33827

9723

5794 4717 7305

2957 1230

0

5000

10000

15000

20000

25000

30000

35000

40000

Strict-Transport-Protocol IncludeSubDomains preload Full implement (OnlyHTTPS)

HSTS implemented in Alexa

HTTPS HTTP

89

211

71 58

17 2 2

0

50

100

150

200

250

Domains using HPKP pins: 450

Number of pins offered by top million Alexa domains

1 2 3 [4,6] [7,9] [10,12] >=13

17%

74%

9%

Pinned certificates in the trust chain for the top million Alexa domains using HPKP

Root Intermediate Leaf

2,76% 2,49%

25,14%

31,77%

5,52%

11,60%

20,72%

0,00%

5,00%

10,00%

15,00%

20,00%

25,00%

30,00%

35,00%

86400 604800 2592000 5184000 15768000 31536000 Others

Perc

enta

ge o

f d

om

ain

s

HPKP max-age value

Most used max-age values for HPKP

6,26%

0,01%

6,10% 4,78%

43,98%

24,60%

14,29%

0,00%

5,00%

10,00%

15,00%

20,00%

25,00%

30,00%

35,00%

40,00%

45,00%

50,00%

0 432 15552000 15768000 31536000 63072000 Others

Perc

enta

ge o

f d

om

ain

s

HSTS max-age value

Most used max-age values for HSTS

o

o

o

o

5794

2056

662

0

1000

2000

3000

4000

5000

6000

7000

Preloading status in Alexa's top 1M domains

Include preload header (https) Preloaded (Chromium list) Preloaded with errors

0,04%

0,25%

0,75%

7,62%

32,00%

59,45%

0,00% 10,00% 20,00% 30,00% 40,00% 50,00% 60,00% 70,00%

Errors classification in domains

Other invalid_cert_chain www_first

preload_missing max_age_too_low include_sub_domains_missing

ftp://ftp.example.com/

http://www.elevenpaths.com/