Strict-Transport-Security

HTTP response header

Policy informing a client how long to cache the HTTPS policy and whether this applies to subdomains.

Header usage statistics

Strict-Transport-Security response header information and usage statistics.

Websites using header Strict-Transport-Security16,312,441
Percentage of websites that use Strict-Transport-Security header19.29%
Total discovered header values6,363
Header uses directivesYes
Header values are unique or randomNo
Most popular in the country United States

Strict-Transport-Security directives (3 total)

  • includesubdomains
  • max-age
  • preload

Strict-Transport-Security Directives

Strict-Transport-Security directives value information and usage statistics

DirectiveShareWebsites countUnique Values
max-age99.89%16,294,405474
includesubdomains25.67%4,187,753327
preload14.46%2,358,129224

Strict-Transport-Security header usage distribution by website popularity



Geographical Distribution

Header usage distribution by websites across the globe.






Websites utilizing Strict-Transport-Security

List of websites that use Strict-Transport-Security header

DomainCountryRankContacts
facebook.com United States2
www.facebook.com United States2
www.google.com United States3
wordpress.org United States4
youtube.com United States6
www.youtube.com United States6
See full domain list

Common header values

List of top common Strict-Transport-Security header values

Header valueValue prevalence
max-age=360022.33%
max-age=3153600015.41%
max-age=09.87%
max-age=31536000; includeSubDomains; preload5.15%
max-age=31536000; includeSubDomains4.52%
max-age=78892384.52%
max-age=155520003.56%
max-age=31536000; preload3.05%
max-age=63072000; includeSubDomains2.57%
max-age=630720002.52%
max-age=157680002.51%
max-age=3002.14%
max-age=63072000; includeSubdomains; preload2.11%
max-age=31536000;2.07%
max-age=6048001.65%
max-age=15768000; includeSubDomains1.41%
max-age=15724800; includeSubDomains0.98%
max-age=160000000.78%
max-age=25920000.70%
max-age=315569260.67%