I can't honestly think of any website that enforces password rotation. Except for corporate application websites, which I would consider application's that fall under my companies password security regime.
I wouldn't want to image a world where every website would force me to rotate my password, each with it's own interval and method. Imagine the upkeep time cost.
Many of my banks do password rotation forces - one which annoyingly requires you to update your password if you haven't logged in in 90 days - but doesn't count Touch ID on their app as a login.
Almost every .gov I work with requires it regularly, along with account deactivation if you haven't logged in very recently.
There's one particular website I have to log into exactly once per year. I have monthly reminders to log into and change my password anyway, lest I have to create a new account 10 months later.
I wouldn't want to image a world where every website would force me to rotate my password, each with it's own interval and method. Imagine the upkeep time cost.