Start of Main Content


Last updated May 21, 2020

This data measures how well federal web services support the HTTPS protocol (https://). HTTPS provides a secure connection across the internet between web services and their users. Federal agencies are required to enforce HTTPS and use HSTS (HTTP Strict Transport Security) as part of the White House Office of Management and Budget's M-15-13 and the Department of Homeland Security's Binding Operational Directive 18-01. BOD 18-01 also requires that agencies remove support for known-weak cryptography by disabling the RC4 and 3DES ciphers, and the SSLv2 and SSLv3 protocols.

All data below is collected from publicly available data sources on May 21, 2020, and must be considered public. See the technical guidance for more information on how this data is collected and measured. Agencies with questions about their results shown here can contact

Secure HTTP(S) By Domain. Table is sortable via first row table headers. Each row contains a domain and related attributes.
Domain Agency Compliant with M-15-13 and BOD 18-01 Enforces HTTPS HSTS Free of RC4/3DES and SSLv2/SSLv3 Preloaded