413.9%51.9%
fastly5,201,02710.9%52.4%
apache4,881,90110.2%37.0%
nextjs2,366,6345.0%28.6%
envoy2,331,3044.9%48.4%
azure-front-door726,3041.5%50.9%
vercel510,5341.1%26.9%
… 1 more layers not shown …
GOODCONTENT_SECURITY_POLICY~15,878 sites (32.2%) (HyperLogLog estimate of distinct sites where this note fired)40,423,036

This response sets a Content Security Policy%(report_only)s.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare8,811,12921.8%28.8%
cloudfront6,518,70716.1%38.6%
akamai6,405,59015.8%50.1%
nginx6,328,65015.7%23.9%
fastly4,594,80211.4%46.3%
apache2,993,6677.4%22.7%
nextjs2,566,8806.4%31.0%
envoy2,104,7155.2%43.7%
vercel750,2951.9%39.6%
azure-front-door532,5141.3%37.3%
… 1 more layers not shown …
GOODREFERRER_POLICY_STRICT~8,256 sites (16.7%) (HyperLogLog estimate of distinct sites where this note fired)19,244,804

This response's Referrer-Policy ('%(policy)s') restricts referrer leakage.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare4,963,49325.8%16.2%
cloudfront4,028,74120.9%23.9%
nginx3,592,33618.7%13.6%
akamai2,039,72410.6%15.9%
fastly1,372,1457.1%13.8%
apache1,372,1447.1%10.4%
nextjs1,316,4676.8%15.9%
envoy1,131,3695.9%23.5%
vercel380,4502.0%20.1%
azure-front-door360,4661.9%25.2%
… 1 more layers not shown …
GOODHSTS_PRELOAD~6,981 sites (14.1%) (HyperLogLog estimate of distinct sites where this note fired)19,725,456

Browser preloading is allowed.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare5,298,75126.9%17.3%
nginx3,642,07418.5%13.7%
cloudfront3,605,92018.3%21.4%
akamai2,448,27212.4%19.1%
apache1,540,2617.8%11.7%
fastly1,435,6377.3%14.5%
nextjs1,360,5846.9%16.4%
envoy1,148,7645.8%23.9%
vercel382,5941.9%20.2%
azure-front-door360,3381.8%25.2%
… 1 more layers not shown …
GOODFRAME_OPTIONS_DENY~4,229 sites (8.6%) (HyperLogLog estimate of distinct sites where this note fired)8,024,175

This response prevents browsers from rendering it within a frame.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare1,969,10624.5%6.4%
nginx1,549,60119.3%5.9%
cloudfront1,342,25016.7%8.0%
akamai1,045,03513.0%8.2%
nextjs654,4898.2%7.9%
apache585,3487.3%4.4%
fastly561,7207.0%5.7%
envoy423,9935.3%8.8%
vercel182,3782.3%9.6%
azure-front-door88,4501.1%6.2%
… 1 more layers not shown …
GOODPERMISSIONS_POLICY_PRESENT~4,210 sites (8.5%) (HyperLogLog estimate of distinct sites where this note fired)10,139,713

This response sets a Permissions Policy.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare2,485,56724.5%8.1%
nginx1,715,23816.9%6.5%
cloudfront1,561,51415.4%9.3%
akamai997,0079.8%7.8%
fastly883,5678.7%8.9%
apache841,8668.3%6.4%
nextjs620,3076.1%7.5%
envoy332,1643.3%6.9%
azure-front-door288,1142.8%20.2%
vercel209,2282.1%11.0%
… 1 more layers not shown …
GOODCOOP_SAME_ORIGIN~1,132 sites (2.3%) (HyperLogLog estimate of distinct sites where this note fired)2,717,076

This response isolates the browsing context to the same origin%(report_only)s.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
akamai485,36717.9%3.8%
nginx448,39716.5%1.7%
cloudflare419,11915.4%1.4%
cloudfront377,17913.9%2.2%
envoy310,99511.4%6.5%
fastly301,74811.1%3.0%
apache216,0558.0%1.6%
nextjs60,5692.2%0.7%
vercel11,6660.4%0.6%
azure-front-door6,3900.2%0.4%
… 1 more layers not shown …
GOODCOOP_SAME_ORIGIN_ALLOW_POPUPS~462 sites (0.9%) (HyperLogLog estimate of distinct sites where this note fired)1,525,541

This response isolates the browsing context but allows popups%(report_only)s.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare360,16523.6%1.2%
nginx300,47219.7%1.1%
cloudfront253,28716.6%1.5%
akamai150,4569.9%1.2%
envoy96,0226.3%2.0%
apache82,1685.4%0.6%
fastly65,7624.3%0.7%
nextjs60,1833.9%0.7%
azure-front-door15,6541.0%1.1%
vercel9,5940.6%0.5%
… 1 more layers not shown …
GOODCORP_SAME_ORIGIN~439 sites (0.9%) (HyperLogLog estimate of distinct sites where this note fired)929,056

This response is only available for reading to requests from the same origin.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
akamai343,96337.0%2.7%
envoy254,07127.3%5.3%
cloudfront162,25617.5%1.0%
cloudflare142,50615.3%0.5%
fastly96,13310.3%1.0%
nginx81,0488.7%0.3%
nextjs34,1743.7%0.4%
apache20,5872.2%0.2%
vercel5,2260.6%0.3%
azure-front-door5,0170.5%0.4%
… 1 more layers not shown …
GOODCORP_SAME_SITE~140 sites (0.3%) (HyperLogLog estimate of distinct sites where this note fired)169,329

This response is available for reading to requests from the same site.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare70,19541.5%0.2%
cloudfront41,72524.6%0.2%
nginx28,58616.9%0.1%
akamai24,89414.7%0.2%
envoy18,54911.0%0.4%
nextjs6,3003.7%0.1%
azure-front-door5,1683.1%0.4%
fastly4,4602.6%0.0%
apache3,2251.9%0.0%
vercel4510.3%0.0%
GOODCOEP_REQUIRE_CORP~109 sites (0.2%) (HyperLogLog estimate of distinct sites where this note fired)230,205

This response requires resources to have a CORP header%(report_only)s.

Samples (5)
  • https://fb.watch/nitG95LIxB/field_name=Cross-Origin-Embedder-Policy-Report-Only, report_only= (for reporting only), report_only_text= Browsers will only report violations of this policy, not enforce it.
  • https://www.messenger.com/?locale=zh_HKfield_name=Cross-Origin-Embedder-Policy-Report-Only, report_only= (for reporting only), report_only_text= Browsers will only report violations of this policy, not enforce it.
  • https://www.youtube-nocookie.com/embed/sZ7YXLcMqf0field_name=Cross-Origin-Embedder-Policy-Report-Only, report_only= (for reporting only), report_only_text= Browsers will only report violations of this policy, not enforce it.
  • https://www.youtube.com/embed/43MzZIckvwU?rel=0field_name=Cross-Origin-Embedder-Policy-Report-Only, report_only= (for reporting only), report_only_text= Browsers will only report violations of this policy, not enforce it.
  • https://lichess.org/I4wmCTlnfield_name=Cross-Origin-Embedder-Policy, report_only=, report_only_text=

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
nginx38,12016.6%0.1%
apache16,8987.3%0.1%
fastly3,2471.4%0.0%
cloudfront2,8241.2%0.0%
cloudflare2,4051.0%0.0%
azure-front-door1320.1%0.0%
akamai350.0%0.0%
vercel190.0%0.0%
nextjs170.0%0.0%
envoy10.0%0.0%
GOODCOEP_CREDENTIALLESS~21 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)45,582

This response loads cross-origin resources without credentials%(report_only)s.

Samples (4)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
akamai23,64851.9%0.2%
nextjs11,64025.5%0.1%
cloudfront10,19122.4%0.1%
envoy1,7413.8%0.0%
apache5071.1%0.0%
vercel3680.8%0.0%
nginx1920.4%0.0%
cloudflare1150.3%0.0%
azure-front-door10.0%0.0%
GOODCSD_PRESENT~1 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)7

This response clears browser-side data for this origin.

Cookies 83,744,289 occurrences across 20 note types (5.8% of occurrences)

Cross-origin resource sharing 7,667,974 occurrences across 3 note types (0.5% of occurrences)

BADCORS_PREFLIGHT_ONLY~3,583 sites (7.3%) (HyperLogLog estimate of distinct sites where this note fired)7,279,124

CORS headers are only allowed in preflight responses.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare1,852,77225.5%6.0%
nginx1,405,81819.3%5.3%
akamai1,172,24616.1%9.2%
cloudfront756,61710.4%4.5%
apache685,2449.4%5.2%
fastly623,0408.6%6.3%
nextjs491,7166.8%5.9%
envoy241,4173.3%5.0%
azure-front-door114,3581.6%8.0%
nuxt79,4011.1%7.7%
… 1 more layers not shown …
BADACAO_MULTIPLE_VALUES~130 sites (0.3%) (HyperLogLog estimate of distinct sites where this note fired)388,388
BADCORS_MAX_AGE_INVALID~3 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)462

Access-Control-Max-Age must be an integer.

Samples (1)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare26457.1%0.0%
nuxt5211.3%0.0%
envoy71.5%0.0%
akamai71.5%0.0%

Content negotiation 2,324,466 occurrences across 2 note types (0.2% of occurrences)

WARNACCEPT_CH_MISSING_VARY~842 sites (1.7%) (HyperLogLog estimate of distinct sites where this note fired)2,295,705

Accept-CH lists fields that are missing from Vary.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudfront352,39515.4%2.1%
akamai297,37413.0%2.3%
cloudflare264,46611.5%0.9%
fastly205,6799.0%2.1%
envoy204,0908.9%4.2%
apache121,0555.3%0.9%
nginx117,2315.1%0.4%
nextjs107,6664.7%1.3%
azure-front-door77,3113.4%5.4%
vercel27,1401.2%1.4%
… 1 more layers not shown …
INFOVARY_NEGOTIATE~131 sites (0.3%) (HyperLogLog estimate of distinct sites where this note fired)28,761

Transparent Content Negotiation is not widely supported.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
apache23,46481.6%0.2%
cloudflare3,94113.7%0.0%
nginx8402.9%0.0%
fastly520.2%0.0%
akamai320.1%0.0%
cloudfront50.0%0.0%
envoy20.0%0.0%

Partial content 30,919 occurrences across 4 note types (0.0% of occurrences)

BADCONTENT_RANGE_MISSING_UNIT~3 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)13,166

The Content-Range header is missing a unit (e.g., 'bytes').

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
nginx10,20577.5%0.0%
envoy840.6%0.0%
BADRANGE_INVALID~1 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)1

The Range header is invalid.

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
nginx1100.0%0.0%
WARNCONTENT_RANGE_MEANINGLESS~37 sites (0.1%) (HyperLogLog estimate of distinct sites where this note fired)17,674

This response shouldn't have a Content-Range header.

Samples (1)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
nginx10,88961.6%0.0%
apache2,48614.1%0.0%
azure-front-door1,0105.7%0.1%
vercel5833.3%0.0%
envoy1090.6%0.0%
cloudflare330.2%0.0%
cloudfront60.0%0.0%
nextjs50.0%0.0%
WARNUNKNOWN_RANGE~3 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)78

This response advertises support for non-standard range-units.

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
nginx33.8%0.0%
apache11.3%0.0%
cloudfront11.3%0.0%

Connection 19,237 occurrences across 1 note types (0.0% of occurrences)

BADALTSVC_CLEAR_LIST~7 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)19,237

The Alt-Svc 'clear' token cannot be used with other values.

Samples (2)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
nextjs1,8459.6%0.0%
cloudflare7483.9%0.0%
nginx3651.9%0.0%
fastly3171.6%0.0%

General 461,903,409 occurrences across 50 note types (32.2% of occurrences)

BADREQUEST_HDR_IN_RESPONSE~14,690 sites (29.8%) (HyperLogLog estimate of distinct sites where this note fired)28,349,539

"%(field_name)s" isn't valid in a response.

Samples (5)

field_name

ValueNote firesHeader occurrencesFires per occurrence
Pragma
Samples (15)
27,337,91627,337,916100.00%
User-Agent
Samples (15)
217,568217,568100.00%
Accept-Language
Samples (11)
195,478195,478100.00%
Accept
Samples (13)
179,953179,953100.00%
Accept-Encoding
Samples (7)
103,253103,253100.00%
Access-Control-Request-Method
Samples (6)
83,07483,074100.00%
If-Modified-Since
Samples (10)
82,58682,102100.59%
Origin
Samples (3)
45,14945,149100.00%
Access-Control-Request-Headers
Samples (2)
38,23238,232100.00%
Host
Samples (1)
34,36534,365100.00%
Cookie
Samples (9)
18,67318,673100.00%
From
Samples (4)
6,2776,277100.00%
Max-Forwards3,6983,698100.00%
Authorization
Samples (2)
2,3790
Referer
Samples (8)
7070
Range2220
If-None-Match
Samples (1)
90

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare6,336,30522.4%20.7%
nginx6,033,31021.3%22.8%
akamai4,699,43616.6%36.7%
apache4,158,85414.7%31.5%
cloudfront1,774,8346.3%10.5%
fastly851,9973.0%8.6%
envoy755,5392.7%15.7%
nextjs610,2842.2%7.4%
azure-front-door319,6591.1%22.4%
vercel277,9251.0%14.7%
… 1 more layers not shown …
BADDATE_INCORRECT~8,900 sites (18.0%) (HyperLogLog estimate of distinct sites where this note fired)2,874,575

The server's clock is %(clock_skew_string)s.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudfront1,246,82743.4%7.4%
nginx792,03127.6%3.0%
apache571,74419.9%4.3%
nextjs193,7336.7%2.3%
vercel103,3933.6%5.5%
envoy94,2273.3%2.0%
fastly32,0391.1%0.3%
cloudflare14,8620.5%0.0%
akamai7,7560.3%0.1%
nuxt3,3570.1%0.3%
… 1 more layers not shown …
BADBAD_DATE_SYNTAX~4,190 sites (8.5%) (HyperLogLog estimate of distinct sites where this note fired)6,584,123

The %(field_name)s header's value isn't a valid date.

Samples (5)

field_name

ValueNote firesHeader occurrencesFires per occurrence
Expires
Samples (15)
5,748,98044,968,54412.78%
Last-Modified
Samples (15)
757,80625,956,0082.92%
Date
Samples (3)
77,337122,298,9110.06%

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare1,686,36825.6%5.5%
nginx1,314,24720.0%5.0%
apache588,5648.9%4.5%
cloudfront521,8677.9%3.1%
akamai407,7416.2%3.2%
envoy201,5253.1%4.2%
fastly195,7493.0%2.0%
azure-front-door188,6102.9%13.2%
nextjs52,5780.8%0.6%
nuxt46,2330.7%4.5%
… 1 more layers not shown …
BADSINGLE_HEADER_REPEAT~3,397 sites (6.9%) (HyperLogLog estimate of distinct sites where this note fired)4,551,532

Only one %(field_name)s field is allowed in a message.

Samples (5)

field_name

ValueNote firesHeader occurrencesFires per occurrence
X-Frame-Options
Samples (15)
2,440,46960,521,3784.03%
Strict-Transport-Security
Samples (15)
1,637,76571,294,7222.30%
Access-Control-Allow-Origin
Samples (15)
181,92216,045,8951.13%
Expires
Samples (15)
124,41144,968,5440.28%
P3P
Samples (15)
74,0123,999,7171.85%
Content-Type
Samples (11)
33,753122,848,0150.03%
Retry-After
Samples (1)
25,814114,72822.50%
Date14,814122,298,9110.01%
Access-Control-Allow-Credentials
Samples (6)
10,5304,608,4180.23%
Cross-Origin-Resource-Policy
Samples (2)
3,0042,245,2780.13%
Age1,39617,943,6910.01%
Last-Modified
Samples (1)
1,22525,956,0080.00%
ETag
Samples (1)
1,17327,061,0420.00%
Content-Length1,107122,875,5930.00%
Content-Disposition
Samples (1)
132907,1720.01%
Access-Control-Max-Age
Samples (1)
51,420,9290.00%

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
nginx1,159,14425.5%4.4%
cloudflare962,98121.2%3.1%
akamai707,29415.5%5.5%
apache474,63710.4%3.6%
fastly417,3519.2%4.2%
cloudfront376,2158.3%2.2%
envoy185,8734.1%3.9%
nextjs162,6473.6%2.0%
azure-front-door80,3671.8%5.6%
vercel9,0550.2%0.5%
… 1 more layers not shown …
BADBAD_SYNTAX_DETAILED~975 sites (2.0%) (HyperLogLog estimate of distinct sites where this note fired)6,466,831

The %(field_name)s field value doesn't conform to its specified syntax.

Samples (5)

field_name

ValueNote firesHeader occurrencesFires per occurrence
Link
Samples (15)
4,627,96643,505,57610.64%
Via
Samples (15)
811,72230,429,6672.67%
Server
Samples (15)
324,25294,787,3320.34%
Cache-Control
Samples (15)
214,99898,177,8400.22%
Content-Language
Samples (12)
151,50312,220,5071.24%
Alt-Svc
Samples (3)
141,16632,351,0740.44%
Content-Security-Policy
Samples (5)
78,02938,270,5920.20%
Server-Timing
Samples (11)
43,42355,581,8200.08%
Vary37,159112,681,4710.03%
X-Content-Type-Options17,06860,244,5190.03%
Access-Control-Allow-Headers
Samples (1)
14,3706,316,1580.23%
Access-Control-Allow-Methods4,6145,681,5930.08%
Upgrade271264,8160.10%
Content-Security-Policy-Report-Only
Samples (2)
2563,458,0840.01%
Referrer-Policy3028,948,1900.00%
Warning260,7810.00%
WWW-Authenticate213,4090.01%

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare1,814,40728.1%5.9%
nginx1,391,46621.5%5.3%
fastly1,053,10016.3%10.6%
akamai869,22613.4%6.8%
envoy667,17010.3%13.9%
cloudfront488,3117.6%2.9%
apache349,5325.4%2.6%
nuxt242,9383.8%23.7%
nextjs232,4283.6%2.8%
azure-front-door82,4881.3%5.8%
… 1 more layers not shown …
BADLM_FUTURE~890 sites (1.8%) (HyperLogLog estimate of distinct sites where this note fired)376,093

The Last-Modified time is in the future.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
apache122,41932.6%0.9%
nginx111,93829.8%0.4%
cloudfront84,60622.5%0.5%
cloudflare19,6405.2%0.1%
envoy9,5432.5%0.2%
fastly7,1271.9%0.1%
akamai4,9691.3%0.0%
azure-front-door3,1760.8%0.2%
nuxt7120.2%0.1%
vercel4670.1%0.0%
BADSTRUCTURED_FIELD_PARSE_ERROR~398 sites (0.8%) (HyperLogLog estimate of distinct sites where this note fired)700,732

The %(field_name)s field value isn't a valid Structured Field.

Samples (5)

Field → parse error

FieldErrors
Permissions-Policy
216,269
  • Strings must be double-quoted (81,679)
  • Inner Lists are not valid here (34,556)
  • Trailing delimiter (26,406)
  • 'layout-animations' should be followed by '=', not ''' (16,595)
  • Key cannot begin with an uppercase character (8,428)
  • 'midi' should be followed by '=', not ''' (7,894)
  • 'geolocation' should be followed by '=', not '=' (7,742)
  • 'geolocation' should be followed by '=', not ''' (6,273)
  • 'fullscreen' has trailing characters after the value (3,633)
  • There is no Structured Field item starting with ',' (3,352)
  • 'geolocation' has trailing characters after the value (3,017)
  • 'camera' has trailing characters after the value (2,946)
  • 'default' should be followed by '=', not ''' (1,950)
  • 'accelerometer' should be followed by '=', not ''' (1,785)
  • Key does not begin with lcalpha or * (1,629)
  • There is no Structured Field item starting with '\' (1,477)
  • 'accelerometer' has trailing characters after the value (1,426)
  • No Boolean value found (1,094)
  • 'camera' should be followed by '=', not '(' (812)
  • There is no Structured Field item starting with ' ' (635)
  • 'microphone' should be followed by '=', not ''' (582)
  • Dictionary has trailing comma (509)
  • 'vibrate' should be followed by '=', not ''' (480)
  • 'no-geolocation' should be followed by '=', not ''' (450)
  • 'allow' should be followed by '=', not 'T' (303)
  • 'gamepad' should be followed by '=', not '(' (165)
  • 'accelerometer' should be followed by '=', not '(' (127)
  • Backslash before disallowed character ' ' (81)
  • 'microphone' has trailing characters after the value (75)
  • 'geolocation' should be followed by '=', not 's' (42)
  • Inner list bad delimitation (40)
  • 'notifications' has trailing characters after the value (32)
  • 'fullscreen' should be followed by '=', not ''' (22)
  • 'microphone' should be followed by '=', not '(' (18)
  • 'autoplay' should be followed by '=', not ''' (13)
  • 'document-domain' should be followed by '=', not ''' (1)
Cross-Origin-Opener-Policy
133,992
  • Trailing delimiter (59,474)
  • Trailing characters after value (missing comma?) (46,206)
  • Strings must be double-quoted (27,984)
  • Binary Sequence didn't contain ending ':' (328)
Cross-Origin-Embedder-Policy
129,084
  • Strings must be double-quoted (55,701)
  • Trailing delimiter (42,000)
  • Trailing characters after value (missing comma?) (31,098)
  • Binary Sequence didn't contain ending ':' (281)
  • Empty item (4)
Cross-Origin-Embedder-Policy-Report-Only
57,640
  • Strings must be double-quoted (55,737)
  • Trailing characters after value (missing comma?) (1,903)
Cross-Origin-Opener-Policy-Report-Only
52,231
  • Strings must be double-quoted (46,517)
  • Trailing delimiter (3,811)
  • Trailing characters after value (missing comma?) (1,903)
Reporting-Endpoints
49,451
  • Strings must be double-quoted (28,174)
  • 'umms-report' should be followed by '=', not 'T' (5,475)
  • 'csp' has trailing characters after the value (3,777)
  • 'https' should be followed by '=', not ':' (3,652)
  • Key does not begin with lcalpha or * (3,367)
  • There is no Structured Field item starting with '/' (3,324)
  • Reached end of input without finding a closing DQUOTE (811)
  • There is no Structured Field item starting with '\' (314)
  • 'csp-endpoint' has trailing characters after the value (285)
  • 'comet' should be followed by '=', not ':' (257)
  • 'csp-endpoint' should be followed by '=', not 'h' (7)
  • 'default' should be followed by '=', not '/' (5)
  • 'concat' should be followed by '=', not '(' (1)
  • Trailing delimiter (1)
  • Key cannot begin with an uppercase character (1)
Cache-Status
44,312
  • Strings must be double-quoted (37,643)
  • Trailing text after item in list (6,437)
  • Key cannot begin with an uppercase character (232)
Accept-CH
14,098
  • Trailing text after item in list (14,094)
  • Trailing delimiter (4)
Proxy-Status
1,489
  • Integer outside allowed range (1,489)
CDN-Cache-Control
1,126
  • 'max-age' should be followed by '=', not ':' (1,068)
  • Trailing delimiter (55)
  • 'stale-while-revalidate' has trailing characters after the value (3)
Speculation-Rules
1,040
  • There is no Structured Field item starting with '/' (1,040)

field_name

ValueNote firesHeader occurrencesFires per occurrence
Permissions-Policy
Samples (14)
216,26910,508,1432.06%
Cross-Origin-Opener-Policy
Samples (6)
133,9924,425,1443.03%
Cross-Origin-Embedder-Policy
Samples (11)
129,084986,89513.08%
Cross-Origin-Embedder-Policy-Report-Only
Samples (7)
57,640280,43520.55%
Cross-Origin-Opener-Policy-Report-Only
Samples (7)
52,231411,33612.70%
Reporting-Endpoints
Samples (2)
49,4513,012,4991.64%
Cache-Status
Samples (1)
44,3121,083,5194.09%
Accept-CH14,0983,776,0340.37%
Proxy-Status
Samples (1)
1,4897,88018.90%
CDN-Cache-Control1,126357,7590.31%
Speculation-Rules1,0402,165,7380.05%

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare236,79733.8%0.8%
nginx166,08423.7%0.6%
cloudfront89,40112.8%0.5%
fastly83,14411.9%0.8%
envoy75,14210.7%1.6%
apache56,7488.1%0.4%
akamai37,9105.4%0.3%
nextjs10,0891.4%0.1%
azure-front-door9,0221.3%0.6%
vercel2,0960.3%0.1%
BADBAD_JSON~25 sites (0.1%) (HyperLogLog estimate of distinct sites where this note fired)122,947

The %(field_name)s header value isn't valid JSON.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare90,88673.9%0.3%
fastly15,88712.9%0.2%
nextjs15,51512.6%0.2%
akamai6,5835.4%0.1%
nginx3,0642.5%0.0%
apache2,9062.4%0.0%
cloudfront2,3011.9%0.0%
BADBAD_REPORTING_ENDPOINT_SYNTAX~4 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)9,063

The %(name)s reporting endpoint is invalid.

Samples (2)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
nginx8709.6%0.0%
cloudfront200.2%0.0%
BADREPORT_TO_BAD_STRUCTURE~3 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)2,631

The Report-To header value has an invalid structure.

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare1,07941.0%0.0%
cloudfront10.0%0.0%
BADPARAM_STAR_QUOTED~3 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)11

The '%(param)s' parameter's value cannot be quoted.

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
akamai872.7%0.0%
BADPARAM_STAR_ERROR~2 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)4

The %(param)s parameter's value is invalid.

BADFIELD_NAME_BAD_SYNTAX~1 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)24

"%(field_name)s" is not a valid field name.

WARNFIELD_DEPRECATED~23,890 sites (48.4%) (HyperLogLog estimate of distinct sites where this note fired)82,940,943

The %(field_name)s header is deprecated.

Samples (5)

field_name

ValueNote firesHeader occurrencesFires per occurrence
X-XSS-Protection
Samples (15)
41,103,75641,103,756100.00%
Report-To
Samples (15)
14,955,37514,955,363100.00%
Keep-Alive
Samples (15)
6,182,6236,182,623100.00%
X-Download-Options
Samples (15)
6,169,3366,169,336100.00%
X-UA-Compatible
Samples (15)
5,210,1985,210,198100.00%
P3P
Samples (15)
3,999,7173,999,717100.00%
Expect-CT
Samples (15)
1,752,8021,752,802100.00%
Feature-Policy
Samples (15)
1,494,2791,494,279100.00%
X-Content-Security-Policy
Samples (15)
980,283980,283100.00%
X-Webkit-CSP
Samples (15)
459,328459,328100.00%
Accept-CH-Lifetime
Samples (15)
223,048223,048100.00%
Public-Key-Pins
Samples (3)
85,73585,735100.00%
Content-MD5
Samples (15)
67,17767,177100.00%
Warning
Samples (8)
60,78160,781100.00%
Content-Script-Type
Samples (6)
51,01451,014100.00%
Content-Style-Type
Samples (7)
50,99350,993100.00%
Content-Transfer-Encoding
Samples (15)
32,00032,000100.00%
Protocol
Samples (1)
21,80321,803100.00%
Set-Cookie2
Samples (1)
17,38717,387100.00%
PICS-Label8,1148,114100.00%
MIME-Version
Samples (9)
4,4104,410100.00%
Public-Key-Pins-Report-Only
Samples (1)
  • https://proton.me/fr/mail['pin-sha256="CT56BhOTmj5ZIPgb/xD5mH8rY3BLo/MlhP7oPyJUEDo="; pin-sha256="35Dx28/uzN3LeltkCBQ8RHK0tlNSa2kCpCRGNp34Gxc="; report-uri="https://reports.proton.me/reports/tls"']
2,8972,897100.00%
DNT
Samples (12)
2,4520
Digest2,1140
Accept-Charset
Samples (2)
1,5720
… 5 more values not shown …

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare26,906,05032.4%87.8%
nginx12,679,51915.3%47.9%
apache9,753,94611.8%73.9%
cloudfront9,563,03611.5%56.7%
akamai8,735,12410.5%68.3%
fastly6,182,8497.5%62.3%
envoy4,406,6175.3%91.6%
nextjs3,302,3314.0%39.9%
azure-front-door748,3960.9%52.4%
vercel682,1080.8%36.0%
… 1 more layers not shown …
WARNNEL_REPORT_TO_MISSING~9,215 sites (18.7%) (HyperLogLog estimate of distinct sites where this note fired)12,981,431

The reporting endpoint '%(value)s' is not defined.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare12,507,60796.3%40.8%
nextjs671,4365.2%8.1%
fastly313,6222.4%3.2%
cloudfront268,1232.1%1.6%
vercel207,5891.6%10.9%
nuxt104,7380.8%10.2%
envoy101,6720.8%2.1%
nginx56,5310.4%0.2%
akamai25,7210.2%0.2%
apache5,7450.0%0.0%
… 1 more layers not shown …
WARNBAD_SYNTAX~3,482 sites (7.1%) (HyperLogLog estimate of distinct sites where this note fired)10,697,525

The %(field_name)s field value doesn't conform to its specified syntax.

Samples (5)

field_name

ValueNote firesHeader occurrencesFires per occurrence
Via
Samples (15)
5,093,92430,429,66716.74%
Link
Samples (15)
  • https://qiita.com/plateau-academy/following_tags['<https://cdn.qiita.com/assets/public/style-e433b80667a154ec0945c625c57dca6a.min.css>; rel=preload; as=style; nopush,<https://fonts.googleapis.com/css2?family=Material+Symbols+Outlined:opsz,wght,FILL,GRAD@24,500,0..1,-25..0>; rel=preload; as=style; nopush']
  • https://reliefweb.int/organizations?search=country.exact%3A%22Brazil%22['<https://fonts.googleapis.com>; rel="preconnect"', '<https://fonts.gstatic.com>; rel="preconnect"; crossorigin="1"', '<https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,300;0,400;0,500;0,700;0,900;1,400;1,700&display=swap>; rel="preload"; as="style"; onload="this.onload=null;this.setAttribute(`rel`, `stylesheet`);"']
  • https://www.theregister.com/2024/08/14/microsoft_services_agreement_update_warns/?utm_source=newsletter.geekflare.com&utm_medium=referral&utm_campaign=microsoft-just-admitted-their-ai-is-useless['<https://pagead2.googlesyndication.com/tag/js/gpt.js>; rel=preload; as=script;,</design_picker/ac38e3d7875b747243d324cc6fad1f4f6563acff/javascript/_.js>; rel=preload; as=script;,</css/dd4871fd6132318747b720148044f42594c41776/scaffolding.css>; rel=preload; as=style;,</css/dd4871fd6132318747b720148044…[truncated]']
  • https://padlet.com/willmcculloch/somalia-ul3ykv7qk5n0xwtg['<https://v1.padlet.pics/1/image?t=c_scale,dpr_1,e_blur:1000,f_jpg,h_60,w_60&url=https%3A%2F%2Fpadlet-uploads.storage.googleapis.com%2F1881148463%2Fb4887cb9bfa9958f1bd66f3637ebc560%2FWHITE.png>; rel=preload; as=image; fetchpriority=high,<https://padlet.net/fonts/inter/subset/inter-latin.woff2>;rel="p…[truncated]']
  • https://www.legislation.gov.uk/aep/WillandMar/4/10/section/II/enacted/data.xht?view=snippet&wrap=true['<>; rel="canonical"']
  • https://www.bing.com/maps?cp=51.517467~-0.150679&style=c&lvl=15&rtp=~pos.51.517467_-0.150679_Union+Cafe,+W1U+2QA['<https://r.bing.com/rs/39/9W/cir3,cc,nc/nLboXMWTRormz119x6lavZa4D_A.css?or=w>; rel=preload; as=style,<https://r.bing.com/rs/39/9G/cir3,cc,nc/uOMQ0B-3MPDq5Xv82ekcjG7MPyk.css?or=w>; rel=preload; as=style,</rp/-zGrxRM3NOSQdoYYfcDDgg7TIbA.br.js>; rel=preload; as=script; crossorigin=anonymous; nonce=JkG4…[truncated]']
  • https://www.cars.com/articles/luxury-doesnt-dilute-power-of-2019-ford-f-150-limited-452696/['<?w=828&q=20>; rel=preload; fetchpriority=high; as=image; media="(max-width: 740px) and (-webkit-min-device-pixel-ratio: 1.25), (max-width: 740px) and (min-resolution: 120dpi)",<>; rel=preload; fetchpriority=high; as=image; media="(min-width: 741px)",<https://securepubads.g.doubleclick.net/tag/js/gp…[truncated]']
  • https://www.dell.com/en-ie/shop/dell-laptops/scr/laptops?showMessage=2['<//i.dell.com/is/image/DellContent/content/dam/ss2/product-images/page/category/laptop/merged-category/plp-banner-all-laptops-2560-235.png?fmt=jpg&wid=690&hei=150>; rel=preload; as=image; media=(max-width: 767px); fetchpriority=high,<//i.dell.com/is/image/DellContent/content/dam/ss2/product-images/p…[truncated]']
  • https://www.blic.rs/bbc/mol-i-gaspromnjeft-dogovorili-prodaju-nis-a-ministarka-energetike-srbije/mk52yk0['<https://fonts.googleapis.com/css2?family=Inter:ital,opsz,wght@0,14..32,100..900;1,14..32,100..900&family=Merriweather+Sans:ital,wght@0,300..800;1,300..800&family=Merriweather:ital,opsz,wght@0,18..144,300..900;1,18..144,300..900&family=Roboto:ital,wght@0,100..900;1,100..900&display=swap>; rel=preloa…[truncated]', '<https://ocdn.eu/ucs/static/blicperun/a1fa9cd3393beca977a083c3c1355a5f/v4/build/css/desktop.css>; rel=preload; as=style', '<https://events.ocdn.eu>; rel=preconnect', '<https://ocdn.eu>; rel=preconnect']
  • https://www.zalando.pl/dzieci-bikini/['<https://mosaic02.ztat.net/zds/assets/fonts/ZalandoSans[wdth,wght].ba6fc11d.woff2>; rel="preload"; as="font"; crossorigin; type="font/woff2"; nopush', '<https://mosaic01.ztat.net/zds/assets/fonts/867e79d.woff2>; rel="preload"; as="font"; crossorigin; type="font/woff2"; nopush', '<https://mosaic01.ztat.net/base-assets/9-1-0/require-2.1.22.min.js>; rel="preload"; as="script"; crossorigin; nopush', '<https://mosaic01.ztat.net/base-assets/9-1-0/assets/bundle.js>; rel="preload"; as="script"; crossorigin; nopush']
  • https://www.nutanix.com/company/customers/edward-jones['</etc.clientlibs/ntx-commons/clientlibs/clientlib-base.lc-8be5fc16a1b2627113ed1c4f8eb6d318-lc.min.css>; as=style; rel=preload, <https://cdn.cookielaw.org/scripttemplates/otSDKStub.js>; as=script; rel=preload, <https://cdn.cookielaw.org/consent/5b082e91-0f6a-4969-9e13-6495beff4402/5b082e91-0f6a-4969-…[truncated]']
  • https://www.fool.com/money/cryptocurrency/uniswap-review/['<https://g.foolcdn.com>; rel="preconnect", <https://m.foolcdn.com>; rel="preconnect", <https://cdn.segment.com>; rel="preconnect", <https://cdn-4.convertexperiments.com; rel="preconnect", <https://www.googletagmanager.com>; rel="preconnect", <https://cdn.userway.org>; rel="preconnect"']
  • https://www.bitdefender.com/en-us/blog/businessinsights/author/theodor-porutiu['<https://assets.adobedtm.com>; rel=dns-prefetch, <https://assets.adobedtm.com>; rel=preconnect, <https://sstats.bitdefender.com >; rel=dns-prefetch, <https://sstats.bitdefender.com >; rel=preconnect, <https://esm.sh>; rel=dns-prefetch, <https://esm.sh>; rel=preconnect, /content/dam/launch/8a93f8486b…[truncated]']
  • https://www.zalando.fr/outfits/gJf_AHvdSoi/['<https://mosaic02.ztat.net/zds/assets/fonts/ZalandoSans[wdth,wght].ba6fc11d.woff2>; rel="preload"; as="font"; crossorigin; type="font/woff2"; nopush', '<https://mosaic01.ztat.net/zds/assets/fonts/867e79d.woff2>; rel="preload"; as="font"; crossorigin; type="font/woff2"; nopush', '<https://mosaic01.ztat.net/base-assets/9-1-0/require-2.1.22.min.js>; rel="preload"; as="script"; crossorigin; nopush', '<https://mosaic01.ztat.net/base-assets/9-1-0/assets/bundle.js>; rel="preload"; as="script"; crossorigin; nopush']
  • https://www.zalando.nl/under-armour-unstoppable-hoodie-black-un242g0he-q11.html['<https://mosaic02.ztat.net/zds/assets/fonts/ZalandoSans[wdth,wght].ba6fc11d.woff2>; rel="preload"; as="font"; crossorigin; type="font/woff2"; nopush', '<https://mosaic01.ztat.net/zds/assets/fonts/867e79d.woff2>; rel="preload"; as="font"; crossorigin; type="font/woff2"; nopush', '<https://mosaic01.ztat.net/base-assets/9-1-0/require-2.1.22.min.js>; rel="preload"; as="script"; crossorigin; nopush', '<https://mosaic01.ztat.net/base-assets/9-1-0/assets/bundle.js>; rel="preload"; as="script"; crossorigin; nopush']
1,794,89443,505,5764.13%
X-Frame-Options
Samples (15)
1,453,38360,521,3782.40%
ETag
Samples (15)
586,61427,061,0422.17%
Access-Control-Allow-Credentials
Samples (15)
583,9594,608,41812.67%
Access-Control-Allow-Origin
Samples (15)
470,63116,045,8952.93%
Strict-Transport-Security
Samples (15)
309,47971,294,7220.43%
Content-Disposition
Samples (15)
95,872907,17210.57%
Content-Security-Policy
Samples (1)
77,52738,270,5920.20%
Clear-Site-Data
Samples (2)
67,64852,154129.71%
Content-Type
Samples (13)
60,524122,848,0150.05%
X-Content-Type-Options
Samples (7)
40,13360,244,5190.07%
Warning
Samples (5)
20,93360,78134.44%
Server
Samples (1)
18,74894,787,3320.02%
Vary
Samples (1)
6,294112,681,4710.01%
Content-Security-Policy-Report-Only3,8103,458,0840.11%
Alt-Svc3,33032,351,0740.01%
Server-Timing
Samples (1)
3,16155,581,8200.01%
Location
Samples (1)
2,32311,28820.58%
Content-Language
Samples (2)
1,92712,220,5070.02%
Cache-Control1,29398,177,8400.00%
Referrer-Policy81428,948,1900.00%
Content-MD5
Samples (2)
12867,1770.19%
Content-Location
Samples (1)
61173,1350.04%
Access-Control-Allow-Headers586,316,1580.00%
… 1 more values not shown …

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare1,779,84116.6%5.8%
nginx1,281,82812.0%4.8%
cloudfront811,1527.6%4.8%
akamai725,4146.8%5.7%
nextjs619,0535.8%7.5%
fastly472,7544.4%4.8%
apache356,6313.3%2.7%
envoy307,0272.9%6.4%
nuxt66,4320.6%6.5%
azure-front-door65,6760.6%4.6%
… 1 more layers not shown …
WARNAGE_PENALTY~2,038 sites (4.1%) (HyperLogLog estimate of distinct sites where this note fired)1,660,386

It appears that the Date header has been changed by an intermediary.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
fastly1,491,57489.8%15.0%
nginx391,32823.6%1.5%
nextjs155,4399.4%1.9%
envoy74,5254.5%1.5%
vercel69,8394.2%3.7%
cloudfront13,8080.8%0.1%
cloudflare11,8770.7%0.0%
nuxt9,9200.6%1.0%
apache9,8070.6%0.1%
azure-front-door140.0%0.0%
WARNDATE_CLOCKLESS~516 sites (1.0%) (HyperLogLog estimate of distinct sites where this note fired)592,563

This response doesn't have a Date header.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
envoy350.0%0.0%
apache20.0%0.0%
WARNDISPOSITION_OMITS_FILENAME~350 sites (0.7%) (HyperLogLog estimate of distinct sites where this note fired)23,160

The Content-Disposition header doesn't have a 'filename' parameter.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
apache5,15122.2%0.0%
fastly3,62615.7%0.0%
nginx3,10213.4%0.0%
cloudflare1,6967.3%0.0%
cloudfront1,0794.7%0.0%
akamai8543.7%0.0%
azure-front-door6012.6%0.0%
envoy290.1%0.0%
WARNFIELD_TOO_LARGE~343 sites (0.7%) (HyperLogLog estimate of distinct sites where this note fired)779,581

The %(field_name)s field is very large (%(field_size)s bytes).

Samples (5)

field_name

ValueNote firesHeader occurrencesFires per occurrenceLargest seen
Content-Security-Policy
Samples (15)
  • https://www.accenture.com/nl-en/insights/capital-markets/gen-ai-power-growth-wealth-managers["default-src 'self' *.2o7.net *.accenture.cn *.accenture.com *.accenture.jp *.accenture.test *.accenturealumni.com *.adnxs.com *.adobe.com *.adobeaemcloud.com *.adobedc.net *.adobedtm.com *.ads-twitter.com *.adsrvr.org *.adsymptotic.com *.amazonaws.com *.appcast.io *.apple.com *.assestsadobe.com *.az…[truncated]"]
  • https://www.fao.org/geographical-indications/news/es["default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com h…[truncated]"]
  • https://www.kohls.com/product/prd-2227906/great-explorations-glow-in-the-dark-3d-solar-system-kit.jsp["block-all-mixed-content; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.kohls.com *.adobedtm.com *.cdnbasket.net lb.eu-1-id5-sync.com lb.eu-2-id5-sync.com lb.eu-3-id5-sync.com lb.eu-4-id5-sync.com lb.us-1-id5-sync.com lb.us-2-id5-sync.com diagnostics.id5-sync.com *.babylist.com *.kargo.com …[truncated]"]
  • https://www.acronis.com/it/pr/page/17/["base-uri 'self' https://www.acronis.com https://matomo.web.gcp.acronis.com https://account.acronis.com; default-src https:; object-src 'none'; frame-src 'self' *.acronis.com *.navattic.com *.salesforce-scrt.com *.my.site.com *.salesforceliveagent.com *.driftt.com *.visualize-roi.com *.doubleclick.ne…[truncated]"]
  • https://www.skool.com/@nguyen-thuong-4330["default-src 'self' blob: https://api.giphy.com https://iframe.mediadelivery.net https://*.b-cdn.net https://*.bunnycdn.com https://*.skool.com https://google.com https://*.google.com https://vimeo.com https://*.vimeo.com https://*.vimeocdn.com https://youtube.com https://*.youtube.com https://*.ytim…[truncated]"]
  • https://www.rapid7.com/db/vulnerabilities/apple-osx-clock-cve-2023-41979/["default-src 'self' https://www.rapid7.com https://old.rapid7.com https://rapid7-website-development.contentstackapps.com https://rapid7-website-staging.contentstackapps.com https://rapid7-website.contentstackapps.com https://newdev.rapid7.com https://staging.rapid7.com https://assets.contentstack.io…[truncated]"]
  • https://www.ispot.tv/ad/70Kc/discount-tire-thank-you-from-brad-keselowski-and-joey-logano["default-src 'self' https://d3ds6z1w6yhmzj.cloudfront.net; script-src-elem 'self' 'strict-dynamic' 'nonce-a289ca5a01ef152677c883369ad47f9db7686504f5820ab897f04a20e0749250' 'unsafe-inline' 'unsafe-eval' https: https://d3ds6z1w6yhmzj.cloudfront.net https://analytics.twitter.com https://cdn.jsdelivr.net…[truncated]"]
  • https://www.ubereats.com/nl/city/alkmaar-noord-holland["block-all-mixed-content; frame-src 'self' https://*.uber.com https://*.ubereats.com http://*.cdn-net.com https://tr.snapchat.com https://payments.uber.com https://payments-guest.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uber…[truncated]"]
  • https://www.toyota.com/espanol/dealers/Georgia/Coolidge/dealers/["connect-src 'self' *.adentifi.com *.adnxs.com *.adobeaemcloud.com *.agkn.com *.analytics.google.com *.awswaf.com *.azurefd.net *.bing.com *.buyatoyota.com *.cloudfunctions.net *.contentsquare.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.gstatic.com *.ipre…[truncated]"]
  • https://www.datacamp.com/portfolio/helloprajwal2000["base-uri https://*.datacamp.com https://*.datacamp-staging.com;connect-src 'self' https://embedwistia-a.akamaihd.net https://*.algolia.io https://*.algolia.net https://*.algolianet.com https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://*.bing.com https:…[truncated]"]
  • https://www.coveo.com/en/relevance-360/thrive-with-ai-digital-cx-roi/sap-concur-digital-experience-genai["default-src 'none';script-src 'self' 'nonce-q3Aub9qLPuxpEAab4yZLgLS8' 'unsafe-eval' 'strict-dynamic' blob: *.6sc.co *.adobe.net *.amplitude.com *.cloud.coveo.com *.coveo.com *.web.coveo.com *.experience.adobe.com *.fontawesome.com *.g2crowd.com *.google.com *.googleapis.com *.hotjar.com *.hotjar.io …[truncated]"]
  • https://www.ryanair.com/tr/en/lp/unsubscribe["base-uri https://*.ryanair.com https://*.laudamotion.com https://*.ryanair.com; child-src https://*.hotjar.com https://*.hotjar.io 'self'; connect-src 'self' https://*.ryanair.com https://*.launchdarkly.com https://bam.nr-data.net/ https://dpm.demdex.net https://js-agent.newrelic.com https://script.…[truncated]"]
  • https://www.bitdefender.com/consumer/support/answer/16004/["frame-ancestors 'self' *.google.ro *.msn.com *.crwdcntrl.net *.doubleclick.net *.adnxs.com *.google.co.uk *.reddit.com *.adsymptotic.com https://px.ads.linkedin.com *.google.ca *.gstatic.com *.google-analytics.com https://www.googletagmanager.com *.google.com https://www.facebook.com https://secure.…[truncated]"]
  • https://www.eset.com/de/about/presse/pressemitteilungen/pressemitteilungen/av-test-auszeichnung-fuer-eset-unternehmensloesung/["default-src 'self'; connect-src 'self' http://ad.doubleclick.net https://*.analytics.google.com https://*.botframework.com https://*.capterra.com https://*.clarity.ms https://*.demandbase.com https://*.demdex.net https://*.eset.com https://*.googlesyndication.com https://*.hotjar.com https://*.hotja…[truncated]"]
  • https://www.lidl.de/p/livarno-niedriglehner-polsterauflage-houston/p100400727["default-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.adsrvr.org https://*.api.schwarz https://*.assets.schwarz https://*.batch.com https://*.bing.com https://bat.bing.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https…[truncated]"]
509,59938,270,5921.33%27.2 KB
Link
Samples (8)
153,66743,505,5760.35%32.2 KB
Content-Security-Policy-Report-Only
Samples (11)
  • https://yandex.uz/games/app/452774["script-src 'nonce-1imI6QBMocZhgpExJu3ejw' 'self' *.yastatic.net cdn.jsdelivr.net mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yande…[truncated]"]
  • https://playhop.com/de/app/389999["script-src 'nonce-iYrd-Dlj66r-dtw7yU3pKg' 'self' *.yastatic.net cdn.jsdelivr.net mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yande…[truncated]"]
  • https://www.docusign.com/en-gb/integrations/sap["default-src 'self' https://pref.docusign.com https://apps.docusign.com https://events.docusign.com https://momentum.docusign.com https://dsucustomers.docusign.com https://account.docusign.com https://account-d.docusign.com https://ecom.docusign.com https://support.docusign.com https://developers.doc…[truncated]"]
  • https://dzen.ru/list/art/absoliutnyi-sluh-neokonchennaia-simfoniia-shuberta["child-src blob: mc.yandex.ru; connect-src 'self' blob: *.adriver.ru *.buzzoola.com *.adplay.ru *.adlooxtracking.com *.adlooxtracking.ru *.adsafeprotected.com *.apptracer.ru *.cdn.dzeninfra.ru *.cdn.ngenix.net *.cold-video.dzeninfra.ru *.criteo.com *.criteo.net *.cu.dzen.ru *.doubleverify.com *.dzen.…[truncated]"]
  • https://yandex.com.tr/games/app/409949["script-src 'nonce-Cb8AMGeI0NdLGp6Y4A1PAw' 'self' *.yastatic.net cdn.jsdelivr.net mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yande…[truncated]"]
  • https://www.se.com/sg/en/work/services/field-services/electrical-distribution/operate/training/thank-you.jsp["default-src 'nonce-sgo3un1q3uu3qskh' 'nonce-rAnd0m' 'self' interface.elbridge2.itek.de d2osz8slymlqdp.cloudfront.net *.schneider-electric.com service.force.com fonts.googleapis.com; report-uri https://sesdl.report-uri.com/r/t/csp/reportOnly; script-src 'nonce-sgo3un1q3uu3qskh' 'nonce-rAnd0m' 'report…[truncated]"]
  • https://yandex.com/games/app/438897["script-src 'nonce-g5J3mCkqQx5mKtZ-3IqTZw' 'self' *.yastatic.net cdn.jsdelivr.net mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yande…[truncated]"]
  • https://yandex.kz/games/app/kliker-bitva-za-zemliu-493429["script-src 'nonce-nFoHknMKcvWVR4HTUCda9w' 'self' *.yastatic.net cdn.jsdelivr.net mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yande…[truncated]"]
  • https://yandex.by/games/app/444978["script-src 'nonce-pUpCi3We4nGSdlrOn54wiA' 'self' *.yastatic.net cdn.jsdelivr.net mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yande…[truncated]"]
  • https://www.cloudflare.com/es-la/case-studies/home-chef/["script-src 'self' *.cloudflare.com https://assets.adobedtm.com *.marketo.net *.google-analytics.com *.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net adservice.google.com https://trk.techtarget.com *.onetrust.com https://connect…[truncated]"]
  • https://www.lidl.es/otc/cart["default-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.adsrvr.org https://*.api.schwarz https://*.assets.schwarz https://*.batch.com https://*.bing.com https://bat.bing.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https…[truncated]"]
83,2053,458,0842.41%20.8 KB
Set-Cookie9,530238,378,5260.00%23.1 KB
X-Content-Security-Policy
Samples (1)
  • https://www.ubereats.com/nl/city/alkmaar-noord-holland["block-all-mixed-content; frame-src 'self' https://*.uber.com https://*.ubereats.com http://*.cdn-net.com https://tr.snapchat.com https://payments.uber.com https://payments-guest.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uber…[truncated]"]
7,185980,2830.73%9.7 KB
X-Webkit-CSP
Samples (1)
  • https://www.ubereats.com/nl/city/alkmaar-noord-holland["block-all-mixed-content; frame-src 'self' https://*.uber.com https://*.ubereats.com http://*.cdn-net.com https://tr.snapchat.com https://payments.uber.com https://payments-guest.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uber…[truncated]"]
6,982459,3281.52%8.2 KB
x-drupal-cache-tags4,20458,2757.21%18.0 KB
cache-tags2,378114,1802.08%17.2 KB
Surrogate-Key1,907554,8310.34%9.1 KB
X-Drupal-Cache-Tags
Samples (1)
  • https://www.juntadeandalucia.es/empleoformacionytrabajoautonomo/formacion/web/['CACHE_MISS_IF_UNCACHEABLE_HTTP_METHOD:form block_content:3 block_content:5 block_content:6 block_content_view block_view block_visibility_group:editor_menu block_visibility_group:supervisor_menu config:block.block.block__view__display_you_may_be_interested_in config:block.block.form_expuesto_view_ad…[truncated]']
69258,2751.19%22.6 KB
x-cache-tag
Samples (1)
  • https://www.poetryfoundation.org/?volume=90&issue=1&page=19['entryType:20 section:4 uri:__home__ entryType:6 section:16 uri:poetrymagazine/poems/1764414/from-wound-up entryType:39 section:25 uri:poets/julie-ezelle-patton entryType:14 section:21 uri:categories/subjects uri:categories/arts-sciences uri:categories/language-linguistics uri:categories/painting-scu…[truncated]']
8528,7940.30%18.8 KB
cache-tag
Samples (1)
  • https://www.poetryfoundation.org/?volume=90&issue=1&page=19['entryType:20 section:4 uri:__home__ entryType:6 section:16 uri:poetrymagazine/poems/1764414/from-wound-up entryType:39 section:25 uri:poets/julie-ezelle-patton entryType:14 section:21 uri:categories/subjects uri:categories/arts-sciences uri:categories/language-linguistics uri:categories/painting-scu…[truncated]']
82570,4010.01%18.8 KB
x-cache-tags5673,6310.08%22.4 KB
xkey210,167,0650.00%8.9 KB
x-data-layer
Samples (1)
2020.4 KB
Server-Timing255,581,8200.00%9.5 KB
cf-h2-pushed2609,5000.00%8.3 KB
x-getclosestlocation1014.2 KB

Field size

ValueNote fires
8-16 KB659,544
16-32 KB119,987
32+ KB50

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare352,66545.2%1.2%
cloudfront184,37023.6%1.1%
fastly145,95618.7%1.5%
akamai96,46912.4%0.8%
nginx67,5588.7%0.3%
envoy53,2326.8%1.1%
nextjs29,1323.7%0.4%
apache28,2853.6%0.2%
vercel14,0841.8%0.7%
azure-front-door9,1051.2%0.6%
… 1 more layers not shown …
WARNDISPOSITION_FILENAME_PERCENT~136 sites (0.3%) (HyperLogLog estimate of distinct sites where this note fired)11,341

The 'filename' parameter on the Content-Disposition header contains a '%%' character.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
apache2,65823.4%0.0%
nginx2,14218.9%0.0%
cloudflare8137.2%0.0%
akamai1401.2%0.0%
cloudfront960.8%0.0%
azure-front-door670.6%0.0%
envoy650.6%0.0%
fastly290.3%0.0%
vercel30.0%0.0%
nextjs30.0%0.0%
WARNDUPLICATE_KEY~126 sites (0.3%) (HyperLogLog estimate of distinct sites where this note fired)372,193

In %(field_name)s, the %(context)s key '%(key)s' is duplicated.

Samples (5)

field_name

ValueNote firesHeader occurrencesFires per occurrence
Permissions-Policy
Samples (13)
326,36710,508,1433.11%
Reporting-Endpoints
Samples (15)
45,5373,012,4991.51%
Cache-Status
Samples (1)
  • https://www.blackberry.com/es-la/secure-communications/partners['"Netlify Durable"; hit; ttl=31483504, "Next.js"; hit, "Netlify Edge"; fwd=miss, "Netlify Durable"; hit; ttl=31483504, "Next.js"; hit, "Netlify Edge"; fwd=miss;detail=p1', '"Netlify Durable"; hit; ttl=31483504, "Next.js"; hit, "Netlify Edge"; fwd=miss, "Netlify Durable"; hit; ttl=31483504, "Next.js"; hit, "Netlify Edge"; fwd=miss;detail=p1;detail=f1']
2891,083,5190.03%

Field name → key

ValueNote fires
Permissions-Policy: ch-ua-model102,105
Reporting-Endpoints: heroku-nel37,274
Permissions-Policy: geolocation19,008
Permissions-Policy: microphone18,859
Permissions-Policy: camera18,363
Permissions-Policy: browsing-topics17,393
Permissions-Policy: attribution-reporting16,788
Permissions-Policy: otp-credentials16,788
Permissions-Policy: payment15,127
Permissions-Policy: magnetometer11,612
Permissions-Policy: gyroscope9,807
Permissions-Policy: accelerometer9,228
Permissions-Policy: usb9,166
Reporting-Endpoints: max_age8,218
Permissions-Policy: fullscreen8,076
Permissions-Policy: vibrate5,095
Permissions-Policy: sync-xhr4,814
Permissions-Policy: midi4,801
Permissions-Policy: picture-in-picture4,513
Permissions-Policy: interest-cohort3,601
Permissions-Policy: screen-wake-lock3,462
Permissions-Policy: autoplay2,997
Permissions-Policy: encrypted-media2,980
Permissions-Policy: display-capture2,901
Permissions-Policy: cross-origin-isolated2,899
… 17 more values not shown …

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
fastly124,68933.5%1.3%
nextjs77,06620.7%0.9%
cloudflare59,10415.9%0.2%
akamai52,88314.2%0.4%
nginx50,16213.5%0.2%
envoy17,6644.7%0.4%
apache16,6304.5%0.1%
cloudfront11,2883.0%0.1%
vercel8,5132.3%0.4%
nuxt3,6531.0%0.4%
WARNDISPOSITION_UNKNOWN~90 sites (0.2%) (HyperLogLog estimate of distinct sites where this note fired)65,307

The '%(disposition)s' Content-Disposition isn't known.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
akamai36,05955.2%0.3%
apache5,7468.8%0.0%
nginx4,1556.4%0.0%
cloudflare1,1061.7%0.0%
fastly2490.4%0.0%
cloudfront680.1%0.0%
envoy440.1%0.0%
azure-front-door10.0%0.0%
WARNPARAM_SINGLE_QUOTED~64 sites (0.1%) (HyperLogLog estimate of distinct sites where this note fired)107,564

The '%(param)s' parameter on the %(field_name)s header is single-quoted.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare48,43545.0%0.2%
fastly29,07427.0%0.3%
nginx19,87118.5%0.1%
apache5,9965.6%0.0%
cloudfront3,3383.1%0.0%
WARNLOCATION_UNDEFINED~64 sites (0.1%) (HyperLogLog estimate of distinct sites where this note fired)11,288

This status code doesn't define any meaning for the Location header.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
akamai3,32329.4%0.0%
apache3,30329.3%0.0%
cloudfront3,23928.7%0.0%
nginx2,60623.1%0.0%
cloudflare440.4%0.0%
fastly200.2%0.0%
envoy190.2%0.0%
azure-front-door10.0%0.0%
WARNSERVER_TIMING_BAD_PARAM~38 sites (0.1%) (HyperLogLog estimate of distinct sites where this note fired)151,469

The '%(param)s' parameter on the '%(metric)s' metric has a non-numeric value.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
akamai125,22182.7%1.0%
nginx24,79516.4%0.1%
cloudflare17,55811.6%0.1%
envoy17,08011.3%0.4%
nextjs8,8555.8%0.1%
cloudfront1240.1%0.0%
WARNPARAM_REPEATS~31 sites (0.1%) (HyperLogLog estimate of distinct sites where this note fired)176,634

The '%(param)s' parameter repeats in the %(field_name)s header.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
nginx117,12166.3%0.4%
cloudflare42,39424.0%0.1%
cloudfront7,6314.3%0.0%
akamai3,4842.0%0.0%
azure-front-door1,5630.9%0.1%
apache960.1%0.0%
fastly60.0%0.0%
WARNDISPOSITION_FILENAME_PATH_CHAR~31 sites (0.1%) (HyperLogLog estimate of distinct sites where this note fired)3,842

The filename in the Content-Disposition header contains a path character.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
nginx3,57593.1%0.0%
cloudflare752.0%0.0%
apache220.6%0.0%
fastly210.5%0.0%
cloudfront110.3%0.0%
azure-front-door60.2%0.0%
akamai20.1%0.0%
envoy10.0%0.0%
WARNREPORT_TO_MISSING_KEY~8 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)58,863

The Report-To header value is missing the '%(key)s' key.

Samples (2)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
nginx21,50736.5%0.1%
fastly17,24729.3%0.2%
cloudfront13,29822.6%0.1%
nextjs13,14622.3%0.2%
apache1520.3%0.0%
cloudflare130.0%0.0%
WARNNEL_MISSING_KEY~6 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)67,929

The NEL policy is missing the '%(key)s' key.

Samples (1)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare31,66346.6%0.1%
nginx30,66245.1%0.1%
cloudfront14,69221.6%0.1%
WARNFIELD_SECTION_TOO_LARGE~6 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)194

The %(field_type)s section is very large (%(section_size)s bytes).

Samples (4)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare17288.7%0.0%
nuxt8242.3%0.0%
WARNDATE_OBSOLETE~2 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)2,671

The %(field_name)s header's value uses an obsolete format.

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
nginx2,670100.0%0.0%
WARNDEPRECATION_PAST~2 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)24

The resource has been deprecated.

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
nginx24100.0%0.0%
WARNNEL_BAD_TYPE~1 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)1,139

The NEL policy has an invalid type for '%(key)s'.

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
azure-front-door1,139100.0%0.1%
WARNREPORT_TO_BAD_TYPE~1 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)1,139

The Report-To header has an invalid type for '%(key)s'.

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
azure-front-door1,139100.0%0.1%
WARNPARAM_STAR_CHARSET~1 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)80

The %(param)s parameter's value uses an encoding other than UTF-8.

INFOLM_PRESENT~27,343 sites (55.4%) (HyperLogLog estimate of distinct sites where this note fired)24,805,515

The resource last changed %(last_modified_string)s.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare9,174,48937.0%29.9%
nginx3,834,33915.5%14.5%
fastly3,505,93814.1%35.3%
akamai2,949,37511.9%23.1%
apache2,782,92211.2%21.1%
cloudfront2,686,77610.8%15.9%
envoy283,5211.1%5.9%
nextjs244,1161.0%2.9%
azure-front-door215,3560.9%15.1%
nuxt123,0430.5%12.0%
… 1 more layers not shown …
INFOUNNECESSARY_HEADER~16,837 sites (34.1%) (HyperLogLog estimate of distinct sites where this note fired)44,688,718

The %(header_name)s header can probably be removed.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare12,372,12727.7%40.4%
nginx11,102,46224.8%41.9%
nextjs7,889,84417.7%95.3%
cloudfront6,430,22514.4%38.1%
apache3,521,4417.9%26.7%
fastly3,135,0137.0%31.6%
akamai2,612,1315.8%20.4%
envoy1,625,5763.6%33.8%
vercel1,353,3483.0%71.4%
nuxt1,093,9582.4%106.7%
… 1 more layers not shown …
INFOSERVER_TIMING_MISSING_DESC~9,004 sites (18.2%) (HyperLogLog estimate of distinct sites where this note fired)44,166,399

The '%(metric)s' metric is missing the 'desc' parameter.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare28,330,11464.1%92.5%
akamai13,578,92530.7%106.2%
nextjs3,133,6117.1%37.8%
cloudfront2,751,8836.2%16.3%
envoy2,527,2365.7%52.5%
nginx2,013,9804.6%7.6%
fastly1,851,2854.2%18.7%
apache1,242,0162.8%9.4%
vercel774,8911.8%40.9%
nuxt498,6601.1%48.7%
… 1 more layers not shown …
INFOSERVER_TIMING_MISSING_DUR~8,573 sites (17.4%) (HyperLogLog estimate of distinct sites where this note fired)25,652,558

The '%(metric)s' metric is missing the 'dur' parameter.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare15,034,64058.6%49.1%
akamai8,374,70832.6%65.5%
nextjs1,714,6506.7%20.7%
fastly1,682,5396.6%17.0%
cloudfront1,609,2926.3%9.5%
nginx1,467,8495.7%5.5%
envoy1,072,6764.2%22.3%
apache766,2823.0%5.8%
nuxt501,6462.0%48.9%
vercel411,8981.6%21.7%
… 1 more layers not shown …
INFOVIA_PRESENT~8,457 sites (17.1%) (HyperLogLog estimate of distinct sites where this note fired)30,180,949

One or more intermediaries are present.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudfront16,345,18154.2%96.9%
nginx7,503,04924.9%28.3%
fastly6,019,27019.9%60.7%
cloudflare3,856,26812.8%12.6%
nextjs3,123,32610.3%37.7%
apache2,671,1178.9%20.2%
envoy1,840,7976.1%38.3%
nuxt221,4170.7%21.6%
vercel147,4560.5%7.8%
azure-front-door113,3080.4%7.9%
… 1 more layers not shown …
INFOSERVER_TOO_LONG~120 sites (0.2%) (HyperLogLog estimate of distinct sites where this note fired)157,860

The Server header is long.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
apache136,63886.6%1.0%
akamai8,2205.2%0.1%
cloudfront6,1853.9%0.0%
envoy5,4173.4%0.1%
fastly670.0%0.0%
INFOLOCATION_NOT_ABSOLUTE~23 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)6,782

The Location header contains a relative URI.

Samples (3)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
akamai3,24647.9%0.0%
nginx2,60638.4%0.0%
cloudflare130.2%0.0%
fastly10.0%0.0%
INFOCONTENT_LANGUAGE_DUP~5 sites (0.0%) (HyperLogLog estimate of distinct sites where this note fired)2,207

The %(lang)s language tag appears more than once.

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
akamai1,80181.6%0.0%
fastly1,80181.6%0.0%
nginx25111.4%0.0%
apache1557.0%0.0%
GOODDATE_CORRECT~46,944 sites (95.1%) (HyperLogLog estimate of distinct sites where this note fired)117,701,006

The server's clock is correct.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare30,616,56026.0%99.9%
nginx25,294,48021.5%95.5%
cloudfront15,611,27813.3%92.5%
akamai12,782,69410.9%99.9%
apache12,609,54510.7%95.5%
fastly8,394,6337.1%84.6%
nextjs7,933,7296.7%95.8%
envoy4,643,2123.9%96.5%
vercel1,722,9811.5%90.9%
azure-front-door1,427,4221.2%100.0%
… 1 more layers not shown …
GOODNEL_CONFIGURED~216 sites (0.4%) (HyperLogLog estimate of distinct sites where this note fired)674,390

Network Error Logging is configured for this response.

Samples (5)

By infrastructure

LayerNote firesShare of occurrencesOf layer's traffic
cloudflare329,11648.8%1.1%
fastly141,85121.0%1.4%
nextjs73,77310.9%0.9%
cloudfront65,4929.7%0.4%
akamai4,3790.6%0.0%
vercel1,9470.3%0.1%
azure-front-door1,1130.2%0.1%
nginx1,0670.2%0.0%
apache1950.0%0.0%
nuxt1890.0%0.0%
… 1 more layers not shown …

Finding co-occurrence

Which findings clump on the same response — testing whether defects cluster rather than scatter. A cluster is the set of defect notes (bad / warn) that fired on a response; (none) means none did. Mechanical parent/child note pairs (a sub-finding always co-occurs with its parent) are excluded from the pairs below. Responses is occurrence-weighted; Sites is a HyperLogLog estimate of distinct operators. Shares are of all 122,905,867 analysed responses.

4.64% of responses (5,700,030) produced no bad/warn finding.

Top finding clusters

The long tail of rare values was elided during shuffle to keep cluster memory bounded; counts and percentages below describe the retained head only.

ClusterResponses% of responsesSites
FRESHNESS_HEURISTIC8,449,2786.87%~7,539
(none)5,700,0304.64%~3,235
STORE_PUBLIC_UNNECESSARY3,571,2852.91%~2,132
FIELD_DEPRECATED, FRESHNESS_HEURISTIC3,480,0992.83%~3,451
FIELD_DEPRECATED, FRESHNESS_HEURISTIC, NEL_REPORT_TO_MISSING2,467,2542.01%~2,591
FIELD_DEPRECATED2,462,6002.00%~1,490
CC_CONFLICTING, REQUEST_HDR_IN_RESPONSE2,438,7051.98%~1,736
CC_CONFLICTING2,088,8941.70%~1,546
FIELD_DEPRECATED, STORE_PUBLIC_UNNECESSARY1,731,6361.41%~1,263
CC_CONFLICTING, FIELD_DEPRECATED, REQUEST_HDR_IN_RESPONSE1,641,4481.34%~1,189
FRESHNESS_HEURISTIC, HSTS_NO_SUBDOMAINS1,293,9001.05%~1,602
FIELD_DEPRECATED, NEL_REPORT_TO_MISSING1,263,4741.03%~1,387
FRESHNESS_NO_CACHE_NO_VALIDATOR1,253,8931.02%~871
HSTS_NO_SUBDOMAINS, STORE_PUBLIC_UNNECESSARY1,220,0340.99%~851
HSTS_NO_SUBDOMAINS1,208,5690.98%~896
CC_CONFLICTING, FIELD_DEPRECATED1,139,6750.93%~600
FIELD_DEPRECATED, NEL_REPORT_TO_MISSING, STORE_PUBLIC_UNNECESSARY1,066,9910.87%~1,004
FIELD_DEPRECATED, HSTS_NO_SUBDOMAINS808,5740.66%~500
CC_CONFLICTING, FIELD_DEPRECATED, NEL_REPORT_TO_MISSING, REQUEST_HDR_IN_RESPONSE697,5800.57%~758
VARY_DUPLICATE691,0480.56%~670
FIELD_DEPRECATED, FRESHNESS_HEURISTIC, HSTS_NO_SUBDOMAINS652,6140.53%~887
CC_CONFLICTING, VARY_COMPLEX602,5940.49%~480
ACCEPT_CH_MISSING_VARY, CC_CONFLICTING, CSP_DEPRECATED_REPORT_URI, CSP_HTTP_URI, CSP_UNSAFE_EVAL, CSP_UNSAFE_INLINE, FIELD_DEPRECATED, FRESHNESS_NO_CACHE_NO_VALIDATOR, REQUEST_HDR_IN_RESPONSE560,0990.46%~213
FIELD_DEPRECATED, HSTS_NO_SUBDOMAINS, STORE_PUBLIC_UNNECESSARY555,3860.45%~388
FRESHNESS_HEURISTIC, SET_COOKIE_LIFETIME_TOO_LONG508,1840.41%~293
… 1975 more clusters not shown …

Conditional lifts

For the most common co-occurring finding pairs: P(A|B) is the share of responses with finding B that also carry A. Lift > 1 means the two fire together more than independent prevalence predicts — the clumping signal.

Finding AFinding BCo-occurrencesP(A|B)P(B|A)Lift
CC_CONFLICTINGREQUEST_HDR_IN_RESPONSE21,313,55477.6%59.4%2.7×
CC_CONFLICTINGFIELD_DEPRECATED18,328,38030.7%51.1%1.1×
FIELD_DEPRECATEDREQUEST_HDR_IN_RESPONSE15,021,05454.7%25.1%1.1×
CSP_UNSAFE_EVALCSP_UNSAFE_INLINE14,525,75882.5%99.2%6.9×
FIELD_DEPRECATEDFRESHNESS_HEURISTIC14,283,81445.5%23.9%0.9×
FIELD_DEPRECATEDHSTS_NO_SUBDOMAINS14,250,90749.2%23.8%1.0×
FIELD_DEPRECATEDNEL_REPORT_TO_MISSING12,981,322100.0%21.7%2.1×
CSP_UNSAFE_INLINEFIELD_DEPRECATED12,433,32920.8%70.6%1.5×
FIELD_DEPRECATEDSTORE_PUBLIC_UNNECESSARY10,608,64548.4%17.7%1.0×
CSP_UNSAFE_EVALFIELD_DEPRECATED10,194,57717.1%69.6%1.4×
CC_CONFLICTINGHSTS_NO_SUBDOMAINS8,651,52229.9%24.1%1.0×
CC_CONFLICTINGCSP_UNSAFE_INLINE6,658,08537.8%18.6%1.3×
HSTS_NO_SUBDOMAINSSTORE_PUBLIC_UNNECESSARY6,585,44430.1%22.7%1.3×
HSTS_NO_SUBDOMAINSREQUEST_HDR_IN_RESPONSE6,319,87023.0%21.8%1.0×
FRESHNESS_HEURISTICHSTS_NO_SUBDOMAINS6,080,85121.0%19.4%0.8×
CSP_DEPRECATED_REPORT_URICSP_UNSAFE_INLINE5,911,67333.6%84.2%5.9×
FIELD_DEPRECATEDSET_COOKIE_LIFETIME_TOO_LONG5,755,84754.2%9.6%1.1×
CC_CONFLICTINGCSP_UNSAFE_EVAL5,751,14939.3%16.0%1.3×
CSP_DEPRECATED_REPORT_URIFIELD_DEPRECATED5,529,9379.3%78.8%1.6×
CSP_UNSAFE_INLINEHSTS_NO_SUBDOMAINS5,412,24518.7%30.7%1.3×
BAD_DATE_SYNTAXREQUEST_HDR_IN_RESPONSE5,265,14919.2%81.5%3.6×
CSP_DEPRECATED_REPORT_URICSP_UNSAFE_EVAL5,013,26434.2%71.4%6.0×
CSP_UNSAFE_INLINEREQUEST_HDR_IN_RESPONSE4,766,41317.3%27.1%1.2×
CSP_UNSAFE_EVALHSTS_NO_SUBDOMAINS4,701,26816.2%32.1%1.4×
FIELD_DEPRECATEDFRESHNESS_NO_CACHE_NO_VALIDATOR4,700,71753.8%7.9%1.1×

Unseen note types

Reachable but not triggered (131)

httplint defines these warn/bad notes and cc-lint's response-header pipeline can reach them; none of them fired on any analysed response.

Body-only (not reachable in WAT mode) (4)

These notes only fire when the response body is fed to httplint. cc-lint reads WAT metadata records (response headers only), so they are unreachable without a future full-WARC mode.

Request-only (not reachable for response linting) (9)

These notes only fire from httplint's request-side code paths. cc-lint runs HttpResponseLinter against WAT response metadata, so they cannot fire on this pipeline.

Top Response Headers

Most common response header names. Count is per header occurrence — a response that sends a header more than once counts each line — so the percentage is occurrences ÷ responses and may slightly exceed a header’s response-presence count shown in other sections.

The long tail of rare values was elided during shuffle to keep cluster memory bounded; counts and percentages below describe the retained head only.

HeaderCount% of responses
set-cookie238,378,526194.0%
content-length122,875,593100.0%
content-type122,848,015100.0%
date122,298,91199.5%
vary112,681,47191.7%
cache-control98,177,84079.9%
server94,787,33277.1%
strict-transport-security71,294,72258.0%
x-frame-options60,521,37849.2%
x-content-type-options60,244,51949.0%
server-timing55,581,82045.2%
expires44,968,54436.6%
link43,505,57635.4%
x-xss-protection41,103,75633.4%
content-security-policy38,270,59231.1%
x-cache32,362,55926.3%
alt-svc32,351,07426.3%
cf-ray30,599,76724.9%
via30,429,66724.8%
cf-cache-status30,131,52024.5%
referrer-policy28,948,19023.6%
x-powered-by27,941,51222.7%
pragma27,337,91622.2%
etag27,061,04222.0%
last-modified25,956,00821.1%
accept-ranges21,869,02017.8%
age17,943,69114.6%
x-amz-cf-pop17,267,00214.0%
x-amz-cf-id16,825,39313.7%
access-control-allow-origin16,045,89513.1%
connection15,389,56212.5%
report-to14,955,36312.2%
nel13,808,64911.2%
content-language12,220,5079.9%
permissions-policy10,508,1438.5%
xkey10,167,0658.3%
x-served-by8,411,5126.8%
x-akamai-transformed8,229,6096.7%
x-cache-hits7,908,5076.4%
x-request-id7,618,4766.2%
x-permitted-cross-domain-policies7,282,2955.9%
x-timer6,897,8535.6%
access-control-allow-headers6,316,1585.1%
keep-alive6,182,6235.0%
x-download-options6,169,3365.0%
access-control-allow-methods5,681,5934.6%
x-ua-compatible5,210,1984.2%
x-envoy-upstream-service-time4,811,9993.9%
access-control-allow-credentials4,608,4183.7%
cross-origin-opener-policy4,425,1443.6%

Header byte economics

How many bytes of response header the corpus ships, and how that budget splits by field category. Bytes are uncompressedlen(name) + len(value) + 4 (the : and CRLF framing) per header occurrence, summed over a response’s field lines. HTTP/2 and HTTP/3 compress repeated headers heavily with HPACK/QPACK, so this overstates on-the-wire cost; it measures origin / pre-compression intent. Crawler-injected x-crawler-* headers are excluded.

Mean header block: 1.3 KB per response across 122,905,867 responses.

Header-block size distribution

Header-block sizeResponses% of responses
<256 B5,092,2934.1%
256-1023 B68,632,66755.9%
1-4 KB42,609,54334.7%
4-8 KB5,246,2604.3%
8-16 KB1,120,4940.9%
16-32 KB173,0350.1%
32+ KB1940.0%

Bytes by field category

The long tail of rare values was elided during shuffle to keep cluster memory bounded; counts and percentages below describe the retained head only.

Share of the head-of-distribution header bytes carried by registered, deprecated, and non-registered fields. Classification reuses httplint’s field knowledge (the same registered/non-standard boundary the Vary section uses).

CategoryBytes% of header bytes
Standard (registered)136.6 GB88.1%
Deprecated / obsoleted3.6 GB2.3%
Proprietary (non-registered)14.8 GB9.6%

Notable single headers

HeaderBytes% of header bytesNote
set-cookie36.8 GB23.7%Cost is upstream and recurring: each cookie is echoed on every subsequent request, so this understates its real traffic share.
content-security-policy31.7 GB20.4%The largest single policy header; see the per-site CSP size distribution below.

Top Response Headers by bytes

The long tail of rare values was elided during shuffle to keep cluster memory bounded; counts and percentages below describe the retained head only.

A different ranking than top-by-count: a header can be rare but huge (a giant CSP) or ubiquitous but small.

HeaderBytes% of header bytes
set-cookie36.8 GB23.7%
content-security-policy31.7 GB20.4%
link12.6 GB8.1%
content-security-policy-report-only5.3 GB3.4%
content-type4.4 GB2.9%
cache-control4.3 GB2.7%
date4.2 GB2.7%
strict-transport-security3.9 GB2.5%
report-to3.3 GB2.1%
vary3.1 GB2.0%
content-length2.7 GB1.7%
server-timing2.7 GB1.7%
x-content-type-options1.9 GB1.2%
server1.7 GB1.1%
x-frame-options1.7 GB1.1%
via1.5 GB1.0%
expires1.5 GB1.0%
permissions-policy1.5 GB0.9%
referrer-policy1.2 GB0.8%
x-xss-protection1.2 GB0.8%
last-modified1.1 GB0.7%
x-amz-cf-id1.1 GB0.7%
alt-svc1.1 GB0.7%
nel954.7 MB0.6%
etag931.8 MB0.6%
cf-ray875.5 MB0.6%
x-cache798.6 MB0.5%
cf-cache-status726.1 MB0.5%
x-powered-by690.4 MB0.4%
x-content-security-policy682.3 MB0.4%
xkey619.1 MB0.4%
reporting-endpoints595.6 MB0.4%
access-control-allow-origin592.9 MB0.4%
access-control-allow-headers538.3 MB0.3%
x-served-by484.5 MB0.3%
x-webkit-csp481.8 MB0.3%
pragma466.7 MB0.3%
accept-ranges457.4 MB0.3%
x-amz-cf-pop399.8 MB0.3%
x-request-id380.9 MB0.2%
connection351.2 MB0.2%
accept-ch335.8 MB0.2%
x-akamai-transformed311.0 MB0.2%
x-permitted-cross-domain-policies288.9 MB0.2%
access-control-allow-methods286.4 MB0.2%
content-language268.6 MB0.2%
p3p266.2 MB0.2%
x-timer259.0 MB0.2%
origin-trial244.7 MB0.2%
feature-policy220.7 MB0.1%

Non-Standard Header Census

Proprietary response headers — names httplint has no parser for and that are not deprecated, the same registered/non-standard boundary the Vary and byte-economics sections use. This is where the vendor-owned x- namespace lives and where de-facto conventions are born. Only header names are counted — values are never retained, since many carry opaque request-ids or tokens. Crawler-injected x-crawler-* headers are excluded. Counts are responses carrying the header (a header is counted once per response).

The long tail of rare values was elided during shuffle to keep cluster memory bounded; counts and percentages below describe the retained head only.

Cluster totals are head-only lower bounds: they are derived from the shuffle-retained head of the header distribution, so the long tail of rare proprietary names is already discarded before this clustering runs.

5,000 distinct non-standard header names in the retained head, across 364,324,054 response-header appearances (14.8 GB). 15 (0%) are well-known-but-unregistered de-facto headers (x-forwarded-*, x-request-id, …); the other 4,985 are the novel tail.

By inferred vendor

Attribution is by header name (the same fingerprint signal table the infrastructure section uses, so the two agree on vendor identity); a name in no vendor namespace is Unattributed. This view tells the incentives story.

ClusterDistinct headersResponses% of non-standard bytesExample members
Unattributed4,873221,845,47264.2%x-cache-hits, x-request-id, x-permitted-cross-domain-policies, x-dns-prefetch-control, x-cache-status, x-drupal-dynamic-cache, request-context, x-cacheable
cloudflare1764,066,40012.2%cf-ray, cf-cache-status, cf-edge-cache, cf-apo-via, cf-h2-pushed, cf-ipcountry, cf-placement, cf-connecting-ip
cloudfront233,650,82610.2%x-amz-cf-pop, x-amz-cf-id
fastly315,856,7715.4%x-served-by, x-timer, surrogate-key
akamai6214,221,6624.3%x-akamai-transformed, akamai-grn, akamai-cache-status, akamai-request-bc, x-akamai-reference-id, x-akamai-request-id, x-akamai-trace-id, x-akamai-erpolicy
envoy75,394,9441.4%x-envoy-upstream-service-time, x-envoy-decorator-operation, x-envoy-attempt-count, x-envoy-response-flags, x-envoy-datacenter, x-envoy-upstream-address, x-envoy-cluster
vercel224,623,0431.2%x-vercel-id, x-vercel-cache, x-vercel-ip-country, x-vercel-ip-latitude, x-vercel-ip-longitude, x-vercel-ip-city, x-vercel-ip-country-region, x-vercel-ip-as-number
nextjs73,142,3300.5%x-nextjs-cache, x-nextjs-prerender, x-nextjs-stale-time, x-nextjs-date, x-nextjs-postponed, x-nextjs-rewritten-path, x-nextjs-matched-path
azure-front-door71,522,6060.7%x-azure-ref, x-azure-clientip, x-azure-originstatuscode, x-azure-fdid, x-azure-ja4-fingerprint, x-azure-requestchainv2, x-azure-socketip

By semantic family

What the header is for, from a data-driven name-pattern table.

ClusterDistinct headersResponses% of non-standard bytesExample members
Routing / forwarding14237,657,2998.7%x-amz-cf-pop, x-served-by, x-vhost, host-header, x-pantheon-styx-hostname, x-backend, x-dispatcher, x-host
Caching25465,617,61514.7%cf-cache-status, x-cache-hits, x-cache-status, x-drupal-dynamic-cache, x-cacheable, x-vercel-cache, x-nextjs-cache, cf-edge-cache
Observability / tracing6486,457,72026.1%cf-ray, x-amz-cf-id, x-request-id, x-timer, x-envoy-upstream-service-time, akamai-grn, request-context, x-vercel-id
Security97,269,8232.0%x-permitted-cross-domain-policies, x-framework, x-content-security-policy-report-only, x-frame-ancestors, x-webkit-csp-report-only, x-xssprotection, x-frames-options, x-frameoptions
Other / unclassified4,531167,321,59748.5%x-akamai-transformed, x-dns-prefetch-control, x-robots-tag, x-matched-path, x-rq, x-middleware-rewrite, x-hacker, origin-agent-cluster

By prefix

Auto-derived from the name, so a brand-new vendor namespace forms its own cluster the moment it appears.

ClusterDistinct headersResponses% of non-standard bytesExample members
cf-*1864,094,69812.2%cf-ray, cf-cache-status, cf-edge-cache, cf-apo-via, cf-h2-pushed, cf-ipcountry, cf-placement, cf-connecting-ip
x-amz-*4536,291,09711.0%x-amz-cf-pop, x-amz-cf-id, x-amz-server-side-encryption, x-amz-apigw-id, x-amz-version-id, x-amz-request-id, x-amz-id-2, x-amz-rid
x-cache-*12014,698,8202.4%x-cache-hits, x-cache-status, x-cache-group, x-cache-key, x-cache-ttl, x-cache-age, x-cache-rule, x-cache-info
x-akamai-*449,325,4132.5%x-akamai-transformed, x-akamai-reference-id, x-akamai-request-id, x-akamai-trace-id, x-akamai-erpolicy, x-akamai-erruleid, x-akamai-edgescape, x-akamai-user-cache-control
x-request-*348,474,1972.8%x-request-id, x-request-category, x-request-ip, x-request-originated-from, x-request-source, x-request-counters, x-request-timestamp, x-request-detected-device
x-served-*58,441,2993.2%x-served-by, x-served-by-dyno, x-served, x-served-by-pod, x-served-version
x-permitted-*17,198,4911.9%x-permitted-cross-domain-policies
x-timer-*16,897,8531.7%x-timer
cdn-*276,148,8911.2%cdn-requestid, cdn-cache, cdn-proxyver, cdn-pullzone, cdn-requestcountrycode, cdn-requesttime, cdn-status, cdn-cachedat
x-envoy-*75,394,9441.4%x-envoy-upstream-service-time, x-envoy-decorator-operation, x-envoy-attempt-count, x-envoy-response-flags, x-envoy-datacenter, x-envoy-upstream-address, x-envoy-cluster
akamai-*194,900,1051.8%akamai-grn, akamai-cache-status, akamai-request-bc, akamai-grn-www.adobe.com, akamai-origin-hop, akamai-edgescape, akamai-mon-iucid-del, akamai-x-url
x-arc-*74,774,0961.0%x-arc-request-id, x-arc-pb-request-id, x-arc-pb-mx-id, x-arc-ttl, x-arc-pb-edge, x-arc, x-arc-edgecontroller
x-vercel-*224,623,0431.2%x-vercel-id, x-vercel-cache, x-vercel-ip-country, x-vercel-ip-latitude, x-vercel-ip-longitude, x-vercel-ip-city, x-vercel-ip-country-region, x-vercel-ip-as-number
x-dns-*14,358,5410.8%x-dns-prefetch-control
x-td-*313,177,0730.7%x-td-cu2, x-td-cachecontrol, x-td-cachecontrol-type, x-td-control-ttlreal, x-td-control, x-td-cache-touch, x-td-control-ex, x-td-group
x-nextjs-*73,142,3300.5%x-nextjs-cache, x-nextjs-prerender, x-nextjs-stale-time, x-nextjs-date, x-nextjs-postponed, x-nextjs-rewritten-path, x-nextjs-matched-path
x-ftr-*62,948,1031.1%x-ftr-backend, x-ftr-backend-server, x-ftr-balancer, x-ftr-cache-status, x-ftr-request-id, x-ftr-kiosq-server-side
request-*82,745,5601.1%request-context, request-id, request-grn, request-handler-metrics, request-uuid, request-uri, request-time, request-url
x-drupal-*112,646,9711.7%x-drupal-dynamic-cache, x-drupal-cache-max-age, x-drupal-cache-tags, x-drupal-cache-contexts, x-drupal-cache-control, x-drupal-cache-tags-1, x-drupal-cache-tags-2, x-drupal-cache-tags-3
x-amzn-*92,520,5031.1%x-amzn-trace-id, x-amzn-requestid, x-amzn-remapped-content-length, x-amzn-remapped-date, x-amzn-remapped-connection, x-amzn-remapped-server, x-amzn-remapped-x-amzn-requestid, x-amzn-remapped-x-amzn-remapped-connection
origin-*102,211,8471.9%origin-agent-cluster, origin-trial, origin-cache-control, origin-edge-control, origin-cc, origin-ex, origin-name, origin-cache-tag
x-cacheable-*21,915,2480.3%x-cacheable, x-cacheable-ttl
x-middleware-*91,908,1961.1%x-middleware-rewrite, x-middleware-set-cookie, x-middleware-locale, x-middleware-servicename, x-middleware-next, x-middleware-cache, x-middleware-start, x-middleware-duration
x-robots-*21,851,4730.5%x-robots-tag, x-robots-tag-host
x-matched-*21,813,5150.5%x-matched-path, x-matched-location
x-cdn-*251,778,9080.2%x-cdn, x-cdn-cache-status, x-cdn-cache-id, x-cdn-pop, x-cdn-cache, x-cdn-traceid, x-cdn-ttl, x-cdn-pop-ip
x-rq-*11,756,6690.2%x-rq
x-server-*251,679,2540.3%x-server, x-server-name, x-server-lifecycle-phase, x-server-version, x-server-id, x-server-powered-by, x-server-generated, x-server-varnish-web
x-vhost-*21,634,6960.2%x-vhost, x-vhost-debug
x-country-*101,582,0210.2%x-country-code, x-country-code-real, x-country, x-country-filter, x-country-name, x-country-code-2, x-country-origin, x-country-region

Top non-standard headers

HeaderInferred vendorResponsesClass
cf-raycloudflare30,599,767novel
cf-cache-statuscloudflare30,131,520novel
x-amz-cf-popcloudfront16,825,433novel
x-amz-cf-idcloudfront16,825,393novel
x-served-byfastly8,411,506novel
x-akamai-transformedakamai8,229,609novel
x-cache-hits7,908,507novel
x-request-id7,570,558de-facto
x-permitted-cross-domain-policies7,198,491de-facto
x-timerfastly6,897,853novel
x-envoy-upstream-service-timeenvoy4,811,999novel
x-dns-prefetch-control4,358,541de-facto
akamai-grnakamai2,996,859novel
x-cache-status2,756,845novel
x-drupal-dynamic-cache2,442,962novel
request-context2,335,770novel
x-cacheable1,898,968novel
x-vercel-idvercel1,896,213novel
x-vercel-cachevercel1,895,576novel
x-robots-tag1,838,450novel
x-matched-path1,794,439novel
x-rq1,756,669novel
x-vhost1,619,767novel
host-header1,566,455novel
x-middleware-rewrite1,522,242novel
x-azure-refazure-front-door1,427,985novel
x-iinfo1,424,353novel
x-nextjs-cachenextjs1,403,016novel
x-hacker1,387,748novel
origin-agent-cluster1,290,004novel
cf-edge-cachecloudflare1,275,994novel
x-styx-req-id1,269,482novel
x-pantheon-styx-hostname1,267,678novel
x-cdn1,176,451novel
cf-apo-viacloudflare1,135,245novel
timing-allow-origin1,107,935novel
x-age1,102,220novel
x-cache-group1,050,040novel
x-oneagent-js-injection1,015,328novel
x-dw-request-base-id1,014,149novel
akamai-cache-statusakamai1,009,861novel
surrogate-control973,513novel
status949,918novel
x-arc-request-id946,627novel
x-backend938,390novel
x-arc-pb-request-id930,610novel
x-arc-pb-mx-id930,403novel
x-arc-ttl929,520novel
x-amzn-trace-id878,801novel
xkey831,913novel

Infrastructure

Best-effort fingerprint of the CDN / server / framework / platform behind each response, from signal headers. A response can match several layers (a stack), so the counts below overlap and need not sum to the response total. Fingerprinted 81.1% of responses; 23,261,311 matched no known layer.

LayerRoleResponses% of responses
cloudflarecdn30,643,29924.9%
nginxserver26,488,66521.6%
cloudfrontcdn16,873,79013.7%
apacheserver13,203,68210.7%
akamaicdn12,790,45010.4%
fastlycdn9,918,2468.1%
nextjsframework8,282,9016.7%
envoymesh4,811,9993.9%
vercelplatform1,896,2131.5%
azure-front-doorcdn1,427,9851.2%
nuxtframework1,024,8180.8%

Headers by infrastructure

For the highest-volume response headers, how that header's occurrences are split across fingerprint layers: each percentage is the layer's share of this header's total occurrences, not the fraction of that layer's responses carrying the header. So a near-universal header roughly mirrors each platform's overall traffic share. Layers overlap, so shares need not sum to 100%.

The long tail of rare values was elided during shuffle to keep cluster memory bounded; counts and percentages below describe the retained head only.

HeaderLayers (share of this header's occurrences)
set-cookiecloudflare 25% akamai 25% nginx 16% cloudfront 10% apache 9% envoy 8%
datecloudflare 25% nginx 22% cloudfront 14% apache 11% akamai 10% fastly 8%
content-lengthcloudflare 25% nginx 22% cloudfront 14% apache 11% akamai 10% fastly 8%
content-typecloudflare 25% nginx 22% cloudfront 14% apache 11% akamai 10% fastly 8%
varycloudflare 29% nginx 20% cloudfront 15% akamai 11% apache 10% fastly 8%
servercloudflare 32% nginx 28% apache 14% cloudfront 13% akamai 7% nextjs 6%
cache-controlcloudflare 25% nginx 21% cloudfront 14% akamai 12% apache 9% fastly 9%
strict-transport-securitycloudflare 23% nginx 19% akamai 14% cloudfront 14% fastly 12% apache 8%
server-timingcloudflare 51% akamai 48% nextjs 7% fastly 6% nginx 5% envoy 5%
x-frame-optionscloudflare 23% nginx 22% akamai 14% cloudfront 14% fastly 10% apache 10%
x-content-type-optionscloudflare 25% nginx 19% cloudfront 15% akamai 14% apache 10% fastly 10%
linkcloudflare 30% nginx 28% akamai 12% fastly 12% cloudfront 11% nextjs 9%
x-cachecloudfront 51% nginx 26% fastly 23% cloudflare 13% nextjs 8% apache 7%
expirescloudflare 23% nginx 21% akamai 18% apache 15% cloudfront 7% fastly 6%
x-xss-protectioncloudflare 22% nginx 20% cloudfront 16% akamai 14% fastly 9% apache 9%
viacloudfront 54% nginx 25% fastly 20% cloudflare 13% nextjs 10% apache 9%
content-security-policycloudflare 22% akamai 16% cloudfront 16% nginx 15% fastly 11% apache 8%
cf-raycloudflare 100% nextjs 7% cloudfront 4% fastly 4% envoy 3% vercel 2%
cf-cache-statuscloudflare 100% nextjs 7% cloudfront 4% fastly 3% envoy 3% vercel 2%
alt-svccloudflare 53% cloudfront 16% nginx 10% fastly 8% akamai 8% nextjs 8%
x-powered-bycloudflare 30% nextjs 28% nginx 23% cloudfront 16% apache 7% akamai 6%
etagnginx 24% cloudfront 23% akamai 19% nextjs 14% fastly 13% apache 8%
referrer-policycloudflare 26% nginx 19% cloudfront 18% akamai 10% fastly 8% apache 8%

Top networks (ASN)

Autonomous System the crawl-time IP resolved to, by response count. Reflects the outermost network the crawler reached (a fronting CDN, or the origin's host). Operator names who owns the network (a seeded map of well-known ASNs); Layer is the header-derived fingerprint, if any. The two are complementary -- a generic cloud ASN carries no CDN fingerprint, which is itself informative.

ASNOperatorLayerResponses% of responses
AS16509Amazon (AWS)14,911,43312.1%
AS54113Fastlyfastly5,307,1814.3%
AS13335Cloudflarecloudflare4,249,4613.5%
AS16625akamai4,131,6123.4%
AS20940Akamaiakamai3,203,0152.6%
AS3969822,343,2471.9%
AS14618Amazon (AWS)2,339,7381.9%
AS16276OVH1,700,9071.4%
AS24940Hetzner1,617,1621.3%
AS8075Microsoft1,352,0301.1%
AS195511,275,1961.0%
AS209242920,2110.7%
AS2635853,1130.7%
AS51115804,4550.7%
AS14061DigitalOcean675,3670.5%
AS57724535,1410.4%
AS63949472,8240.4%
AS680461,2430.4%
AS49505342,4280.3%
AS2497329,5590.3%
AS50340282,1550.2%
AS24429262,5650.2%
AS30148259,0080.2%
AS60068258,7060.2%
AS52580248,7880.2%
AS31898203,3420.2%
AS200350184,4800.2%
AS35280183,1070.1%
AS197695181,7180.1%
AS8560176,6160.1%
AS36351166,4380.1%
AS135905162,5880.1%
AS201706158,3380.1%
AS786156,7020.1%
AS137151,4150.1%
AS54994148,7400.1%
AS60781141,3160.1%
AS43298140,5020.1%
AS32244137,8170.1%
AS36459130,9890.1%
AS12876122,8910.1%
AS37963122,5790.1%
AS24638122,2840.1%
AS57352120,5840.1%
AS135354120,4660.1%
AS4694118,5690.1%
AS7941116,0290.1%
AS15830115,5860.1%
AS45899113,0870.1%
AS139341112,5970.1%

Vary composition

Composition of Vary across the 102,952,832 responses that carried one. A recipe is the lowercased, deduped, sorted set of field-names in a response's Vary — where synthetic cache-key engineering shows up. Responses is occurrence-weighted (one CDN origin can emit a recipe across millions of responses); Sites is a HyperLogLog estimate of distinct operators.

Top Vary recipes

RecipeResponses% of VarySitesSynthetic tokens
accept-encoding74,080,75571.96%~37,460
accept-encoding, cookie5,622,6135.46%~3,212
accept-encoding, user-agent5,465,4975.31%~2,674
accept-encoding, origin2,259,0012.19%~1,625
accept-encoding, next-router-prefetch, next-router-segment-prefetch, next-router-state-tree, rsc2,094,7582.03%~1,0344
accept-encoding, next-router-prefetch, next-router-state-tree, rsc720,7010.70%~5653
origin614,7550.60%~613
next-router-prefetch, next-router-segment-prefetch, next-router-state-tree, rsc612,3750.59%~3564
user-agent543,4600.53%~530
accept-encoding, x-country-code, x-ftr-abtest-group, x-ftr-kiosq-server-side-entitlements, x-ftr-kiosq-server-side-user-status, x-ftr-kiosq-user-status520,9080.51%~445
cookie480,9020.47%~533
accept-encoding, cookie, user-agent424,2760.41%~163
accept-encoding, cookie, origin333,8140.32%~133
*332,8980.32%~267
accept, accept-encoding, content-type330,3200.32%~81
accept-encoding, x-forwarded-proto277,2150.27%~1751
accept-encoding, access-control-request-headers, access-control-request-method, origin269,9100.26%~167
accept-encoding, accept-language255,1110.25%~97
accept, accept-encoding249,2570.24%~669
accept-encoding, accept-language, cookie223,9980.22%~118
accept-encoding, origin, x-nfl-geo206,1480.20%~301
device-memory, sec-ch-dpr, sec-ch-viewport-width185,0520.18%~13
accept-language, cookie144,9550.14%~55
accept-encoding, host140,6570.14%~46
accept-encoding, origin, user-agent139,9480.14%~77
… 1001 more recipes not shown …

Top Vary recipes (Accept-Encoding factored out)

Accept-Encoding appears in the large majority of Vary headers and flattens the ranking. Here it is removed from each recipe and the remainders re-merged (site counts union exactly), so the meaningful axes surface.

RecipeResponses% of VarySitesSynthetic tokens
(accept-encoding only)74,080,75571.96%~37,460
cookie6,103,5155.93%~3,515
user-agent6,008,9575.84%~2,834
origin2,873,7562.79%~1,793
next-router-prefetch, next-router-segment-prefetch, next-router-state-tree, rsc2,707,1332.63%~1,3604
next-router-prefetch, next-router-state-tree, rsc844,3110.82%~7153
x-country-code, x-ftr-abtest-group, x-ftr-kiosq-server-side-entitlements, x-ftr-kiosq-server-side-user-status, x-ftr-kiosq-user-status520,9080.51%~445
cookie, user-agent472,4720.46%~179
*418,0630.41%~334
cookie, origin413,2490.40%~184
access-control-request-headers, access-control-request-method, origin406,5060.39%~243
accept-language, cookie368,9530.36%~170
accept363,5860.35%~732
accept, content-type336,9700.33%~92
x-forwarded-proto288,2440.28%~1951
accept-language266,0680.26%~102
origin, x-nfl-geo206,1790.20%~301
device-memory, sec-ch-dpr, sec-ch-viewport-width185,0520.18%~13
origin, user-agent183,6830.18%~81
host148,4290.14%~68
x-requested-with126,6160.12%~651
accept, sec-fetch-site, turbo-frame, turbo-visit, x-pjax, x-pjax-container, x-requested-with123,8040.12%~16
https122,1300.12%~1121
next-router-prefetch, next-router-state-tree, next-url, rsc117,8500.11%~1074
x-ua-device114,1590.11%~351
… 859 more recipes not shown …

High-interest axes

Prevalence of the cache-key / availability axes, as a share of responses carrying Vary.

Field-nameResponses% of VarySites
accept-encoding98,824,09295.99%~37,141
cookie8,503,3908.26%~4,560
user-agent7,573,1507.36%~2,878
accept-language967,4180.94%~450

Vary field-names (marginals)

Field-nameResponses% of VarySitesRegistered?
accept-encoding98,824,09295.99%~37,141yes
cookie8,503,3908.26%~4,560yes
user-agent7,573,1507.36%~2,878yes
origin4,952,4424.81%~2,498yes
rsc4,052,1913.94%~2,239no
next-router-prefetch4,006,2553.89%~2,219no
next-router-state-tree3,995,8453.88%~2,206no
next-router-segment-prefetch2,882,1502.80%~1,477no
accept1,112,3661.08%~1,060yes
accept-language967,4180.94%~450yes
content-type556,0600.54%~149yes
x-country-code528,7390.51%~61no
x-ftr-kiosq-user-status520,9080.51%~44no
x-ftr-kiosq-server-side-user-status520,9080.51%~44no
x-ftr-kiosq-server-side-entitlements520,9080.51%~44no
x-ftr-abtest-group520,9080.51%~44no
x-forwarded-proto504,3130.49%~304no
access-control-request-headers438,7200.43%~248yes
access-control-request-method438,5900.43%~248yes
x-ua-device348,4940.34%~51no
x-requested-with339,3990.33%~104no
authorization300,7100.29%~112yes
host270,0190.26%~101yes
x-device269,8370.26%~43no
x-nfl-geo206,5110.20%~28no
… 764 more not shown …

Non-standard Vary tokens

Tokens httplint's field registry does not recognise (≈ not IANA-registered), approximating the synthetic cache-key population. A lower bound: some schemes are consumed at the edge and never appear in Vary, and the classification is approximate (a real request header httplint lacks a parser for also lands here).

Field-nameResponses% of VarySites
rsc4,052,1913.94%~2,239
next-router-prefetch4,006,2553.89%~2,219
next-router-state-tree3,995,8453.88%~2,206
next-router-segment-prefetch2,882,1502.80%~1,477
x-country-code528,7390.51%~61
x-ftr-kiosq-user-status520,9080.51%~44
x-ftr-kiosq-server-side-user-status520,9080.51%~44
x-ftr-kiosq-server-side-entitlements520,9080.51%~44
x-ftr-abtest-group520,9080.51%~44
x-forwarded-proto504,3130.49%~304
x-ua-device348,4940.34%~51
x-requested-with339,3990.33%~104
x-device269,8370.26%~43
x-nfl-geo206,5110.20%~28
x-consumer-id206,4620.20%~77
sec-ch-viewport-width190,0700.18%~10
sec-fetch-site187,5590.18%~94
sec-ch-dpr185,0520.18%~1
device-memory185,0520.18%~1
x-vary-tcdn184,9550.18%~21
fastly-ssl182,1530.18%~23
next-url156,7630.15%~112
x-pjax131,4080.13%~2
x-pjax-container130,9830.13%~1
turbo-visit130,9830.13%~1
… 732 more not shown …

Cache-Control recipes

Composition of Cache-Control across the 95,671,749 responses that carried one. A recipe is the normalised, deduped, sorted set of directives in a response's Cache-Control, with every directive value collapsed to =N — so max-age=0 and max-age=31536000 share one recipe (the actual numbers are a separate distribution). This shows the whole shape operators ship, where CC_CONFLICTING flags only the conflict. Responses is occurrence-weighted (one CDN origin can emit a recipe across millions of responses); Sites is a HyperLogLog estimate of distinct operators.

Top Cache-Control recipes

RecipeResponses% of Cache-ControlSitesNon-standard
max-age=N, public11,162,26411.67%~6,571
max-age=N9,887,72610.34%~6,222
must-revalidate, no-cache, no-store9,023,0649.43%~6,224
max-age=N, must-revalidate, no-cache, no-store, private6,237,9416.52%~3,537
private4,511,3624.72%~3,395
max-age=N, must-revalidate, private3,885,2304.06%~1,575
no-cache3,598,3553.76%~2,745
max-age=N, no-cache, no-store3,326,0203.48%~1,408
max-age=N, must-revalidate2,959,6943.09%~2,948
no-cache, no-store2,859,8562.99%~1,857
max-age=N, private2,754,8642.88%~1,247
no-cache, private2,546,6482.66%~1,813
max-age=N, must-revalidate, no-cache, no-store2,456,8012.57%~2,110
max-age=N, public, s-maxage=N2,327,7552.43%~1,178
max-age=N, must-revalidate, public1,964,1422.05%~2,069
must-revalidate, no-cache, no-store, post-check=N, pre-check=N1,720,9311.80%~1,930
no-store1,666,3701.74%~894
must-revalidate, no-cache1,348,3221.41%~620
must-revalidate, no-cache, no-store, private1,287,0271.35%~625
max-age=N, public, s-maxage=N, stale-if-error=N, stale-while-revalidate=N1,218,6851.27%~297
no-store, private981,2131.03%~379
max-age=N, no-cache954,0091.00%~357
max-age=N, public, stale-if-error=N, stale-while-revalidate=N887,2400.93%~235
max-age=N, s-maxage=N799,2100.84%~902
s-maxage=N743,1690.78%~905
… 1138 more recipes not shown …

Cache-Control directives (marginals)

Prevalence of each directive, regardless of value or combination, as a share of responses carrying Cache-Control.

DirectiveResponses% of Cache-ControlSitesStandard?
max-age59,506,23562.20%~24,588yes
no-cache39,775,43741.57%~20,652yes
must-revalidate36,271,95237.91%~18,799yes
no-store32,425,77433.89%~17,109yes
private25,951,33227.13%~12,822yes
public22,989,44624.03%~11,018yes
s-maxage10,358,68110.83%~4,803yes
stale-while-revalidate6,556,9696.85%~2,055yes
stale-if-error4,266,6674.46%~1,168yes
pre-check2,528,3242.64%~2,061yes
post-check2,526,6762.64%~2,061yes
proxy-revalidate930,3750.97%~695yes
no-transform829,2320.87%~413yes
immutable155,0420.16%~279yes
max-stale93,0760.10%~41yes
s-max-age88,3660.09%~33no
store55,9040.06%~30no
stale-while-error47,1960.05%~3no
maxage34,5930.04%~25no
cache32,2890.03%~12no
v-stale-while-revalidate31,7950.03%~2no
v-maxage31,7950.03%~2no
off31,6060.03%~7no
public; max-age31,3190.03%~11no
nocache24,2100.03%~9no
min-age16,3400.02%~1no
private no-store16,3330.02%~4no
30015,7610.02%~1no
min-fresh:200000014,5830.02%~1no
vary13,6690.01%~2no
… 577 more not shown …

Non-standard directives

Directives outside httplint's RFC 9111 registry — vendor knobs, edge-CDN extensions, and typos. Approximate: a registered directive httplint lacks a parser for would also land here.

DirectiveResponses% of Cache-ControlSites
s-max-age88,3660.09%~33
store55,9040.06%~30
stale-while-error47,1960.05%~3
maxage34,5930.04%~25
cache32,2890.03%~12
v-stale-while-revalidate31,7950.03%~2
v-maxage31,7950.03%~2
off31,6060.03%~7
public; max-age31,3190.03%~11
nocache24,2100.03%~9
min-age16,3400.02%~1
private no-store16,3330.02%~4
30015,7610.02%~1
min-fresh:200000014,5830.02%~1
vary13,6690.01%~2
max-age 6048008,2380.01%~1
x-overridden-by-server-settings5,7680.01%~3
no-cache max-age4,7630.00%~1
public%2c+max-age%3d36003,7860.00%~1
m-maxage3,6710.00%~1
m-cache-type3,5910.00%~1
no-cache; no-store; must-revalidate; max-age3,1850.00%~1
cache-control: public3,1600.00%~5
603,0820.00%~2
no-cache;no-store;must-revalidate3,0580.00%~1
crsexpiresafter2,9460.00%~1
no-transform always2,4830.00%~1
max-age 602,3790.00%~1
false-cache2,1480.00%~1
must-ridate2,0430.00%~1
… 561 more not shown …

Numeric header value distributions

Per-occurrence distributions of numeric and temporal header values across all analysed responses that carried the field. Lifetimes use a shared log-scaled bucket set, so the histograms are comparable. The "negative" bucket holds anomalies (a value that parsed negative, or an Expires that predates Date — stale on arrival); "0" is a distinct deliberate "do not reuse" signal.

Cache-Control: max-age

Total occurrences: 59,819,132.

ValueOccurrences%
negative14,3870.0%
025,750,23743.0%
<1 min3,008,7305.0%
1-10 min12,977,40221.7%
10-60 min5,743,9929.6%
1-24 hours6,319,42910.6%
1-7 days3,070,2425.1%
7-30 days984,2571.6%
30-365 days1,215,6852.0%
1-10 years720,4221.2%
>10 years14,3490.0%

Cache-Control: s-maxage

Total occurrences: 10,380,653.

ValueOccurrences%
negative800.0%
0791,8717.6%
<1 min704,2616.8%
1-10 min2,543,71524.5%
10-60 min1,715,45816.5%
1-24 hours1,859,58417.9%
1-7 days872,3108.4%
7-30 days562,5745.4%
30-365 days734,8597.1%
1-10 years578,4145.6%
>10 years17,5270.2%

Age

Total occurrences: 17,936,255.

ValueOccurrences%
negative00.0%
011,384,42963.5%
<1 min578,4063.2%
1-10 min359,1942.0%
10-60 min511,6132.9%
1-24 hours2,772,34915.5%
1-7 days1,831,88410.2%
7-30 days445,0252.5%
30-365 days53,0010.3%
1-10 years3540.0%
>10 years00.0%

Strict-Transport-Security: max-age

Total occurrences: 69,367,959.

ValueOccurrences%
negative3,5240.0%
01,083,1981.6%
<1 min84,2320.1%
1-10 min1,908,6132.8%
10-60 min776,9921.1%
1-24 hours473,5310.7%
1-7 days2,047,9103.0%
7-30 days372,5080.5%
30-365 days12,808,66618.5%
1-10 years49,651,11971.6%
>10 years157,6660.2%

Cookie lifetime (Max-Age / Expires)

Total occurrences: 154,354,389.

ValueOccurrences%
negative8,607,8225.6%
06,550,1144.2%
<1 min554,1220.4%
1-10 min1,282,4260.8%
10-60 min15,708,57910.2%
1-24 hours21,732,81114.1%
1-7 days11,699,5697.6%
7-30 days11,335,5447.3%
30-365 days29,211,56118.9%
1-10 years36,256,20223.5%
>10 years11,415,6397.4%

Computed freshness lifetime

Total occurrences: 54,039,743.

ValueOccurrences%
negative4,881,7849.0%
015,051,25827.9%
<1 min3,054,7695.7%
1-10 min13,044,89924.1%
10-60 min5,765,38210.7%
1-24 hours6,294,88711.6%
1-7 days3,043,6555.6%
7-30 days957,8261.8%
30-365 days1,222,0492.3%
1-10 years708,6071.3%
>10 years14,6270.0%

Expires − Date delta

Total occurrences: 39,092,913.

ValueOccurrences%
negative19,633,82550.2%
07,214,35418.5%
<1 min874,2952.2%
1-10 min4,835,35012.4%
10-60 min1,778,8014.6%
1-24 hours2,320,1755.9%
1-7 days1,291,5393.3%
7-30 days370,8980.9%
30-365 days584,9231.5%
1-10 years172,3420.4%
>10 years16,4110.0%

Header co-occurrence

Which security / policy response headers travel together. A bundle is the set of those headers present on a response. The alphabet is scoped to a fixed, curated set of security/policy headers (configured in cooccur_alphabet.toml) so the bundle space stays bounded; (none) means none were present. Responses is occurrence-weighted (one CDN origin can emit a bundle across millions of responses); Sites is a HyperLogLog estimate of distinct operators. Shares are of all 122,905,867 analysed responses.

20.09% of responses (24,688,674) carried no security header from the tracked set.

Top header bundles

BundleResponses% of responsesSites
(none)24,688,67420.09%~15,835
strict-transport-security9,812,0787.98%~5,786
strict-transport-security, x-content-type-options, x-frame-options, x-xss-protection4,742,1463.86%~1,992
nel, report-to4,715,4883.84%~4,219
x-frame-options4,042,6313.29%~2,162
content-security-policy, strict-transport-security, x-content-type-options, x-frame-options, x-xss-protection3,780,0093.08%~1,501
content-security-policy, referrer-policy, strict-transport-security, x-content-type-options, x-frame-options, x-xss-protection3,306,0302.69%~1,582
strict-transport-security, x-frame-options3,290,1992.68%~1,267
strict-transport-security, x-content-type-options, x-frame-options3,216,7202.62%~1,432
referrer-policy, strict-transport-security, x-content-type-options, x-frame-options, x-xss-protection2,660,4982.16%~1,446
content-security-policy2,539,3842.07%~888
content-security-policy, strict-transport-security2,073,6911.69%~856
content-security-policy, strict-transport-security, x-content-type-options, x-frame-options1,913,8101.56%~726
content-security-policy, strict-transport-security, x-frame-options1,838,4101.50%~880
x-content-type-options, x-frame-options, x-xss-protection1,688,3101.37%~1,028
strict-transport-security, x-content-type-options1,563,8741.27%~1,158
content-security-policy, strict-transport-security, x-content-type-options1,486,8131.21%~634
x-content-type-options, x-frame-options1,455,1561.18%~1,347
strict-transport-security, x-content-type-options, x-xss-protection1,424,9891.16%~626
content-security-policy, permissions-policy, referrer-policy, strict-transport-security, x-content-type-options, x-frame-options, x-xss-protection1,210,7840.99%~923
content-security-policy, x-frame-options1,185,5610.96%~496
nel, report-to, strict-transport-security1,057,6010.86%~546
referrer-policy, strict-transport-security, x-content-type-options, x-frame-options, x-permitted-cross-domain-policies, x-xss-protection996,0990.81%~359
content-security-policy, referrer-policy, strict-transport-security, x-content-type-options, x-frame-options917,3380.75%~496
content-security-policy, strict-transport-security, x-content-type-options, x-xss-protection913,8570.74%~384
… 1339 more bundles not shown …

Conditional lifts

For the most common co-occurring pairs: P(A|B) is the share of responses carrying B that also carry A. Lift > 1 means the two appear together more than independent prevalence predicts — the bundling signal.

Header AHeader BCo-occurrencesP(A|B)P(B|A)Lift
strict-transport-securityx-content-type-options47,031,34781.3%67.6%1.4×
x-content-type-optionsx-frame-options43,264,07675.0%74.8%1.6×
strict-transport-securityx-frame-options43,248,42674.9%62.1%1.3×
x-content-type-optionsx-xss-protection36,959,64191.8%63.9%2.0×
strict-transport-securityx-xss-protection32,449,50980.6%46.6%1.4×
x-frame-optionsx-xss-protection31,216,05977.6%54.1%1.7×
content-security-policystrict-transport-security29,272,39542.1%78.6%1.4×
content-security-policyx-content-type-options26,152,42945.2%70.2%1.5×
referrer-policyx-content-type-options25,302,06943.8%89.3%1.9×
content-security-policyx-frame-options23,960,02441.5%64.3%1.4×
referrer-policystrict-transport-security23,737,43634.1%83.8%1.5×
referrer-policyx-frame-options21,537,54837.3%76.0%1.6×
referrer-policyx-xss-protection18,886,97346.9%66.7%2.0×
content-security-policyx-xss-protection18,818,42946.8%50.5%1.5×
content-security-policyreferrer-policy14,416,20650.9%38.7%1.7×
nelreport-to13,712,59292.2%99.6%8.2×
permissions-policyx-content-type-options8,901,82415.4%86.0%1.8×
permissions-policystrict-transport-security8,836,99912.7%85.3%1.5×
permissions-policyx-frame-options7,483,81013.0%72.3%1.5×
permissions-policyreferrer-policy7,047,32524.9%68.1%3.0×
x-content-type-optionsx-permitted-cross-domain-policies7,036,92097.8%12.2%2.1×
report-tostrict-transport-security6,909,9259.9%46.4%0.8×
report-tox-content-type-options6,763,05011.7%45.5%1.0×
x-permitted-cross-domain-policiesx-xss-protection6,441,79516.0%89.5%2.7×
content-security-policypermissions-policy6,368,11461.5%17.1%2.0×

Per-header prevalence

HeaderResponses% of responsesSites
strict-transport-security69,604,89656.63%~25,470
x-content-type-options57,813,60347.04%~20,883
x-frame-options57,719,35446.96%~21,610
x-xss-protection40,251,03732.75%~14,168
content-security-policy37,256,80730.31%~15,178
referrer-policy28,322,52623.04%~11,669
report-to14,876,49312.10%~10,066
nel13,771,42611.20%~9,532
permissions-policy10,355,9828.43%~4,443
x-permitted-cross-domain-policies7,198,4915.86%~2,999
cross-origin-opener-policy4,379,2653.56%~1,797
content-security-policy-report-only3,333,3302.71%~1,422
reporting-endpoints2,970,2192.42%~858
cross-origin-resource-policy2,242,2741.82%~1,094
origin-agent-cluster1,290,0041.05%~403
cross-origin-embedder-policy957,3290.78%~488

Default header set by infrastructure

Each fingerprint layer's modal bundle — the single most common security-header set among the responses attributed to it — and that bundle's share of the layer's fingerprinted responses. This is where defaultability shows: a high share means the platform ships that set by default. Layers overlap (a response can match several).

LayerRoleResponsesDefault bundleShare
cloudflarecdn30,643,299nel, report-to15.4%
nginxserver26,457,284(none)27.6%
cloudfrontcdn16,850,118(none)21.8%
apacheserver13,203,682(none)35.0%
akamaicdn12,790,450content-security-policy, strict-transport-security, x-content-type-options, x-frame-options, x-xss-protection10.2%
fastlycdn9,918,246strict-transport-security11.1%
nextjsframework8,282,901(none)24.1%
envoymesh4,811,999(none)10.5%
vercelplatform1,896,213strict-transport-security37.6%
azure-front-doorcdn1,427,985strict-transport-security16.6%
nuxtframework1,024,818(none)47.5%

Content-Security-Policy size by site

Distribution of the maximum CSP header byte size each site served, across all responses analyzed. A site appears in exactly one bucket -- the largest CSP it ever returned, regardless of how many WAT files it appeared in. Total sites with header data: 48,896.

CSP sizeSites% of sites
No CSP header33,78869.1%
1-99 B7,60815.6%
100-499 B3,1356.4%
500-999 B1,0902.2%
1000-1999 B1,0902.2%
2000-4999 B1,5053.1%
5000-9999 B5241.1%
10000+ B1560.3%

Legacy → modern transitions

For a curated set of deprecated/replacement header pairs, how far the corpus has moved from the legacy header to its modern equivalent. Each response is binned per pair: both sides present (a site mid-migration, paying the dual-emit cost), modern only, legacy only, or neither. Modern share is modern / (modern + legacy) over the legacy+modern presence signal — a both response counts on each side, and responses carrying neither are excluded so they can't drown the signal. Detection reads inside CSP and Cache-Control where the modern side is a directive, not a header. Shares are of all 122,905,867 analysed responses.

Pair (legacy → modern)BothModern onlyLegacy onlyModern shareSites both
Expires → Cache-Control: max-age25,451,914 (20.71%)34,054,32119,389,97957.0%~12,482
X-Frame-Options → CSP frame-ancestors16,601,858 (13.51%)8,794,92841,117,49630.6%~7,682
Pragma: no-cache → Cache-Control: no-cache22,265,740 (18.12%)17,509,6973,276,58560.9%~12,693
X-XSS-Protection → (no replacement)0 (0.00%)040,251,037n/a (no replacement)
Report-To → Reporting-Endpoints1,358,229 (1.11%)1,611,99013,518,26416.6%~358
Feature-Policy → Permissions-Policy457,143 (0.37%)9,898,8391,001,89087.7%~259

Per-site view (the meaningful unit for adoption): distinct operators emitting each side, with the modern share computed over sites.

Pair (legacy → modern)Legacy sitesModern sitesModern share (sites)
Expires → Cache-Control: max-age~21,291~24,58853.6%
X-Frame-Options → CSP frame-ancestors~21,610~9,73031.0%
Pragma: no-cache → Cache-Control: no-cache~13,866~20,65259.8%
X-XSS-Protection → (no replacement)~14,168n/a (no replacement)
Report-To → Reporting-Endpoints~10,066~8587.9%
Feature-Policy → Permissions-Policy~675~4,44386.8%