In [1]:
from utilities.utilities import load_data, get_records_by_region, create_column, finalize_dataframe, get_extreme_values, create_directory_structure, save_table, save_report
# settings
region_column_name = 'Region'
table_name = 'security_headers_by_region'
report_name = 'security_headers_by_region'
category = 'security_headers'
column_name_to_results_global = 'Global #'
create_directory_structure()

source_df = load_data('security_headers_checker')

In [2]:
# sanity dataset
headers = [
            'strict-transport-security',
            'x-frame-options',
            'x-content-type-options',
            'content-security-policy',
            'x-permitted-cross-domain-policies',
            'referrer-policy',
            'clear-site-data',
            'cross-origin-embedder-policy',
            'cross-origin-opener-policy',
            'cross-origin-resource-policy',
            'cache-control'
        ]

# Records that are null suffered an error during data collection and are therefore treated as not having security headers.
for header in headers:
    source_df.loc[source_df[header].isna(), header] = False

In [3]:
# Analysis of HEIs with at least one OWASP Recommended Security Headers by region

# settings
column_to_sort = 'Without Security Headers (Public) %'
sort_ascending = True
columns_to_display = [region_column_name, column_name_to_results_global]
analysis_df = get_records_by_region(source_df)

# create columns
# Column creation with distribution of records without any security headers by region
only_public = 'category == "Public"'
only_headers_false = ' & '.join([f"`{h}` == False" for h in headers])
criteria = f"{only_public} & ({only_headers_false})"
create_column(source_df=source_df, analysis_dataframe=analysis_df, column_name='Without Security Headers (Public)', criteria=criteria, columns_to_display=columns_to_display)
only_private = 'category == "Private"'
criteria = f"{only_private} & ({only_headers_false})"
create_column(source_df=source_df, analysis_dataframe=analysis_df, column_name='Without Security Headers (Private)', criteria=criteria, columns_to_display=columns_to_display)

# Column creation with distribution of records with at least one security header by region
all_true_filter = ' & '.join([f"`{h}` == True" for h in headers])
at_least_one_filter = ' | '.join([f"`{h}` == True" for h in headers])
composite_filter = f"({at_least_one_filter}) & ~({all_true_filter})"
criteria = f"{only_public} & ({composite_filter})"
create_column(source_df=source_df, analysis_dataframe=analysis_df, column_name='With At Least One Security Header (Public)', criteria=criteria, columns_to_display=columns_to_display)
criteria = f"{only_private} & ({composite_filter})"
create_column(source_df=source_df, analysis_dataframe=analysis_df, column_name='With At Least One Security Header (Private)', criteria=criteria, columns_to_display=columns_to_display)

# Column creation with distribution of records with all security header by region
criteria = f"{only_public} & ({all_true_filter})"
create_column(source_df=source_df, analysis_dataframe=analysis_df, column_name='With All Security Headers (Public)', criteria=criteria, columns_to_display=columns_to_display)
criteria = f"{only_private} & ({all_true_filter})"
create_column(source_df=source_df, analysis_dataframe=analysis_df, column_name='With All Security Headers (Private)', criteria=criteria, columns_to_display=columns_to_display)

# Finalize dataframe
analysis_df = finalize_dataframe(dataframe=analysis_df, column_to_sort=column_to_sort, ascending=sort_ascending, columns_to_display=columns_to_display)
display(analysis_df)

# save to csv
save_table(analysis_df, category=category, table_name=table_name)


Unnamed: 0,Region,Global #,Without Security Headers (Public) #,Without Security Headers (Public) %,Without Security Headers (Private) #,Without Security Headers (Private) %,With At Least One Security Header (Public) #,With At Least One Security Header (Public) %,With At Least One Security Header (Private) #,With At Least One Security Header (Private) %,With All Security Headers (Public) #,With All Security Headers (Public) %,With All Security Headers (Private) #,With All Security Headers (Private) %
0,California,2,0,0.0,0,0.0,0,0.0,2,100.0,0,0.0,0,0.0
1,Florida,1,0,0.0,0,0.0,0,0.0,1,100.0,0,0.0,0,0.0
2,Georgia,1,0,0.0,1,100.0,0,0.0,0,0.0,0,0.0,0,0.0
3,Illinois,1,0,0.0,0,0.0,0,0.0,1,100.0,0,0.0,0,0.0
4,Michigan,1,0,0.0,0,0.0,0,0.0,1,100.0,0,0.0,0,0.0
5,Minnesota,1,0,0.0,0,0.0,0,0.0,1,100.0,0,0.0,0,0.0
6,New York,1,0,0.0,0,0.0,0,0.0,1,100.0,0,0.0,0,0.0
7,Texas,2,0,0.0,2,100.0,0,0.0,0,0.0,0,0.0,0,0.0
8,Colorado,1,1,100.0,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0
9,Total,11,1,9.090909,3,27.272727,0,0.0,7,63.636364,0,0.0,0,0.0


In [4]:
# Report in latex
report_results = get_extreme_values(analysis_df)

hei_public_without_security_headers = format(report_results.get("Total").get("Without Security Headers (Public) %"), ".2f")
hei_public_with_security_headers = format(report_results.get("Total").get("With At Least One Security Header (Public) %"), ".2f")
hei_public_with_all_security_headers = format(report_results.get("Total").get("With All Security Headers (Public) %"), ".2f")
hei_private_without_security_headers = format(report_results.get("Total").get("Without Security Headers (Private) %"), ".2f")
hei_private_with_security_headers = format(report_results.get("Total").get("With At Least One Security Header (Private) %"), ".2f")
hei_private_with_all_security_headers = format(report_results.get("Total").get("With All Security Headers (Private) %"), ".2f")

report_figure = """
\\begin{figure}[htbp]
    \centering
    \includegraphics[width=0.48\\textwidth]{charts/security_headers_by_region.pdf}
    \caption{Distribution of the use Security Headers by region.}\label{fig:security-headers}
\end{figure}
"""

report = f'{report_figure}\n\n'
report += f'The data presented in Figure~\\ref{{fig:security-headers}} provides an overview of the use of security headers at \glspl{{hei}} in \countryName. According to the data, {hei_public_without_security_headers}\% of the public institutions analyzed have not implemented any security headers on their websites, while {hei_private_without_security_headers}\% of the private institutions analyzed also lack security headers.\n\n'
report += f'On a positive note, {hei_public_with_security_headers}\% of the public institutions analyzed have implemented at least one security header in their websites, and {hei_private_with_security_headers}\% of the private institutions have implemented at least one security header.\n\n'
report += f'Finally, {hei_public_with_all_security_headers}\% of the public institutions analyzed have implemented all the security headers in their websites, and {hei_private_with_all_security_headers}\% of the private institutions have implemented all the security headers.\n\n'
report += f'In terms of regional differences, private institutions in {report_results.get("With At Least One Security Header (Private) %").get("top_regions")[0][0]} ({format(report_results.get("With At Least One Security Header (Private) %").get("top_regions")[0][1], ".2f")}\%), {report_results.get("With At Least One Security Header (Private) %").get("top_regions")[1][0]} ({format(report_results.get("With At Least One Security Header (Private) %").get("top_regions")[1][1], ".2f")}\%), and {report_results.get("With At Least One Security Header (Private) %").get("top_regions")[2][0]} ({format(report_results.get("With At Least One Security Header (Private) %").get("top_regions")[2][1], ".2f")}\%), '
report += f'while public institutions in {report_results.get("With At Least One Security Header (Public) %").get("top_regions")[0][0]} ({format(report_results.get("With At Least One Security Header (Public) %").get("top_regions")[0][1], ".2f")}\%), {report_results.get("With At Least One Security Header (Public) %").get("top_regions")[1][0]} ({format(report_results.get("With At Least One Security Header (Public) %").get("top_regions")[1][1], ".2f")}\%), and {report_results.get("With At Least One Security Header (Public) %").get("top_regions")[2][0]} ({format(report_results.get("With At Least One Security Header (Public) %").get("top_regions")[2][1], ".2f")}\%) have a higher usage of security headers.\n\n'
report += f'In contrast, private institutions in {report_results.get("With At Least One Security Header (Private) %").get("bottom_regions")[0][0]} ({format(report_results.get("With At Least One Security Header (Private) %").get("bottom_regions")[0][1], ".2f")}\%), {report_results.get("With At Least One Security Header (Private) %").get("bottom_regions")[1][0]} ({format(report_results.get("With At Least One Security Header (Private) %").get("bottom_regions")[1][1], ".2f")}\%), and {report_results.get("With At Least One Security Header (Private) %").get("bottom_regions")[2][0]} ({format(report_results.get("With At Least One Security Header (Private) %").get("bottom_regions")[2][1], ".2f")}\%), '
report += f'while public institutions in {report_results.get("With At Least One Security Header (Public) %").get("bottom_regions")[0][0]} ({format(report_results.get("With At Least One Security Header (Public) %").get("bottom_regions")[0][1], ".2f")}\%), {report_results.get("With At Least One Security Header (Public) %").get("bottom_regions")[1][0]} ({format(report_results.get("With At Least One Security Header (Public) %").get("bottom_regions")[1][1], ".2f")}\%), and {report_results.get("With At Least One Security Header (Public) %").get("bottom_regions")[2][0]} ({format(report_results.get("With At Least One Security Header (Public) %").get("bottom_regions")[2][1], ".2f")}\%) have a lower usage of security headers.\n\n'

print(report)

# save report to file txt
save_report(report=report, category=category, report_name=report_name)


\begin{figure}[htbp]
    \centering
    \includegraphics[width=0.48\textwidth]{charts/security_headers_by_region.pdf}
    \caption{Distribution of the use Security Headers by region.}\label{fig:security-headers}
\end{figure}


The data presented in Figure~\ref{fig:security-headers} provides an overview of the use of security headers at \glspl{hei} in \countryName. According to the data, 9.09\% of the public institutions analyzed have not implemented any security headers on their websites, while 27.27\% of the private institutions analyzed also lack security headers.

On a positive note, 0.00\% of the public institutions analyzed have implemented at least one security header in their websites, and 63.64\% of the private institutions have implemented at least one security header.

Finally, 0.00\% of the public institutions analyzed have implemented all the security headers in their websites, and 0.00\% of the private institutions have implemented all the security headers.

In terms of r

In [5]:
# specific security headers by region

# settings
column_to_sort = 'Without Security Headers (Public) %'
sort_ascending = True


for header in headers:
    table_name = f'{header.lower()}_by_region'
    report_name = f'{header.lower()}_by_region'
    columns_to_display = [region_column_name, column_name_to_results_global]
    analysis_df = get_records_by_region(source_df)

    # Column creation with distribution of records without any security headers by region
    only_public = 'category == "Public"'
    only_headers_false = ' & '.join([f"`{h}` == False" for h in headers])
    criteria = f"{only_public} & ({only_headers_false})"
    create_column(source_df=source_df, analysis_dataframe=analysis_df, column_name='Without Security Headers (Public)', criteria=criteria, columns_to_display=columns_to_display)
    only_private = 'category == "Private"'
    criteria = f"{only_private} & ({only_headers_false})"
    create_column(source_df=source_df, analysis_dataframe=analysis_df, column_name='Without Security Headers (Private)', criteria=criteria, columns_to_display=columns_to_display)

    # Column creation with distribution of records with a specific security header by region
    create_column(source_df=source_df, analysis_dataframe=analysis_df, column_name=f"With {header} (Public)", criteria=f"{only_public} & (`{header}` == True)", columns_to_display=columns_to_display)
    create_column(source_df=source_df, analysis_dataframe=analysis_df, column_name=f"With {header} (Private)", criteria=f"{only_private} & (`{header}` == True)", columns_to_display=columns_to_display)

    # Column creation with distribution of records without a specific security header by region
    true_at_least_one_header_except_current = ' | '.join([f"`{h}` == True" for h in headers if h != header])
    criteria = f"(`{header}` == False) & ({true_at_least_one_header_except_current})"
    create_column(source_df=source_df, analysis_dataframe=analysis_df, column_name=f"Without {header} (Public)", criteria=f"{only_public} & {criteria}", columns_to_display=columns_to_display)
    create_column(source_df=source_df, analysis_dataframe=analysis_df, column_name=f"Without {header} (Private)", criteria=f"{only_private} & {criteria}", columns_to_display=columns_to_display)
    display(analysis_df)

    # Finalize dataframe
    analysis_df = finalize_dataframe(dataframe=analysis_df, column_to_sort=column_to_sort, ascending=sort_ascending, columns_to_display=columns_to_display)
    display(analysis_df)
    # save to csv
    save_table(analysis_df, category=category, table_name=table_name)

    # save to latex
    # report
    report_results = get_extreme_values(analysis_df)
    hei_private_with_specific_header = format(report_results.get("Total").get(f'With {header} (Private) %'), ".2f")
    hei_private_without_specific_header = format(report_results.get("Total").get(f"Without {header} (Private) %"), ".2f")
    hei_public_with_specific_header = format(report_results.get("Total").get(f"With {header} (Public) %"), ".2f")
    hei_public_without_specific_header = format(report_results.get("Total").get(f"Without {header} (Public) %"), ".2f")

    report_figure = f"""
    \\begin{{figure}}[htbp]
        \centering
        \includegraphics[width=0.48\\textwidth]{{charts/{table_name}.pdf}}
        \caption{{Distribution of {header} header usage by region.}}\label{{fig:{header}}}
    \end{{figure}}
    """

    report = f'{report_figure}\n\n'
    report += f'The data presented in Figure~\\ref{{fig:{header}}} provides an overview of the use of {header} security headers at \glspl{{hei}} in \countryName. According to the data, {hei_public_without_specific_header}\% of the public institutions analyzed have not implemented {header} security header on their websites, while {hei_private_without_specific_header}\% of the private institutions analyzed also lack {header} security header.\n\n'
    report += f'On a positive note, {hei_public_with_specific_header}\% of the public institutions analyzed have implemented {header} security headers on their websites, while {hei_private_with_specific_header}\% of the private institutions analyzed also implemented that security header.\n\n'
    report += f'In terms of regional differences, private institutions in {report_results.get(f"With {header} (Private) %").get("top_regions")[0][0]} ({format(report_results.get(f"With {header} (Private) %").get("top_regions")[0][1], ".2f")}\%), {report_results.get(f"With {header} (Private) %").get("top_regions")[1][0]} ({format(report_results.get(f"With {header} (Private) %").get("top_regions")[1][1], ".2f")}\%), and {report_results.get(f"With {header} (Private) %").get("top_regions")[2][0]} ({format(report_results.get(f"With {header} (Private) %").get("top_regions")[2][1], ".2f")}\%) have a higher usage of {header} header, '
    report += f'while public institutions in {report_results.get(f"With {header} (Public) %").get("top_regions")[0][0]} ({format(report_results.get(f"With {header} (Public) %").get("top_regions")[0][1], ".2f")}\%), {report_results.get(f"With {header} (Public) %").get("top_regions")[1][0]} ({format(report_results.get(f"With {header} (Public) %").get("top_regions")[1][1], ".2f")}\%), and {report_results.get(f"With {header} (Public) %").get("top_regions")[2][0]} ({format(report_results.get(f"With {header} (Public) %").get("top_regions")[2][1], ".2f")}\%) have a higher usage of {header} security header.\n\n'
    report += f'In contrast, private institutions in {report_results.get(f"With {header} (Private) %").get("bottom_regions")[0][0]} ({format(report_results.get(f"With {header} (Private) %").get("bottom_regions")[0][1], ".2f")}\%), {report_results.get(f"With {header} (Private) %").get("bottom_regions")[1][0]} ({format(report_results.get(f"With {header} (Private) %").get("bottom_regions")[1][1], ".2f")}\%), and {report_results.get(f"With {header} (Private) %").get("bottom_regions")[2][0]} ({format(report_results.get(f"With {header} (Private) %").get("bottom_regions")[2][1], ".2f")}\%), '
    report += f'while public institutions in {report_results.get(f"With {header} (Public) %").get("bottom_regions")[0][0]} ({format(report_results.get(f"With {header} (Public) %").get("bottom_regions")[0][1], ".2f")}\%), {report_results.get(f"With {header} (Public) %").get("bottom_regions")[1][0]} ({format(report_results.get(f"With {header} (Public) %").get("bottom_regions")[1][1], ".2f")}\%), and {report_results.get(f"With {header} (Public) %").get("bottom_regions")[2][0]} ({format(report_results.get(f"With {header} (Public) %").get("bottom_regions")[2][1], ".2f")}\%) have a lower usage of security headers.\n\n'
    # save report to file
    print(report)
    save_report(report=report, category=category, report_name=report_name)

Unnamed: 0_level_0,id,name,category,Global #,strict-transport-security,x-frame-options,x-content-type-options,content-security-policy,x-permitted-cross-domain-policies,referrer-policy,...,Without Security Headers (Private) #,Without Security Headers (Private) %,With strict-transport-security (Public) #,With strict-transport-security (Public) %,With strict-transport-security (Private) #,With strict-transport-security (Private) %,Without strict-transport-security (Public) #,Without strict-transport-security (Public) %,Without strict-transport-security (Private) #,Without strict-transport-security (Private) %
region,Unnamed: 1_level_1,Unnamed: 2_level_1,Unnamed: 3_level_1,Unnamed: 4_level_1,Unnamed: 5_level_1,Unnamed: 6_level_1,Unnamed: 7_level_1,Unnamed: 8_level_1,Unnamed: 9_level_1,Unnamed: 10_level_1,Unnamed: 11_level_1,Unnamed: 12_level_1,Unnamed: 13_level_1,Unnamed: 14_level_1,Unnamed: 15_level_1,Unnamed: 16_level_1,Unnamed: 17_level_1,Unnamed: 18_level_1,Unnamed: 19_level_1,Unnamed: 20_level_1,Unnamed: 21_level_1
California,2,2,2,2,2,2,2,2,2,2,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,2.0,100.0
Colorado,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0
Florida,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,1.0,100.0,0.0,0.0,0.0,0.0
Georgia,1,1,1,1,1,1,1,1,1,1,...,1.0,100.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0
Illinois,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
Michigan,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,1.0,100.0,0.0,0.0,0.0,0.0
Minnesota,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
New York,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,1.0,100.0,0.0,0.0,0.0,0.0
Texas,2,2,2,2,2,2,2,2,2,2,...,2.0,100.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0


Unnamed: 0,Region,Global #,Without Security Headers (Public) #,Without Security Headers (Public) %,Without Security Headers (Private) #,Without Security Headers (Private) %,With strict-transport-security (Public) #,With strict-transport-security (Public) %,With strict-transport-security (Private) #,With strict-transport-security (Private) %,Without strict-transport-security (Public) #,Without strict-transport-security (Public) %,Without strict-transport-security (Private) #,Without strict-transport-security (Private) %
0,California,2,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,2,100.0
1,Florida,1,0,0.0,0,0.0,0,0.0,1,100.0,0,0.0,0,0.0
2,Georgia,1,0,0.0,1,100.0,0,0.0,0,0.0,0,0.0,0,0.0
3,Illinois,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
4,Michigan,1,0,0.0,0,0.0,0,0.0,1,100.0,0,0.0,0,0.0
5,Minnesota,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
6,New York,1,0,0.0,0,0.0,0,0.0,1,100.0,0,0.0,0,0.0
7,Texas,2,0,0.0,2,100.0,0,0.0,0,0.0,0,0.0,0,0.0
8,Colorado,1,1,100.0,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0
9,Total,11,1,9.090909,3,27.272727,0,0.0,3,27.272727,0,0.0,4,36.363636



    \begin{figure}[htbp]
        \centering
        \includegraphics[width=0.48\textwidth]{charts/strict-transport-security_by_region.pdf}
        \caption{Distribution of strict-transport-security header usage by region.}\label{fig:strict-transport-security}
    \end{figure}
    

The data presented in Figure~\ref{fig:strict-transport-security} provides an overview of the use of strict-transport-security security headers at \glspl{hei} in \countryName. According to the data, 0.00\% of the public institutions analyzed have not implemented strict-transport-security security header on their websites, while 36.36\% of the private institutions analyzed also lack strict-transport-security security header.

On a positive note, 0.00\% of the public institutions analyzed have implemented strict-transport-security security headers on their websites, while 27.27\% of the private institutions analyzed also implemented that security header.

In terms of regional differences, private institutions 

Unnamed: 0_level_0,id,name,category,Global #,strict-transport-security,x-frame-options,x-content-type-options,content-security-policy,x-permitted-cross-domain-policies,referrer-policy,...,Without Security Headers (Private) #,Without Security Headers (Private) %,With x-frame-options (Public) #,With x-frame-options (Public) %,With x-frame-options (Private) #,With x-frame-options (Private) %,Without x-frame-options (Public) #,Without x-frame-options (Public) %,Without x-frame-options (Private) #,Without x-frame-options (Private) %
region,Unnamed: 1_level_1,Unnamed: 2_level_1,Unnamed: 3_level_1,Unnamed: 4_level_1,Unnamed: 5_level_1,Unnamed: 6_level_1,Unnamed: 7_level_1,Unnamed: 8_level_1,Unnamed: 9_level_1,Unnamed: 10_level_1,Unnamed: 11_level_1,Unnamed: 12_level_1,Unnamed: 13_level_1,Unnamed: 14_level_1,Unnamed: 15_level_1,Unnamed: 16_level_1,Unnamed: 17_level_1,Unnamed: 18_level_1,Unnamed: 19_level_1,Unnamed: 20_level_1,Unnamed: 21_level_1
California,2,2,2,2,2,2,2,2,2,2,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,2.0,100.0
Colorado,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0
Florida,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,1.0,100.0,0.0,0.0,0.0,0.0
Georgia,1,1,1,1,1,1,1,1,1,1,...,1.0,100.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0
Illinois,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
Michigan,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,1.0,100.0,0.0,0.0,0.0,0.0
Minnesota,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
New York,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
Texas,2,2,2,2,2,2,2,2,2,2,...,2.0,100.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0


Unnamed: 0,Region,Global #,Without Security Headers (Public) #,Without Security Headers (Public) %,Without Security Headers (Private) #,Without Security Headers (Private) %,With x-frame-options (Public) #,With x-frame-options (Public) %,With x-frame-options (Private) #,With x-frame-options (Private) %,Without x-frame-options (Public) #,Without x-frame-options (Public) %,Without x-frame-options (Private) #,Without x-frame-options (Private) %
0,California,2,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,2,100.0
1,Florida,1,0,0.0,0,0.0,0,0.0,1,100.0,0,0.0,0,0.0
2,Georgia,1,0,0.0,1,100.0,0,0.0,0,0.0,0,0.0,0,0.0
3,Illinois,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
4,Michigan,1,0,0.0,0,0.0,0,0.0,1,100.0,0,0.0,0,0.0
5,Minnesota,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
6,New York,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
7,Texas,2,0,0.0,2,100.0,0,0.0,0,0.0,0,0.0,0,0.0
8,Colorado,1,1,100.0,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0
9,Total,11,1,9.090909,3,27.272727,0,0.0,2,18.181818,0,0.0,5,45.454545



    \begin{figure}[htbp]
        \centering
        \includegraphics[width=0.48\textwidth]{charts/x-frame-options_by_region.pdf}
        \caption{Distribution of x-frame-options header usage by region.}\label{fig:x-frame-options}
    \end{figure}
    

The data presented in Figure~\ref{fig:x-frame-options} provides an overview of the use of x-frame-options security headers at \glspl{hei} in \countryName. According to the data, 0.00\% of the public institutions analyzed have not implemented x-frame-options security header on their websites, while 45.45\% of the private institutions analyzed also lack x-frame-options security header.

On a positive note, 0.00\% of the public institutions analyzed have implemented x-frame-options security headers on their websites, while 18.18\% of the private institutions analyzed also implemented that security header.

In terms of regional differences, private institutions in Florida (100.00\%), Michigan (100.00\%), and California (0.00\%) have a highe

Unnamed: 0_level_0,id,name,category,Global #,strict-transport-security,x-frame-options,x-content-type-options,content-security-policy,x-permitted-cross-domain-policies,referrer-policy,...,Without Security Headers (Private) #,Without Security Headers (Private) %,With x-content-type-options (Public) #,With x-content-type-options (Public) %,With x-content-type-options (Private) #,With x-content-type-options (Private) %,Without x-content-type-options (Public) #,Without x-content-type-options (Public) %,Without x-content-type-options (Private) #,Without x-content-type-options (Private) %
region,Unnamed: 1_level_1,Unnamed: 2_level_1,Unnamed: 3_level_1,Unnamed: 4_level_1,Unnamed: 5_level_1,Unnamed: 6_level_1,Unnamed: 7_level_1,Unnamed: 8_level_1,Unnamed: 9_level_1,Unnamed: 10_level_1,Unnamed: 11_level_1,Unnamed: 12_level_1,Unnamed: 13_level_1,Unnamed: 14_level_1,Unnamed: 15_level_1,Unnamed: 16_level_1,Unnamed: 17_level_1,Unnamed: 18_level_1,Unnamed: 19_level_1,Unnamed: 20_level_1,Unnamed: 21_level_1
California,2,2,2,2,2,2,2,2,2,2,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,2.0,100.0
Colorado,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0
Florida,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,1.0,100.0,0.0,0.0,0.0,0.0
Georgia,1,1,1,1,1,1,1,1,1,1,...,1.0,100.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0
Illinois,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
Michigan,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,1.0,100.0,0.0,0.0,0.0,0.0
Minnesota,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,1.0,100.0,0.0,0.0,0.0,0.0
New York,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
Texas,2,2,2,2,2,2,2,2,2,2,...,2.0,100.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0


Unnamed: 0,Region,Global #,Without Security Headers (Public) #,Without Security Headers (Public) %,Without Security Headers (Private) #,Without Security Headers (Private) %,With x-content-type-options (Public) #,With x-content-type-options (Public) %,With x-content-type-options (Private) #,With x-content-type-options (Private) %,Without x-content-type-options (Public) #,Without x-content-type-options (Public) %,Without x-content-type-options (Private) #,Without x-content-type-options (Private) %
0,California,2,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,2,100.0
1,Florida,1,0,0.0,0,0.0,0,0.0,1,100.0,0,0.0,0,0.0
2,Georgia,1,0,0.0,1,100.0,0,0.0,0,0.0,0,0.0,0,0.0
3,Illinois,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
4,Michigan,1,0,0.0,0,0.0,0,0.0,1,100.0,0,0.0,0,0.0
5,Minnesota,1,0,0.0,0,0.0,0,0.0,1,100.0,0,0.0,0,0.0
6,New York,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
7,Texas,2,0,0.0,2,100.0,0,0.0,0,0.0,0,0.0,0,0.0
8,Colorado,1,1,100.0,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0
9,Total,11,1,9.090909,3,27.272727,0,0.0,3,27.272727,0,0.0,4,36.363636



    \begin{figure}[htbp]
        \centering
        \includegraphics[width=0.48\textwidth]{charts/x-content-type-options_by_region.pdf}
        \caption{Distribution of x-content-type-options header usage by region.}\label{fig:x-content-type-options}
    \end{figure}
    

The data presented in Figure~\ref{fig:x-content-type-options} provides an overview of the use of x-content-type-options security headers at \glspl{hei} in \countryName. According to the data, 0.00\% of the public institutions analyzed have not implemented x-content-type-options security header on their websites, while 36.36\% of the private institutions analyzed also lack x-content-type-options security header.

On a positive note, 0.00\% of the public institutions analyzed have implemented x-content-type-options security headers on their websites, while 27.27\% of the private institutions analyzed also implemented that security header.

In terms of regional differences, private institutions in Florida (100.00\%), M

Unnamed: 0_level_0,id,name,category,Global #,strict-transport-security,x-frame-options,x-content-type-options,content-security-policy,x-permitted-cross-domain-policies,referrer-policy,...,Without Security Headers (Private) #,Without Security Headers (Private) %,With content-security-policy (Public) #,With content-security-policy (Public) %,With content-security-policy (Private) #,With content-security-policy (Private) %,Without content-security-policy (Public) #,Without content-security-policy (Public) %,Without content-security-policy (Private) #,Without content-security-policy (Private) %
region,Unnamed: 1_level_1,Unnamed: 2_level_1,Unnamed: 3_level_1,Unnamed: 4_level_1,Unnamed: 5_level_1,Unnamed: 6_level_1,Unnamed: 7_level_1,Unnamed: 8_level_1,Unnamed: 9_level_1,Unnamed: 10_level_1,Unnamed: 11_level_1,Unnamed: 12_level_1,Unnamed: 13_level_1,Unnamed: 14_level_1,Unnamed: 15_level_1,Unnamed: 16_level_1,Unnamed: 17_level_1,Unnamed: 18_level_1,Unnamed: 19_level_1,Unnamed: 20_level_1,Unnamed: 21_level_1
California,2,2,2,2,2,2,2,2,2,2,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,2.0,100.0
Colorado,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0
Florida,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,1.0,100.0,0.0,0.0,0.0,0.0
Georgia,1,1,1,1,1,1,1,1,1,1,...,1.0,100.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0
Illinois,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
Michigan,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
Minnesota,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
New York,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
Texas,2,2,2,2,2,2,2,2,2,2,...,2.0,100.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0


Unnamed: 0,Region,Global #,Without Security Headers (Public) #,Without Security Headers (Public) %,Without Security Headers (Private) #,Without Security Headers (Private) %,With content-security-policy (Public) #,With content-security-policy (Public) %,With content-security-policy (Private) #,With content-security-policy (Private) %,Without content-security-policy (Public) #,Without content-security-policy (Public) %,Without content-security-policy (Private) #,Without content-security-policy (Private) %
0,California,2,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,2,100.0
1,Florida,1,0,0.0,0,0.0,0,0.0,1,100.0,0,0.0,0,0.0
2,Georgia,1,0,0.0,1,100.0,0,0.0,0,0.0,0,0.0,0,0.0
3,Illinois,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
4,Michigan,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
5,Minnesota,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
6,New York,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
7,Texas,2,0,0.0,2,100.0,0,0.0,0,0.0,0,0.0,0,0.0
8,Colorado,1,1,100.0,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0
9,Total,11,1,9.090909,3,27.272727,0,0.0,1,9.090909,0,0.0,6,54.545455



    \begin{figure}[htbp]
        \centering
        \includegraphics[width=0.48\textwidth]{charts/content-security-policy_by_region.pdf}
        \caption{Distribution of content-security-policy header usage by region.}\label{fig:content-security-policy}
    \end{figure}
    

The data presented in Figure~\ref{fig:content-security-policy} provides an overview of the use of content-security-policy security headers at \glspl{hei} in \countryName. According to the data, 0.00\% of the public institutions analyzed have not implemented content-security-policy security header on their websites, while 54.55\% of the private institutions analyzed also lack content-security-policy security header.

On a positive note, 0.00\% of the public institutions analyzed have implemented content-security-policy security headers on their websites, while 9.09\% of the private institutions analyzed also implemented that security header.

In terms of regional differences, private institutions in Florida (100.0

Unnamed: 0_level_0,id,name,category,Global #,strict-transport-security,x-frame-options,x-content-type-options,content-security-policy,x-permitted-cross-domain-policies,referrer-policy,...,Without Security Headers (Private) #,Without Security Headers (Private) %,With x-permitted-cross-domain-policies (Public) #,With x-permitted-cross-domain-policies (Public) %,With x-permitted-cross-domain-policies (Private) #,With x-permitted-cross-domain-policies (Private) %,Without x-permitted-cross-domain-policies (Public) #,Without x-permitted-cross-domain-policies (Public) %,Without x-permitted-cross-domain-policies (Private) #,Without x-permitted-cross-domain-policies (Private) %
region,Unnamed: 1_level_1,Unnamed: 2_level_1,Unnamed: 3_level_1,Unnamed: 4_level_1,Unnamed: 5_level_1,Unnamed: 6_level_1,Unnamed: 7_level_1,Unnamed: 8_level_1,Unnamed: 9_level_1,Unnamed: 10_level_1,Unnamed: 11_level_1,Unnamed: 12_level_1,Unnamed: 13_level_1,Unnamed: 14_level_1,Unnamed: 15_level_1,Unnamed: 16_level_1,Unnamed: 17_level_1,Unnamed: 18_level_1,Unnamed: 19_level_1,Unnamed: 20_level_1,Unnamed: 21_level_1
California,2,2,2,2,2,2,2,2,2,2,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,2.0,100.0
Colorado,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0
Florida,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
Georgia,1,1,1,1,1,1,1,1,1,1,...,1.0,100.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0
Illinois,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
Michigan,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
Minnesota,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
New York,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
Texas,2,2,2,2,2,2,2,2,2,2,...,2.0,100.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0


Unnamed: 0,Region,Global #,Without Security Headers (Public) #,Without Security Headers (Public) %,Without Security Headers (Private) #,Without Security Headers (Private) %,With x-permitted-cross-domain-policies (Public) #,With x-permitted-cross-domain-policies (Public) %,With x-permitted-cross-domain-policies (Private) #,With x-permitted-cross-domain-policies (Private) %,Without x-permitted-cross-domain-policies (Public) #,Without x-permitted-cross-domain-policies (Public) %,Without x-permitted-cross-domain-policies (Private) #,Without x-permitted-cross-domain-policies (Private) %
0,California,2,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,2,100.0
1,Florida,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
2,Georgia,1,0,0.0,1,100.0,0,0.0,0,0.0,0,0.0,0,0.0
3,Illinois,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
4,Michigan,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
5,Minnesota,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
6,New York,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
7,Texas,2,0,0.0,2,100.0,0,0.0,0,0.0,0,0.0,0,0.0
8,Colorado,1,1,100.0,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0
9,Total,11,1,9.090909,3,27.272727,0,0.0,0,0.0,0,0.0,7,63.636364



    \begin{figure}[htbp]
        \centering
        \includegraphics[width=0.48\textwidth]{charts/x-permitted-cross-domain-policies_by_region.pdf}
        \caption{Distribution of x-permitted-cross-domain-policies header usage by region.}\label{fig:x-permitted-cross-domain-policies}
    \end{figure}
    

The data presented in Figure~\ref{fig:x-permitted-cross-domain-policies} provides an overview of the use of x-permitted-cross-domain-policies security headers at \glspl{hei} in \countryName. According to the data, 0.00\% of the public institutions analyzed have not implemented x-permitted-cross-domain-policies security header on their websites, while 63.64\% of the private institutions analyzed also lack x-permitted-cross-domain-policies security header.

On a positive note, 0.00\% of the public institutions analyzed have implemented x-permitted-cross-domain-policies security headers on their websites, while 0.00\% of the private institutions analyzed also implemented that security h

Unnamed: 0_level_0,id,name,category,Global #,strict-transport-security,x-frame-options,x-content-type-options,content-security-policy,x-permitted-cross-domain-policies,referrer-policy,...,Without Security Headers (Private) #,Without Security Headers (Private) %,With referrer-policy (Public) #,With referrer-policy (Public) %,With referrer-policy (Private) #,With referrer-policy (Private) %,Without referrer-policy (Public) #,Without referrer-policy (Public) %,Without referrer-policy (Private) #,Without referrer-policy (Private) %
region,Unnamed: 1_level_1,Unnamed: 2_level_1,Unnamed: 3_level_1,Unnamed: 4_level_1,Unnamed: 5_level_1,Unnamed: 6_level_1,Unnamed: 7_level_1,Unnamed: 8_level_1,Unnamed: 9_level_1,Unnamed: 10_level_1,Unnamed: 11_level_1,Unnamed: 12_level_1,Unnamed: 13_level_1,Unnamed: 14_level_1,Unnamed: 15_level_1,Unnamed: 16_level_1,Unnamed: 17_level_1,Unnamed: 18_level_1,Unnamed: 19_level_1,Unnamed: 20_level_1,Unnamed: 21_level_1
California,2,2,2,2,2,2,2,2,2,2,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,2.0,100.0
Colorado,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0
Florida,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,1.0,100.0,0.0,0.0,0.0,0.0
Georgia,1,1,1,1,1,1,1,1,1,1,...,1.0,100.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0
Illinois,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
Michigan,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
Minnesota,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
New York,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
Texas,2,2,2,2,2,2,2,2,2,2,...,2.0,100.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0


Unnamed: 0,Region,Global #,Without Security Headers (Public) #,Without Security Headers (Public) %,Without Security Headers (Private) #,Without Security Headers (Private) %,With referrer-policy (Public) #,With referrer-policy (Public) %,With referrer-policy (Private) #,With referrer-policy (Private) %,Without referrer-policy (Public) #,Without referrer-policy (Public) %,Without referrer-policy (Private) #,Without referrer-policy (Private) %
0,California,2,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,2,100.0
1,Florida,1,0,0.0,0,0.0,0,0.0,1,100.0,0,0.0,0,0.0
2,Georgia,1,0,0.0,1,100.0,0,0.0,0,0.0,0,0.0,0,0.0
3,Illinois,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
4,Michigan,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
5,Minnesota,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
6,New York,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
7,Texas,2,0,0.0,2,100.0,0,0.0,0,0.0,0,0.0,0,0.0
8,Colorado,1,1,100.0,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0
9,Total,11,1,9.090909,3,27.272727,0,0.0,1,9.090909,0,0.0,6,54.545455



    \begin{figure}[htbp]
        \centering
        \includegraphics[width=0.48\textwidth]{charts/referrer-policy_by_region.pdf}
        \caption{Distribution of referrer-policy header usage by region.}\label{fig:referrer-policy}
    \end{figure}
    

The data presented in Figure~\ref{fig:referrer-policy} provides an overview of the use of referrer-policy security headers at \glspl{hei} in \countryName. According to the data, 0.00\% of the public institutions analyzed have not implemented referrer-policy security header on their websites, while 54.55\% of the private institutions analyzed also lack referrer-policy security header.

On a positive note, 0.00\% of the public institutions analyzed have implemented referrer-policy security headers on their websites, while 9.09\% of the private institutions analyzed also implemented that security header.

In terms of regional differences, private institutions in Florida (100.00\%), California (0.00\%), and Georgia (0.00\%) have a higher us

Unnamed: 0_level_0,id,name,category,Global #,strict-transport-security,x-frame-options,x-content-type-options,content-security-policy,x-permitted-cross-domain-policies,referrer-policy,...,Without Security Headers (Private) #,Without Security Headers (Private) %,With clear-site-data (Public) #,With clear-site-data (Public) %,With clear-site-data (Private) #,With clear-site-data (Private) %,Without clear-site-data (Public) #,Without clear-site-data (Public) %,Without clear-site-data (Private) #,Without clear-site-data (Private) %
region,Unnamed: 1_level_1,Unnamed: 2_level_1,Unnamed: 3_level_1,Unnamed: 4_level_1,Unnamed: 5_level_1,Unnamed: 6_level_1,Unnamed: 7_level_1,Unnamed: 8_level_1,Unnamed: 9_level_1,Unnamed: 10_level_1,Unnamed: 11_level_1,Unnamed: 12_level_1,Unnamed: 13_level_1,Unnamed: 14_level_1,Unnamed: 15_level_1,Unnamed: 16_level_1,Unnamed: 17_level_1,Unnamed: 18_level_1,Unnamed: 19_level_1,Unnamed: 20_level_1,Unnamed: 21_level_1
California,2,2,2,2,2,2,2,2,2,2,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,2.0,100.0
Colorado,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0
Florida,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
Georgia,1,1,1,1,1,1,1,1,1,1,...,1.0,100.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0
Illinois,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
Michigan,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
Minnesota,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
New York,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
Texas,2,2,2,2,2,2,2,2,2,2,...,2.0,100.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0


Unnamed: 0,Region,Global #,Without Security Headers (Public) #,Without Security Headers (Public) %,Without Security Headers (Private) #,Without Security Headers (Private) %,With clear-site-data (Public) #,With clear-site-data (Public) %,With clear-site-data (Private) #,With clear-site-data (Private) %,Without clear-site-data (Public) #,Without clear-site-data (Public) %,Without clear-site-data (Private) #,Without clear-site-data (Private) %
0,California,2,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,2,100.0
1,Florida,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
2,Georgia,1,0,0.0,1,100.0,0,0.0,0,0.0,0,0.0,0,0.0
3,Illinois,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
4,Michigan,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
5,Minnesota,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
6,New York,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
7,Texas,2,0,0.0,2,100.0,0,0.0,0,0.0,0,0.0,0,0.0
8,Colorado,1,1,100.0,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0
9,Total,11,1,9.090909,3,27.272727,0,0.0,0,0.0,0,0.0,7,63.636364



    \begin{figure}[htbp]
        \centering
        \includegraphics[width=0.48\textwidth]{charts/clear-site-data_by_region.pdf}
        \caption{Distribution of clear-site-data header usage by region.}\label{fig:clear-site-data}
    \end{figure}
    

The data presented in Figure~\ref{fig:clear-site-data} provides an overview of the use of clear-site-data security headers at \glspl{hei} in \countryName. According to the data, 0.00\% of the public institutions analyzed have not implemented clear-site-data security header on their websites, while 63.64\% of the private institutions analyzed also lack clear-site-data security header.

On a positive note, 0.00\% of the public institutions analyzed have implemented clear-site-data security headers on their websites, while 0.00\% of the private institutions analyzed also implemented that security header.

In terms of regional differences, private institutions in California (0.00\%), Florida (0.00\%), and Georgia (0.00\%) have a higher usag

Unnamed: 0_level_0,id,name,category,Global #,strict-transport-security,x-frame-options,x-content-type-options,content-security-policy,x-permitted-cross-domain-policies,referrer-policy,...,Without Security Headers (Private) #,Without Security Headers (Private) %,With cross-origin-embedder-policy (Public) #,With cross-origin-embedder-policy (Public) %,With cross-origin-embedder-policy (Private) #,With cross-origin-embedder-policy (Private) %,Without cross-origin-embedder-policy (Public) #,Without cross-origin-embedder-policy (Public) %,Without cross-origin-embedder-policy (Private) #,Without cross-origin-embedder-policy (Private) %
region,Unnamed: 1_level_1,Unnamed: 2_level_1,Unnamed: 3_level_1,Unnamed: 4_level_1,Unnamed: 5_level_1,Unnamed: 6_level_1,Unnamed: 7_level_1,Unnamed: 8_level_1,Unnamed: 9_level_1,Unnamed: 10_level_1,Unnamed: 11_level_1,Unnamed: 12_level_1,Unnamed: 13_level_1,Unnamed: 14_level_1,Unnamed: 15_level_1,Unnamed: 16_level_1,Unnamed: 17_level_1,Unnamed: 18_level_1,Unnamed: 19_level_1,Unnamed: 20_level_1,Unnamed: 21_level_1
California,2,2,2,2,2,2,2,2,2,2,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,2.0,100.0
Colorado,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0
Florida,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
Georgia,1,1,1,1,1,1,1,1,1,1,...,1.0,100.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0
Illinois,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
Michigan,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
Minnesota,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
New York,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
Texas,2,2,2,2,2,2,2,2,2,2,...,2.0,100.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0


Unnamed: 0,Region,Global #,Without Security Headers (Public) #,Without Security Headers (Public) %,Without Security Headers (Private) #,Without Security Headers (Private) %,With cross-origin-embedder-policy (Public) #,With cross-origin-embedder-policy (Public) %,With cross-origin-embedder-policy (Private) #,With cross-origin-embedder-policy (Private) %,Without cross-origin-embedder-policy (Public) #,Without cross-origin-embedder-policy (Public) %,Without cross-origin-embedder-policy (Private) #,Without cross-origin-embedder-policy (Private) %
0,California,2,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,2,100.0
1,Florida,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
2,Georgia,1,0,0.0,1,100.0,0,0.0,0,0.0,0,0.0,0,0.0
3,Illinois,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
4,Michigan,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
5,Minnesota,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
6,New York,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
7,Texas,2,0,0.0,2,100.0,0,0.0,0,0.0,0,0.0,0,0.0
8,Colorado,1,1,100.0,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0
9,Total,11,1,9.090909,3,27.272727,0,0.0,0,0.0,0,0.0,7,63.636364



    \begin{figure}[htbp]
        \centering
        \includegraphics[width=0.48\textwidth]{charts/cross-origin-embedder-policy_by_region.pdf}
        \caption{Distribution of cross-origin-embedder-policy header usage by region.}\label{fig:cross-origin-embedder-policy}
    \end{figure}
    

The data presented in Figure~\ref{fig:cross-origin-embedder-policy} provides an overview of the use of cross-origin-embedder-policy security headers at \glspl{hei} in \countryName. According to the data, 0.00\% of the public institutions analyzed have not implemented cross-origin-embedder-policy security header on their websites, while 63.64\% of the private institutions analyzed also lack cross-origin-embedder-policy security header.

On a positive note, 0.00\% of the public institutions analyzed have implemented cross-origin-embedder-policy security headers on their websites, while 0.00\% of the private institutions analyzed also implemented that security header.

In terms of regional differences

Unnamed: 0_level_0,id,name,category,Global #,strict-transport-security,x-frame-options,x-content-type-options,content-security-policy,x-permitted-cross-domain-policies,referrer-policy,...,Without Security Headers (Private) #,Without Security Headers (Private) %,With cross-origin-opener-policy (Public) #,With cross-origin-opener-policy (Public) %,With cross-origin-opener-policy (Private) #,With cross-origin-opener-policy (Private) %,Without cross-origin-opener-policy (Public) #,Without cross-origin-opener-policy (Public) %,Without cross-origin-opener-policy (Private) #,Without cross-origin-opener-policy (Private) %
region,Unnamed: 1_level_1,Unnamed: 2_level_1,Unnamed: 3_level_1,Unnamed: 4_level_1,Unnamed: 5_level_1,Unnamed: 6_level_1,Unnamed: 7_level_1,Unnamed: 8_level_1,Unnamed: 9_level_1,Unnamed: 10_level_1,Unnamed: 11_level_1,Unnamed: 12_level_1,Unnamed: 13_level_1,Unnamed: 14_level_1,Unnamed: 15_level_1,Unnamed: 16_level_1,Unnamed: 17_level_1,Unnamed: 18_level_1,Unnamed: 19_level_1,Unnamed: 20_level_1,Unnamed: 21_level_1
California,2,2,2,2,2,2,2,2,2,2,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,2.0,100.0
Colorado,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0
Florida,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
Georgia,1,1,1,1,1,1,1,1,1,1,...,1.0,100.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0
Illinois,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
Michigan,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
Minnesota,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
New York,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
Texas,2,2,2,2,2,2,2,2,2,2,...,2.0,100.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0


Unnamed: 0,Region,Global #,Without Security Headers (Public) #,Without Security Headers (Public) %,Without Security Headers (Private) #,Without Security Headers (Private) %,With cross-origin-opener-policy (Public) #,With cross-origin-opener-policy (Public) %,With cross-origin-opener-policy (Private) #,With cross-origin-opener-policy (Private) %,Without cross-origin-opener-policy (Public) #,Without cross-origin-opener-policy (Public) %,Without cross-origin-opener-policy (Private) #,Without cross-origin-opener-policy (Private) %
0,California,2,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,2,100.0
1,Florida,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
2,Georgia,1,0,0.0,1,100.0,0,0.0,0,0.0,0,0.0,0,0.0
3,Illinois,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
4,Michigan,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
5,Minnesota,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
6,New York,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
7,Texas,2,0,0.0,2,100.0,0,0.0,0,0.0,0,0.0,0,0.0
8,Colorado,1,1,100.0,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0
9,Total,11,1,9.090909,3,27.272727,0,0.0,0,0.0,0,0.0,7,63.636364



    \begin{figure}[htbp]
        \centering
        \includegraphics[width=0.48\textwidth]{charts/cross-origin-opener-policy_by_region.pdf}
        \caption{Distribution of cross-origin-opener-policy header usage by region.}\label{fig:cross-origin-opener-policy}
    \end{figure}
    

The data presented in Figure~\ref{fig:cross-origin-opener-policy} provides an overview of the use of cross-origin-opener-policy security headers at \glspl{hei} in \countryName. According to the data, 0.00\% of the public institutions analyzed have not implemented cross-origin-opener-policy security header on their websites, while 63.64\% of the private institutions analyzed also lack cross-origin-opener-policy security header.

On a positive note, 0.00\% of the public institutions analyzed have implemented cross-origin-opener-policy security headers on their websites, while 0.00\% of the private institutions analyzed also implemented that security header.

In terms of regional differences, private instit

Unnamed: 0_level_0,id,name,category,Global #,strict-transport-security,x-frame-options,x-content-type-options,content-security-policy,x-permitted-cross-domain-policies,referrer-policy,...,Without Security Headers (Private) #,Without Security Headers (Private) %,With cross-origin-resource-policy (Public) #,With cross-origin-resource-policy (Public) %,With cross-origin-resource-policy (Private) #,With cross-origin-resource-policy (Private) %,Without cross-origin-resource-policy (Public) #,Without cross-origin-resource-policy (Public) %,Without cross-origin-resource-policy (Private) #,Without cross-origin-resource-policy (Private) %
region,Unnamed: 1_level_1,Unnamed: 2_level_1,Unnamed: 3_level_1,Unnamed: 4_level_1,Unnamed: 5_level_1,Unnamed: 6_level_1,Unnamed: 7_level_1,Unnamed: 8_level_1,Unnamed: 9_level_1,Unnamed: 10_level_1,Unnamed: 11_level_1,Unnamed: 12_level_1,Unnamed: 13_level_1,Unnamed: 14_level_1,Unnamed: 15_level_1,Unnamed: 16_level_1,Unnamed: 17_level_1,Unnamed: 18_level_1,Unnamed: 19_level_1,Unnamed: 20_level_1,Unnamed: 21_level_1
California,2,2,2,2,2,2,2,2,2,2,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,2.0,100.0
Colorado,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0
Florida,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
Georgia,1,1,1,1,1,1,1,1,1,1,...,1.0,100.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0
Illinois,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
Michigan,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
Minnesota,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
New York,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
Texas,2,2,2,2,2,2,2,2,2,2,...,2.0,100.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0


Unnamed: 0,Region,Global #,Without Security Headers (Public) #,Without Security Headers (Public) %,Without Security Headers (Private) #,Without Security Headers (Private) %,With cross-origin-resource-policy (Public) #,With cross-origin-resource-policy (Public) %,With cross-origin-resource-policy (Private) #,With cross-origin-resource-policy (Private) %,Without cross-origin-resource-policy (Public) #,Without cross-origin-resource-policy (Public) %,Without cross-origin-resource-policy (Private) #,Without cross-origin-resource-policy (Private) %
0,California,2,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,2,100.0
1,Florida,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
2,Georgia,1,0,0.0,1,100.0,0,0.0,0,0.0,0,0.0,0,0.0
3,Illinois,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
4,Michigan,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
5,Minnesota,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
6,New York,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
7,Texas,2,0,0.0,2,100.0,0,0.0,0,0.0,0,0.0,0,0.0
8,Colorado,1,1,100.0,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0
9,Total,11,1,9.090909,3,27.272727,0,0.0,0,0.0,0,0.0,7,63.636364



    \begin{figure}[htbp]
        \centering
        \includegraphics[width=0.48\textwidth]{charts/cross-origin-resource-policy_by_region.pdf}
        \caption{Distribution of cross-origin-resource-policy header usage by region.}\label{fig:cross-origin-resource-policy}
    \end{figure}
    

The data presented in Figure~\ref{fig:cross-origin-resource-policy} provides an overview of the use of cross-origin-resource-policy security headers at \glspl{hei} in \countryName. According to the data, 0.00\% of the public institutions analyzed have not implemented cross-origin-resource-policy security header on their websites, while 63.64\% of the private institutions analyzed also lack cross-origin-resource-policy security header.

On a positive note, 0.00\% of the public institutions analyzed have implemented cross-origin-resource-policy security headers on their websites, while 0.00\% of the private institutions analyzed also implemented that security header.

In terms of regional differences

Unnamed: 0_level_0,id,name,category,Global #,strict-transport-security,x-frame-options,x-content-type-options,content-security-policy,x-permitted-cross-domain-policies,referrer-policy,...,Without Security Headers (Private) #,Without Security Headers (Private) %,With cache-control (Public) #,With cache-control (Public) %,With cache-control (Private) #,With cache-control (Private) %,Without cache-control (Public) #,Without cache-control (Public) %,Without cache-control (Private) #,Without cache-control (Private) %
region,Unnamed: 1_level_1,Unnamed: 2_level_1,Unnamed: 3_level_1,Unnamed: 4_level_1,Unnamed: 5_level_1,Unnamed: 6_level_1,Unnamed: 7_level_1,Unnamed: 8_level_1,Unnamed: 9_level_1,Unnamed: 10_level_1,Unnamed: 11_level_1,Unnamed: 12_level_1,Unnamed: 13_level_1,Unnamed: 14_level_1,Unnamed: 15_level_1,Unnamed: 16_level_1,Unnamed: 17_level_1,Unnamed: 18_level_1,Unnamed: 19_level_1,Unnamed: 20_level_1,Unnamed: 21_level_1
California,2,2,2,2,2,2,2,2,2,2,...,0.0,0.0,0.0,0.0,2.0,100.0,0.0,0.0,0.0,0.0
Colorado,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0
Florida,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,1.0,100.0,0.0,0.0,0.0,0.0
Georgia,1,1,1,1,1,1,1,1,1,1,...,1.0,100.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0
Illinois,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,1.0,100.0,0.0,0.0,0.0,0.0
Michigan,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,1.0,100.0,0.0,0.0,0.0,0.0
Minnesota,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,1.0,100.0,0.0,0.0,0.0,0.0
New York,1,1,1,1,1,1,1,1,1,1,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,100.0
Texas,2,2,2,2,2,2,2,2,2,2,...,2.0,100.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0


Unnamed: 0,Region,Global #,Without Security Headers (Public) #,Without Security Headers (Public) %,Without Security Headers (Private) #,Without Security Headers (Private) %,With cache-control (Public) #,With cache-control (Public) %,With cache-control (Private) #,With cache-control (Private) %,Without cache-control (Public) #,Without cache-control (Public) %,Without cache-control (Private) #,Without cache-control (Private) %
0,California,2,0,0.0,0,0.0,0,0.0,2,100.0,0,0.0,0,0.0
1,Florida,1,0,0.0,0,0.0,0,0.0,1,100.0,0,0.0,0,0.0
2,Georgia,1,0,0.0,1,100.0,0,0.0,0,0.0,0,0.0,0,0.0
3,Illinois,1,0,0.0,0,0.0,0,0.0,1,100.0,0,0.0,0,0.0
4,Michigan,1,0,0.0,0,0.0,0,0.0,1,100.0,0,0.0,0,0.0
5,Minnesota,1,0,0.0,0,0.0,0,0.0,1,100.0,0,0.0,0,0.0
6,New York,1,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,1,100.0
7,Texas,2,0,0.0,2,100.0,0,0.0,0,0.0,0,0.0,0,0.0
8,Colorado,1,1,100.0,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0
9,Total,11,1,9.090909,3,27.272727,0,0.0,6,54.545455,0,0.0,1,9.090909



    \begin{figure}[htbp]
        \centering
        \includegraphics[width=0.48\textwidth]{charts/cache-control_by_region.pdf}
        \caption{Distribution of cache-control header usage by region.}\label{fig:cache-control}
    \end{figure}
    

The data presented in Figure~\ref{fig:cache-control} provides an overview of the use of cache-control security headers at \glspl{hei} in \countryName. According to the data, 0.00\% of the public institutions analyzed have not implemented cache-control security header on their websites, while 9.09\% of the private institutions analyzed also lack cache-control security header.

On a positive note, 0.00\% of the public institutions analyzed have implemented cache-control security headers on their websites, while 54.55\% of the private institutions analyzed also implemented that security header.

In terms of regional differences, private institutions in California (100.00\%), Florida (100.00\%), and Illinois (100.00\%) have a higher usage of cach