Upload
elevenpaths
View
2.937
Download
2
Embed Size (px)
Citation preview
33827
9723
5794 4717 7305
2957 1230
0
5000
10000
15000
20000
25000
30000
35000
40000
Strict-Transport-Protocol IncludeSubDomains preload Full implement (OnlyHTTPS)
HSTS implemented in Alexa
HTTPS HTTP
89
211
71 58
17 2 2
0
50
100
150
200
250
Domains using HPKP pins: 450
Number of pins offered by top million Alexa domains
1 2 3 [4,6] [7,9] [10,12] >=13
17%
74%
9%
Pinned certificates in the trust chain for the top million Alexa domains using HPKP
Root Intermediate Leaf
2,76% 2,49%
25,14%
31,77%
5,52%
11,60%
20,72%
0,00%
5,00%
10,00%
15,00%
20,00%
25,00%
30,00%
35,00%
86400 604800 2592000 5184000 15768000 31536000 Others
Perc
enta
ge o
f d
om
ain
s
HPKP max-age value
Most used max-age values for HPKP
6,26%
0,01%
6,10% 4,78%
43,98%
24,60%
14,29%
0,00%
5,00%
10,00%
15,00%
20,00%
25,00%
30,00%
35,00%
40,00%
45,00%
50,00%
0 432 15552000 15768000 31536000 63072000 Others
Perc
enta
ge o
f d
om
ain
s
HSTS max-age value
Most used max-age values for HSTS
o
o
o
o
5794
2056
662
0
1000
2000
3000
4000
5000
6000
7000
Preloading status in Alexa's top 1M domains
Include preload header (https) Preloaded (Chromium list) Preloaded with errors
0,04%
0,25%
0,75%
7,62%
32,00%
59,45%
0,00% 10,00% 20,00% 30,00% 40,00% 50,00% 60,00% 70,00%
Errors classification in domains
Other invalid_cert_chain www_first
preload_missing max_age_too_low include_sub_domains_missing