| title | displaytext | layout | tab | order | tags |
|---|---|---|---|---|---|
statistics |
Statistics |
true |
7 |
headers |
📅 Last update: 03/05/2025 at 00:14:53 - Domains analyzed count: 150000.
Provide the distribution of usage of secure headers across all domains analyzed.
Provide the distribution of usage of the header 'cache-control' across all domains analyzed.
Provide the distribution of usage of the header 'clear-site-data' across all domains analyzed.
Provide the distribution of usage of the header 'content-security-policy' across all domains analyzed.
Provide the distribution of usage of the header 'content-security-policy-report-only' across all domains analyzed.
Provide the distribution of usage of the header 'cross-origin-embedder-policy' across all domains analyzed.
Provide the distribution of usage of the header 'cross-origin-opener-policy' across all domains analyzed.
Provide the distribution of usage of the header 'cross-origin-resource-policy' across all domains analyzed.
Provide the distribution of usage of the header 'expect-ct' across all domains analyzed.
Provide the distribution of usage of the header 'permissions-policy' across all domains analyzed.
Provide the distribution of usage of the header 'public-key-pins' across all domains analyzed.
Provide the distribution of usage of the header 'referrer-policy' across all domains analyzed.
Provide the distribution of usage of the header 'strict-transport-security' across all domains analyzed.
Provide the distribution of usage of the header 'x-content-type-options' across all domains analyzed.
Provide the distribution of usage of the header 'x-frame-options' across all domains analyzed.
Provide the distribution of usage of the header 'x-permitted-cross-domain-policies' across all domains analyzed.
Provide the distribution of usage of the header 'x-xss-protection' across all domains analyzed.
Provide the distribution of usage of the header 'x-frame-options' across all domains analyzed with a insecure framing configuration: value different from DENY or SAMEORIGIN including unsupported values.
Provide the distribution of usage of the header 'referrer-policy' across all domains analyzed with a insecure referrer configuration: value set to unsafe-url or no-referrer-when-downgrade.
no-referrer-when-downgrade was included because it send origin, path, and querystring when the protocol security level stays the same (HTTPS is very often in place).
Provide the distribution of usage of the 'preload' feature for the header 'strict-transport-security' across all domains analyzed.
- Most common value used is 31536000 seconds (525600 minutes) across all domains analyzed.
- Maximum value used is 1234513412313 seconds (20575223539 minutes) across all domains analyzed.
- Minimum value used is -291868904 seconds (-4864482 minutes) across all domains analyzed.
Provide the distribution of content security policy allowing unsafe expressions across all domains analyzed.
Determine if a CSP policy contains (default-src|script-src|script-src-elem|script-src-attr|style-src) directives using (unsafe-inline|unsafe-hashes|unsafe-eval) expressions.
Based on Report-URI CSP generator allowed instructions for CSP directives.
