HPKP and HSTS. Global analysis and implementation
We have collected and visited two different sources of domains and webpages, Alexa top million domains, and Shodan. These results come from November 2016 searches.
From those domains, we have restricted the search to be able to determine which ones use HSTS or HPKP over HTTP or HTTPS, and even which of them uses different configurations for the headers. We have tried to determine not only the quantity but the “quality” of the implementation.
Download the research:
» HPKP and HSTS. Global analysis and implementation