Adoption of HTTP Security Headers on the Web
Adoption of HTTP Security Headers on the Web looked at HTTP Archive data to do some analysis of the adoption of various HTTP security headers. Here is a summary table of usage.
The analysis deep dives into each header, and which values are being sent, including misconfigured / invalid variations. The author ends with this conclusion:
There’s a lot that we can do with these security headers - but based on the data in the HTTP Archive it’s pretty clear that they are not being used enough and sometimes are being used incorrectly.
For additional reading, take a look at: