There have been several studies which have attempted to answer this question, such as Google’s Transparency Report showing 95%+ of traffic as secure, and Scott Helme’s estimate of 51%, which used the top 1,000,000 sites according to Alexa Rankings.
Here at 101domain, we have access to a lot of registered domain names that aren’t necessarily one of the top websites according to Alexa, so our data is a better “random” sample of websites, whereas top websites tend to be more secure.
We used a sample size of 238,000 websites for our study.
This article needs to be nuanced, since the question “What Percent of Domains Use an SSL Certificate?” is not as straightforward as you might think. For example, consider the following questions:
In addition to getting an accurate count of what percent of domains use an active SSL certificate, we also created a breakdown of the different validation types:
Finally, as a part of our crawler, we checked to see what percent of domain names use Cloudflare (and how that compares to other estimates).
Our best estimate according to 238,000 domains analyzed is that about 32.5% of resolved domains have an SSL certificate.*
Our data shows that about 77.3% of domains resolved (either directly or through forwarding to a domain that did resolve), so when you add in domains which did not resolve, the percent of domains using an SSL certificate drops to 25.1%.
And of the domains that resolved, about 40.3% of them forwarded to another domain before resolving (which means that the absolute % of registered domains using an SSL certificate may be even lower).
To contrast our numbers with other analyses conducted, other studies cited earlier show that 50%+ of websites show as secure (and that was back in 2018).
Clearly, the data skews higher when analyzing the top 100,000 or top 1,000,000 websites.
*It’s important to note that some of the domains with an SSL certificate may not have set up the SSL certificate correctly, or still may not show as “secure” since any non-secure link on a page will toggle the web address bar as not secure.
Our data shows that a vast majority of sites which use an SSL certificate use a domain validation (DV) certificate (80.5%).
This is followed by OV certificates (17.5%), then Extended Validation (2%).
We believe the reason for this percentage breakdown is, domain validation SSL certificates are the cheapest and the easiest to set up (101domain offers DV SSL certificates for $14.99 and setup is instant).
OV certificates offer a bit more security, but are more expensive and more difficult to set up.
And although EV certificates are the most secure and used to show a green lock icon along with the organization’s name in the web address bar, extended validation is the most expensive and very rigorous to set up.
The percent of SSLs that are “wildcard” (meaning, the SSL certificate also secures all subdomains set up on the domain) is only 1.8%.
About 40% of SSLs were free, and almost all of them were provided by Let’s Encrypt, an SSL authority which is steadily growing.
Our research showed that of the 183,993 domains that resolved, 6.25% of them used Cloudflare.
When you add in domains which did not resolve, only 4.83% use Cloudflare.
This stands in contrast with w3techs.com’s estimate of 14.4% of all websites (as of writing 9/23/20).
Once again, we believe that this due to only analyzing top or popular websites, which have a higher likelihood of using Cloudflare.
Let’s Encrypt is currently the #1 SSL provider.
While getting an SSL can be free, purchasing an SSL certificate from your domain registrar is easier and allows you to manage your domain and SSL certificates all in one place.
101domain allows you to auto-renew your SSL, and also has a support team that free SSL providers do not.
Additionally, some organizations need the enhanced security that OV and EV certificates can offer.
Read our guide here to better understand your organization’s SSL certificate needs
If you are researching what percentage of domains use an SSL because you’re deciding on whether or not your website should have an SSL certificate, the answer is “yes” if you care about your website at all.
Google has stated that secure websites will receive preferential treatment over unsecure websites in its rankings.
Other studies have shown that users are less likely to trust sites without an SSL certificate.
Not only that, SSL certificates are very inexpensive—or even free.
is “to achieve 100% encryption across [their] products and services.”
If you would like to be a site Google and other tech giants look to send traffic to, it’s imperative that you configure an SSL certificate on your website.