HTTPS and SSL adoption statistics

Mendy Perlman, Researcher at Web Hosting Services By: Mendy Perlman | Updated: July 8, 2026 | Fact Checked |
Cite this Research

Cite this research

APA

Perlman, M. (2026, July 8). HTTPS and SSL adoption statistics. Web Hosting Services. https://webhostingservices.co/research/https-ssl-adoption-statistics

MLA

Perlman, Mendy. “HTTPS and SSL Adoption Statistics.” Web Hosting Services, 8 July 2026, https://webhostingservices.co/research/https-ssl-adoption-statistics.

Chicago

Perlman, Mendy. “HTTPS and SSL Adoption Statistics.” Web Hosting Services. Last modified July 8, 2026. https://webhostingservices.co/research/https-ssl-adoption-statistics.

Research highlights: About 90% of all websites now use HTTPS by default (90.1% per W3Techs), up from around 27% at the 2016 point in W3Techs’ yearly history. Google reports 95% to 99% of Chrome navigations are encrypted, a level that has largely plateaued since about 2020. Let’s Encrypt, the world’s largest certificate authority, serves more than 700 million websites and issues around 10 million certificates on some days. The certificate-authority market is highly concentrated, with Let’s Encrypt far ahead in W3Techs’ website-based tracker.

Featured image showing ~90.1% of websites use HTTPS by default, 95% to 99% of Chrome navigations encrypted, and a bar of certificate authority market share led by Let's Encrypt.
About 90.1% of websites now default to HTTPS, and one certificate authority issues most of them.

What percent of websites use HTTPS?

Note: HTTPS adoption figures vary by source and by whether all sites or top sites are measured.

  • About 90.1% of all websites use HTTPS by default, per W3Techs.
  • That leaves roughly 9.9% still served over plain HTTP.
  • Among the top 100,000 sites, HTTPS adoption rises to about 94.6%.
  • W3Techs’ yearly history shows adoption near 27% at the 2016 point, so the shift has been dramatic.
  • HTTPS has moved from a security feature to the default standard for the web.

Measure

HTTPS adoption

All websites (2026)

~90.1%

Top 100,000 sites

~94.6%

Non-HTTPS (2026)

~9.9%

All websites (2016 point, W3Techs history)

~27%

The encryption of the web is nearly complete. What was a minority practice in the mid-2010s is now the default, driven by free certificates, browser warnings and Google’s use of HTTPS as a lightweight ranking signal that rewards secure sites.



How many SSL certificates has Let’s Encrypt issued?

Note: Let’s Encrypt figures are live counts that shift over time, so these are recent reported values.

  • Let’s Encrypt is the world’s largest certificate authority, serving more than 700 million websites.
  • It grew from serving 492 million websites to 762 million over the past year.
  • It issues around 10 million certificates on some days, most of them renewals.
  • It reached 1 billion total certificates issued back in 2020.
  • Its standard certificates last 90 days, and Let’s Encrypt recommends renewing 90-day certificates every 60 days.

Metric

Figure

Websites served

700 million+ (762 million)

Certificates on peak days

~10 million

Total certificates by 2020

1 billion

Let’s Encrypt helped democratize HTTPS. By making certificates free and automatic, it removed much of the cost and complexity that once kept encryption out of reach for small sites, reshaping the security landscape.



What share of Chrome navigations use HTTPS?

Note: browser-level figures come from Google’s reporting on the percentage of Chrome navigations using HTTPS.

  • Google reports 95% to 99% of Chrome navigations now use HTTPS.
  • That is up from around 30% to 45% in 2015, with growth largely plateauing by 2020.
  • Encryption rates vary by operating system, with several platforms above 99% for public sites.
  • Since Chrome 68 in July 2018, browsers flag plain HTTP pages as “Not Secure.”
  • Google has used HTTPS as a lightweight search ranking signal since 2014.

Metric

Figure

Chrome navigations over HTTPS (recent)

95% to 99%

Same figure in 2015

30% to 45%

Navigation-level encryption sits higher than site-level adoption because the busiest sites secured themselves first. Google now plans to turn on Always Use Secure Connections by default in Chrome 154 in October 2026, nudging the last HTTP holdouts to switch.



Which certificate authorities have the largest market share?

Note: CA share depends heavily on the measure, since website-based usage and detection counts can rank providers differently.

  • By website usage, W3Techs puts Let’s Encrypt first at about 64.9% of all sites (68.4% of sites with a known CA).
  • GlobalSign ranks second by website at roughly 19.3%, with Sectigo near 5.0%.
  • GoDaddy and DigiCert follow at about 3.7% and 1.7% by website.
  • Detection-based datasets can rank certificate authorities differently because they count certificate technologies, hosted domains, parked domains or traffic tiers in different ways.
  • Those detection-based rankings should not be compared directly with W3Techs’ website-based certificate-authority share.

Authority

Share by website (W3Techs)

Let’s Encrypt

~64.9% (68.4% where CA known)

GlobalSign

~19.3%

Sectigo

~5.0%

The ranking shifts with the measure. W3Techs counts certificate-authority usage by website, while detection-based tools count certificate technologies across their own datasets. Those methods can produce different rankings, so the figures should not be treated as interchangeable. For pricing, see our SSL certificate cost research.



How many types of SSL certificates are there?

  • There are three main validation levels: domain (DV), organization (OV) and extended (EV).
  • DV certificates dominate at about 94.3% of issued certificates, per Netcraft data.
  • OV accounts for roughly 5.5%, with EV at just 0.1%.
  • Certificates also vary by coverage: single-domain, wildcard and multi-domain.
  • For public TLS certificates, maximum validity drops to 47 days for certificates issued on or after March 15, 2029.

Validation type

Share of certificates

Domain validation (DV)

~94.3%

Organization validation (OV)

~5.5%

Extended validation (EV)

~0.1%

The overwhelming dominance of DV reflects how the web secured itself. Free, instant domain-validated certificates met the need of most sites, leaving business-identity certificates a small niche for ecommerce and finance. For the full pricing picture, see our SSL certificate cost research.



Sources & additional resources

Web Hosting Services helps you secure your site for less, with SSL and hosting research, hosting deals and managed WordPress hosting for site owners who want HTTPS handled without the hassle.

Disclaimer: This article is for informational purposes only and is not legal, technical, security, business, financial, tax or purchasing advice. HTTPS adoption figures, SSL certificate statistics, certificate-authority market share, browser encryption data, certificate issuance counts, validation-type shares, certificate lifespan rules, ranking-signal references, third-party tracker data and security standards can change at any time and may vary by source, reporting period, definition, methodology, browser, certificate type, traffic tier and website sample. Always confirm current figures, certificate requirements, browser policies, CA/Browser Forum rules, provider terms, renewal practices and security obligations directly with the cited data provider, certificate authority, browser vendor, official standards body, hosting provider or qualified security professional before making technical, security, business, hosting or purchasing decisions based on HTTPS and SSL adoption statistics.

Vertical infographic on HTTPS and SSL adoption showing ~90.1% of websites encrypted by default, Let's Encrypt at ~64.9% certificate authority share, and domain validated certificates at ~94.3%.
Nearly the entire web is encrypted, and free, automated domain validation is the reason why.