Strict-Transport-Security

HTTP response header

Policy informing a client how long to cache the HTTPS policy and whether this applies to subdomains.

Header usage statistics

Strict-Transport-Security response header information and usage statistics.
Websites using header Strict-Transport-Security16,025,918
Percentage of websites that use Strict-Transport-Security header19.83%
Total discovered header values6,257
Header uses directivesYes
Header values are unique or randomNo
Most popular in the country United States

Strict-Transport-Security directives (3 total)

  • includesubdomains
  • max-age
  • preload

Strict-Transport-Security Directives

Strict-Transport-Security directives value information and usage statistics
DirectiveShareWebsites countUnique Values
max-age99.90%16,010,001472
includesubdomains25.79%4,133,527325
preload14.50%2,323,163225

Strict-Transport-Security header usage distribution by website rank



Geographical Distribution

Header usage distribution by websites across the globe.



Websites utilizing Strict-Transport-Security

List of websites that use Strict-Transport-Security header
DomainCountryRankContacts
facebook.com United States2
www.facebook.com United States2
www.google.com United States3
wordpress.org United States4
youtube.com United States6
www.youtube.com United States6
See full domain list

Common header values

List of top common Strict-Transport-Security header values
Header valueValue prevalence
max-age=360020.68%
max-age=3153600015.30%
max-age=09.80%
max-age=31536000; includeSubDomains; preload5.20%
max-age=31536000; includeSubDomains4.79%
max-age=78892384.75%
max-age=155520003.80%
max-age=31536000; preload3.08%
max-age=630720002.57%
max-age=63072000; includeSubDomains2.49%
max-age=157680002.42%
max-age=63072000; includeSubdomains; preload2.16%
max-age=3002.13%
max-age=31536000;2.08%
max-age=6048001.64%
max-age=864001.59%
max-age=15768000; includeSubDomains1.46%
max-age=15724800; includeSubDomains0.87%
max-age=160000000.79%
max-age=25920000.72%