The internet is making strides towards universal encryption

51.8% of the Alexa Top Million websites now use SSL/TLS and are being served via HTTPS. This is fantastic news for the proliferation of encryption, but there is still a long way left to go. The Alexa top million actually isn’t even a thing anymore. Amazon, which keeps the Alexa top website lists, discontinued putting out information for the top million months ago, but an enterprising group of researchers has kept it alive and continue to pull actionable information from it.

Scott Helme has to publish Alexa top million information for seven months, he published his latest findings at the end of August and they are promising to say the least. Over half of the top million websites are now making secure connections.

As late as January of this year adoption was still below 40%. But a few things have happened since then to push more websites towards HTTPS. The biggest, obviously, is Google’s decision to mandate SSL. Starting in July, all websites that were still being served over HTTP started getting penalized with browser warnings.

Obviously, most people heed browser warnings, which means SSL is now basically a requirement. And websites have responded, migrating to HTTPS en masse.

HTTPS adoption wasn’t the only thing on the rise, either. Helme also found that there has been a 40% increase in Content Security Policy (CSP) headers and a 23% increase in the use of HTTP Strict Transport Security (HSTS) headers, too.

The only metric that appears to be dropping off is key pinning, which has been largely dismissed by the infosec community as unnecessarily dangerous.

Some other interesting notes from Helme’s research:

Extended Validation SSL certificates haven’t seen much of an increase in use, despite the growth of the SSL certificate market in general.

Let’s Encrypt now has 147 million active certificates and issues 930,000 per day.

Elliptic Curve Cryptography continues to wait in the wings while most sites use RSA for their private keys

Said, Helme:“[HTTPS] adoption has picked up again and we’re continuing to see that sharp incline sustained. The growth shown here in this graph is unrivalled in any other security mechanism and if you think about the effort required to achieve this, how impressive it is becomes crystal clear.”

Related Post: