Strict-Transport-Security

HTTP response header

Policy informing a client how long to cache the HTTPS policy and whether this applies to subdomains.

Header usage statistics

Strict-Transport-Security response header information and usage statistics.

Websites using header Strict-Transport-Security16,649,719
Percentage of websites that use Strict-Transport-Security header16.74%
Total discovered header values6,309
Header uses directivesYes
Header values are unique or randomNo
Most popular in the country US

Strict-Transport-Security directives (3 total)

  • includesubdomains
  • max-age
  • preload

Strict-Transport-Security Directives

Strict-Transport-Security directives value information and usage statistics

DirectiveShareWebsites countUnique Values
max-age99.86%16,626,176468
includesubdomains22.19%3,694,354320
preload12.35%2,056,885208

Distribution by websites popularity

Strict-Transport-Security detection in the top websites by popularity

Top 10k sites5,192 websites
Top 100k sites40,137 websites
Top 1m sites320,989 websites

Websites utilizing Strict-Transport-Security

List of websites that use Strict-Transport-Security header

See full domain list
Flat price per the report, subscription is not required.

Geographical Distribution

Header usage distribution by websites across the globe.






Common header values

List of top common Strict-Transport-Security header values

Header valueValue prevalence
max-age=360024.92%
max-age=3153600015.22%
max-age=012.05%
max-age=78892384.82%
max-age=31536000; includeSubDomains4.00%
max-age=31536000; includeSubDomains; preload3.98%
max-age=157680002.88%
max-age=31536000; preload2.55%
max-age=63072000; includeSubDomains2.19%
max-age=31536000;2.12%
max-age=6048002.10%
max-age=63072000; includeSubdomains; preload1.88%
max-age=432001.83%
max-age=630720001.77%
max-age=3001.73%
max-age=15768000; includeSubDomains1.20%
max-age=315569260.82%
max-age=160000000.76%
max-age=15724800; includeSubDomains0.73%
max-age=15552000; includeSubDomains0.60%