Strict-Transport-Security

HTTP response header

Policy informing a client how long to cache the HTTPS policy and whether this applies to subdomains.

Header usage statistics

Strict-Transport-Security response header information and usage statistics.

Websites using header Strict-Transport-Security 8,504,071
Percentage of websites that use Strict-Transport-Security header 15.86%
Total discovered header values 4,444
Header uses directives Yes
Header values are unique or random No
Most popular in the country United States of America

Strict-Transport-Security Directives (3 total)

  • includesubdomains
  • max-age
  • preload

Strict-Transport-Security Directives

Strict-Transport-Security directives value information and usage statistics

Directive Share Websites count Unique Values
max-age 36.15% 3,073,977 569
includesubdomains 8.17% 694,761 392
preload 4.40% 374,148 223

Distribution by websites popularity

Strict-Transport-Security detection in the top websites by popularity

Top 10k sites 4,835 websites
Top 100k sites 26,947 websites
Top 1m sites 202,082 websites

Websites utilizing Strict-Transport-Security

List of websites that use Strict-Transport-Security header

Domain Country Rank Contacts
facebook.com United States of America 2
www.facebook.com United States of America 2
twitter.com United States of America 3
youtube.com United States of America 4
www.youtube.com United States of America 4
www.google.com United States of America 5
See full domain list
Flat price per the report, subscription is not required.

Geographical Distribution

Header usage distribution by websites across the globe.






Common header values

List of top common Strict-Transport-Security header values

Header value Value prevalence
max-age=0 17.85%
max-age=120 17.37%
max-age=31536000 13.53%
max-age=7889238 4.85%
max-age=31536000; includeSubdomains 4.47%
max-age=31536000; includeSubDomains; preload 3.99%
max-age=15768000 3.74%
max-age=604800 2.77%
max-age=31536000; preload 2.72%
max-age=63072000; includeSubDomains 2.35%
max-age=31536000; 2.16%
max-age=300 2.13%
max-age=63072000; includeSubDomains; preload 1.86%
max-age=43200 1.83%
max-age=15552000 1.53%
max-age=63072000 1.51%
max-age=15768000; includeSubDomains 1.11%
max-age=16000000 0.89%
max-age=31556926 0.87%
max-age=63072000; includeSubdomains; 0.68%