HSTS - Browser HTTPS Only

Download List of All Websites using HSTS - Browser HTTPS Only

   The HTTP Strict-Transport-Security response header (often abbreviated as HSTS) lets a web site tell browsers that it should only be accessed using HTTPS, instead of using HTTP for 63072000 seconds

Must Revalidate HTTP Cache-Control

Download List of All Websites using Must Revalidate HTTP Cache-Control

   Indicates that once a resource has become stale (e.g. max-age has expired), a cache must not use the response to satisfy subsequent requests for this resource without successful validation on the origin server.

NO Store HTTP Cache-Control

Download List of All Websites using NO Store HTTP Cache-Control

   The cache should not store anything about the client request or server response.

No Cache Content

Download List of All Websites using No Cache Content

   Forces caches to submit the request to the origin server for validation before releasing a cached copy.

Pragma Header - backwards compatibility with HTTP/1.0

Download List of All Websites using Pragma Header - backwards compatibility with HTTP/1.0

   The Pragma HTTP/1.0 general header is an implementation-specific header that may have various effects along the request-response chain. It is used for backwards compatibility with HTTP/1.0 caches where the Cache-Control HTTP/1.1 header is not yet present.

HTTP Upgrade Header - HTTP/2

Download List of All Websites using HTTP Upgrade Header - HTTP/2

   The HTTP Upgrade mechanism is used to establish HTTP/2 starting from plain HTTP. The client starts an HTTP/1.1 connection and sends an Upgrade: h2c header. If the server supports HTTP/2, it replies with HTTP 101 Switching Protocol status code. The HTTP Upgrade mechanism is used only for cleartext HTTP2 (h2c). In the case of HTTP2 over TLS (h2), the ALPN TLS protocol extension is used instead.

Block Content Sniffing

Download List of All Websites using Block Content Sniffing

   The X-Content-Type-Options response HTTP header is a marker used by the server to indicate that the MIME types advertised in the Content-Type headers should not be changed and be followed. This allows to opt-out of MIME type sniffing, or, in other words, it is a way to say that the webmasters knew what they were doing.

XSS-Protection Header

Download List of All Websites using XSS-Protection Header

   The HTTP X-XSS-Protection response header is a feature of Internet Explorer, Chrome and Safari that stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. Although these protections are largely unnecessary in modern browsers when sites implement a strong Content-Security-Policy that disables the use of inline JavaScript (`unsafe-inline`), they can still provide protections for users of older web browsers that don`t yet support CSP.

Apache 2.4.38

Download List of All Websites using Apache 2.4.38

   The Apache HTTP Server, colloquially called Apache, is free and open-source cross-platform web server software, released under the terms of Apache License 2.0. Apache is developed and maintained by an open community of developers under the auspices of the Apache Software Foundation.