Strict-Transport-Security

HTTP response header

Policy informing a client how long to cache the HTTPS policy and whether this applies to subdomains.

Header usage statistics

Strict-Transport-Security response header information and usage statistics.

Websites using header Strict-Transport-Security 15,334,305
Percentage of websites that use Strict-Transport-Security header 15.48%
Total discovered header values 6,157
Header uses directives Yes
Header values are unique or random No
Most popular in the country United States of America

Strict-Transport-Security Directives (3 total)

  • includesubdomains
  • max-age
  • preload

Strict-Transport-Security Directives

Strict-Transport-Security directives value information and usage statistics

Directive Share Websites count Unique Values
max-age 99.89% 15,317,718 838
includesubdomains 22.57% 3,461,539 533
preload 12.27% 1,880,905 330

Distribution by websites popularity

Strict-Transport-Security detection in the top websites by popularity

Top 10k sites 4,928 websites
Top 100k sites 37,206 websites
Top 1m sites 296,243 websites

Websites utilizing Strict-Transport-Security

List of websites that use Strict-Transport-Security header

Domain Country Rank Contacts
facebook.com Ireland 2
www.facebook.com Ireland 2
www.google.com United States of America 3
wordpress.org United States of America 4
youtube.com United States of America 6
www.youtube.com United States of America 6
See full domain list
Flat price per the report, subscription is not required.

Geographical Distribution

Header usage distribution by websites across the globe.






Common header values

List of top common Strict-Transport-Security header values

Header value Value prevalence
max-age=120 20.99%
max-age=31536000 15.01%
max-age=0 13.67%
max-age=7889238 5.80%
max-age=31536000; includeSubDomains 4.09%
max-age=31536000; includeSubDomains; preload 3.99%
max-age=15768000 3.57%
max-age=31536000; preload 2.75%
max-age=31536000; 2.43%
max-age=604800 2.42%
max-age=63072000; includeSubDomains 2.33%
max-age=63072000; includeSubdomains; preload 1.89%
max-age=300 1.89%
max-age=63072000 1.69%
max-age=43200 1.29%
max-age=15768000; includeSubDomains 1.08%
max-age=31556926 0.90%
max-age=16000000 0.81%
max-age=15724800; includeSubDomains 0.69%
max-age=0; includeSubDomains 0.66%