HTTPS and SSL adoption statistics
Cite this Research
Cite this research
Perlman, M. (2026, July 8). HTTPS and SSL adoption statistics. Web Hosting Services. https://webhostingservices.co/research/https-ssl-adoption-statistics
Perlman, Mendy. “HTTPS and SSL Adoption Statistics.” Web Hosting Services, 8 July 2026, https://webhostingservices.co/research/https-ssl-adoption-statistics.
Perlman, Mendy. “HTTPS and SSL Adoption Statistics.” Web Hosting Services. Last modified July 8, 2026. https://webhostingservices.co/research/https-ssl-adoption-statistics.
Research highlights: About 90% of all websites now use HTTPS by default (90.1% per W3Techs), up from around 27% at the 2016 point in W3Techs’ yearly history. Google reports 95% to 99% of Chrome navigations are encrypted, a level that has largely plateaued since about 2020. Let’s Encrypt, the world’s largest certificate authority, serves more than 700 million websites and issues around 10 million certificates on some days. The certificate-authority market is highly concentrated, with Let’s Encrypt far ahead in W3Techs’ website-based tracker.
What percent of websites use HTTPS?
Note: HTTPS adoption figures vary by source and by whether all sites or top sites are measured.
- About 90.1% of all websites use HTTPS by default, per W3Techs.
- That leaves roughly 9.9% still served over plain HTTP.
- Among the top 100,000 sites, HTTPS adoption rises to about 94.6%.
- W3Techs’ yearly history shows adoption near 27% at the 2016 point, so the shift has been dramatic.
- HTTPS has moved from a security feature to the default standard for the web.
|
Measure |
HTTPS adoption |
|
All websites (2026) |
~90.1% |
|
Top 100,000 sites |
~94.6% |
|
Non-HTTPS (2026) |
~9.9% |
|
All websites (2016 point, W3Techs history) |
~27% |
The encryption of the web is nearly complete. What was a minority practice in the mid-2010s is now the default, driven by free certificates, browser warnings and Google’s use of HTTPS as a lightweight ranking signal that rewards secure sites.
How many SSL certificates has Let’s Encrypt issued?
Note: Let’s Encrypt figures are live counts that shift over time, so these are recent reported values.
- Let’s Encrypt is the world’s largest certificate authority, serving more than 700 million websites.
- It grew from serving 492 million websites to 762 million over the past year.
- It issues around 10 million certificates on some days, most of them renewals.
- It reached 1 billion total certificates issued back in 2020.
- Its standard certificates last 90 days, and Let’s Encrypt recommends renewing 90-day certificates every 60 days.
|
Metric |
Figure |
|
Websites served |
700 million+ (762 million) |
|
Certificates on peak days |
~10 million |
|
Total certificates by 2020 |
1 billion |
Let’s Encrypt helped democratize HTTPS. By making certificates free and automatic, it removed much of the cost and complexity that once kept encryption out of reach for small sites, reshaping the security landscape.
What share of Chrome navigations use HTTPS?
Note: browser-level figures come from Google’s reporting on the percentage of Chrome navigations using HTTPS.
- Google reports 95% to 99% of Chrome navigations now use HTTPS.
- That is up from around 30% to 45% in 2015, with growth largely plateauing by 2020.
- Encryption rates vary by operating system, with several platforms above 99% for public sites.
- Since Chrome 68 in July 2018, browsers flag plain HTTP pages as “Not Secure.”
- Google has used HTTPS as a lightweight search ranking signal since 2014.
|
Metric |
Figure |
|
Chrome navigations over HTTPS (recent) |
95% to 99% |
|
Same figure in 2015 |
30% to 45% |
Navigation-level encryption sits higher than site-level adoption because the busiest sites secured themselves first. Google now plans to turn on Always Use Secure Connections by default in Chrome 154 in October 2026, nudging the last HTTP holdouts to switch.
Which certificate authorities have the largest market share?
Note: CA share depends heavily on the measure, since website-based usage and detection counts can rank providers differently.
- By website usage, W3Techs puts Let’s Encrypt first at about 64.9% of all sites (68.4% of sites with a known CA).
- GlobalSign ranks second by website at roughly 19.3%, with Sectigo near 5.0%.
- GoDaddy and DigiCert follow at about 3.7% and 1.7% by website.
- Detection-based datasets can rank certificate authorities differently because they count certificate technologies, hosted domains, parked domains or traffic tiers in different ways.
- Those detection-based rankings should not be compared directly with W3Techs’ website-based certificate-authority share.
|
Authority |
Share by website (W3Techs) |
|
Let’s Encrypt |
~64.9% (68.4% where CA known) |
|
GlobalSign |
~19.3% |
|
Sectigo |
~5.0% |
The ranking shifts with the measure. W3Techs counts certificate-authority usage by website, while detection-based tools count certificate technologies across their own datasets. Those methods can produce different rankings, so the figures should not be treated as interchangeable. For pricing, see our SSL certificate cost research.
How many types of SSL certificates are there?
- There are three main validation levels: domain (DV), organization (OV) and extended (EV).
- DV certificates dominate at about 94.3% of issued certificates, per Netcraft data.
- OV accounts for roughly 5.5%, with EV at just 0.1%.
- Certificates also vary by coverage: single-domain, wildcard and multi-domain.
- For public TLS certificates, maximum validity drops to 47 days for certificates issued on or after March 15, 2029.
|
Validation type |
Share of certificates |
|
Domain validation (DV) |
~94.3% |
|
Organization validation (OV) |
~5.5% |
|
Extended validation (EV) |
~0.1% |
The overwhelming dominance of DV reflects how the web secured itself. Free, instant domain-validated certificates met the need of most sites, leaving business-identity certificates a small niche for ecommerce and finance. For the full pricing picture, see our SSL certificate cost research.
Sources & additional resources
- W3Techs. “Usage Statistics of Default Protocol HTTPS for Websites.” W3Techs.
- W3Techs. “Historical Yearly Trends in HTTPS Usage.” W3Techs.
- W3Techs. “HTTPS Usage by Site Ranking.” W3Techs.
- W3Techs. “Usage Statistics of SSL Certificate Authorities.” W3Techs.
- Google. “HTTPS by Default.” Google Online Security Blog.
- Google. “A Secure Web Is Here to Stay.” Google Online Security Blog.
- Google. “HTTPS as a Ranking Signal.” Google Online Security Blog.
- Let’s Encrypt. “10 Years of Let’s Encrypt Certificates.” Let’s Encrypt.
- Let’s Encrypt. “A Note from Our Executive Director.” Let’s Encrypt 2025 Annual Report.
- Let’s Encrypt. “Frequently Asked Questions.” Let’s Encrypt.
- SSL Dragon. “Essential SSL Statistics and Trends.” SSL Dragon.
- BuiltWith. “SSL Certificate Authority Usage.” BuiltWith.
- CA/Browser Forum. “Baseline Requirements for TLS Server Certificates.” CA/Browser Forum.
Web Hosting Services helps you secure your site for less, with SSL and hosting research, hosting deals and managed WordPress hosting for site owners who want HTTPS handled without the hassle.
Disclaimer: This article is for informational purposes only and is not legal, technical, security, business, financial, tax or purchasing advice. HTTPS adoption figures, SSL certificate statistics, certificate-authority market share, browser encryption data, certificate issuance counts, validation-type shares, certificate lifespan rules, ranking-signal references, third-party tracker data and security standards can change at any time and may vary by source, reporting period, definition, methodology, browser, certificate type, traffic tier and website sample. Always confirm current figures, certificate requirements, browser policies, CA/Browser Forum rules, provider terms, renewal practices and security obligations directly with the cited data provider, certificate authority, browser vendor, official standards body, hosting provider or qualified security professional before making technical, security, business, hosting or purchasing decisions based on HTTPS and SSL adoption statistics.