What Percent of Domains Use an SSL Certificate? Still less than 1/3

There have been several studies which have attempted to answer this question, such as Google’s Transparency Report showing 95%+ of traffic as secure, and Scott Helme’s estimate of 51%, which used the top 1,000,000 sites according to Alexa Rankings.

Here at 101domain, we have access to a lot of registered domain names that aren’t necessarily one of the top websites according to Alexa, so our data is a better “random” sample of websites, whereas top websites tend to be more secure.

We used a sample size of 238,000 websites for our study.

This article needs to be nuanced, since the question “What Percent of Domains Use an SSL Certificate?” is not as straightforward as you might think. For example, consider the following questions:

• Should domain names that do not resolve at all, or ones that are “parked” be included in the calculation?
• Should you include domain names which 301 redirect (or forward) to another domain name in your calculation?
• What if a website has an SSL that is not set up correctly?

In addition to getting an accurate count of what percent of domains use an active SSL certificate, we also created a breakdown of the different validation types:

• Domain Validation (DV) vs. Organization Validation (OV) vs. Extended Validation (EV)
• What percent of SSLs are a “Wildcard” (which also secure all subdomains on the site)
• What percent of websites use a free SSL certificate
• Which SSL authorities issued the most SSL certificates

Finally, as a part of our crawler, we checked to see what percent of domain names use Cloudflare (and how that compares to other estimates).

What Percent of Websites Have an SSL Certificate?

Our best estimate according to 238,000 domains analyzed is that about 32.5% of resolved domains have an SSL certificate.*

Our data shows that about 77.3% of domains resolved (either directly or through forwarding to a domain that did resolve), so when you add in domains which did not resolve, the percent of domains using an SSL certificate drops to 25.1%.

And of the domains that resolved, about 40.3% of them forwarded to another domain before resolving (which means that the absolute % of registered domains using an SSL certificate may be even lower).

To contrast our numbers with other analyses conducted, other studies cited earlier show that 50%+ of websites show as secure (and that was back in 2018).

Clearly, the data skews higher when analyzing the top 100,000 or top 1,000,000 websites.

*It’s important to note that some of the domains with an SSL certificate may not have set up the SSL certificate correctly, or still may not show as “secure” since any non-secure link on a page will toggle the web address bar as not secure.

What Type of SSL Certificate Is Most Frequently Used – DV, OV, or EV?

• Domain Validation (DV): 80.5%
• Organization Validation (OV): 17.5%
• Extended Validation (EV): 2%

Our data shows that a vast majority of sites which use an SSL certificate use a domain validation (DV) certificate (80.5%).

This is followed by OV certificates (17.5%), then Extended Validation (2%).

We believe the reason for this percentage breakdown is, domain validation SSL certificates are the cheapest and the easiest to set up (101domain offers DV SSL certificates for $14.99 and setup is instant).

OV certificates offer a bit more security, but are more expensive and more difficult to set up.

And although EV certificates are the most secure and used to show a green lock icon along with the organization’s name in the web address bar, extended validation is the most expensive and very rigorous to set up.

What % of SSL Certificates Are Wildcard Certificates?

The percent of SSLs that are “wildcard” (meaning, the SSL certificate also secures all subdomains set up on the domain) is only 1.8%.

What % of SSL Certificates Were Free?

About 40% of SSLs were free, and almost all of them were provided by Let’s Encrypt, an SSL authority which is steadily growing.

What Percent of Domains Use Cloudflare?

Our research showed that of the 183,993 domains that resolved, 6.25% of them used Cloudflare.

When you add in domains which did not resolve, only 4.83% use Cloudflare.

This stands in contrast with w3techs.com’s estimate of 14.4% of all websites (as of writing 9/23/20).

Once again, we believe that this due to only analyzing top or popular websites, which have a higher likelihood of using Cloudflare.

Top 12 SSL Certificate Authorities – Percent Breakdown

1. Let’s Encrypt 38.81%
2. Cloudflare 16.23%
3. DigiCert 10.32%
4. Sectigo 6.15%
5. GoDaddy 5.03%
6. cPanel 4.79%
7. Amazon 4.75%
8. Encryption 2.90%
9. GeoTrust 1.92%
10. GlobalSign 1.75%
11. COMODO 1.49%
12. RapidSSL 1.45%

Let’s Encrypt is currently the #1 SSL provider.

While getting an SSL can be free, purchasing an SSL certificate from your domain registrar is easier and allows you to manage your domain and SSL certificates all in one place.

101domain allows you to auto-renew your SSL, and also has a support team that free SSL providers do not.

Additionally, some organizations need the enhanced security that OV and EV certificates can offer.

Read our guide here to better understand your organization’s SSL certificate needs

Conclusion

If you are researching what percentage of domains use an SSL because you’re deciding on whether or not your website should have an SSL certificate, the answer is “yes” if you care about your website at all.

Google has stated that secure websites will receive preferential treatment over unsecure websites in its rankings.

Other studies have shown that users are less likely to trust sites without an SSL certificate.

Not only that, SSL certificates are very inexpensive—or even free.

If you would like to be a site Google and other tech giants look to send traffic to, it’s imperative that you configure an SSL certificate on your website.