← All insights
Research

State of TLS on the public web

Updated July 11, 2026. Based on 3,153 unique hostnames scanned by SecureMonk users between March 7, 2026 and July 11, 2026, latest scan per host.

TLS configuration is one of the clearer signals of an organization's security maturity. It changes slowly, requires deliberate effort, and exposes choices that operators sometimes forget to revisit. Here is what the most recent scan per host looks like in our dataset.

About 1 in 5 sites still allow TLS 1.0 or 1.1

678 of 3,153 sites (21.5%) accept connections over TLS 1.0 or TLS 1.1. Both protocols have been formally deprecated since 2020. Most major browsers refuse them by default, but many libraries, devices, and back-end clients will accept them if the server offers them, which means leaving them enabled keeps the historical attack surface alive without any benefit.

The fix is usually a one-line server-config change.

OCSP stapling is rare

Only 598 of 3,153 sites (19.0%) staple OCSP responses. The rest leave clients to fetch revocation status separately, which adds a round trip to the first handshake and exposes the visitor's IP to the certificate authority.

Adoption is low because the gain is invisible to the operator. The site loads either way. The latency saving is real but uncelebrated.

Cipher hygiene is mixed

657 sites (20.8%) still negotiate at least one CBC-mode cipher suite. The CBC implementations in TLS 1.0 and 1.1 are vulnerable to BEAST and related padding-oracle attacks, which is why TLS 1.3 dropped CBC entirely. Modern configs default to AEAD ciphers (AES-GCM or ChaCha20-Poly1305).

Key-algorithm mix

1,568 sites use RSA certificates (49.7%) and 1,527 use ECDSA (48.4%). Twenty years ago this would have been a rounding error in favor of RSA. The shift is driven by Let's Encrypt issuing ECDSA chains by default for accounts that request them, faster handshakes on mobile, and smaller signature sizes on every request.

Where the certificates come from

The five most common issuer common-names in the dataset are all Let's Encrypt intermediates. Let's Encrypt is the dominant CA across our sample by a wide margin. DigiCert, Sectigo, GeoTrust, and Amazon Trust Services round out the long tail.

Issuer common nameSites
WE1693
R12368
R13323
E7318
E8300

Methodology

Numbers above use the most recent scan per hostname. The dataset is 3,153 unique hostnames scanned through SecureMonk between 2026-03-07 and 2026-07-11. This is not a random sample of the internet. Sites scanned through SecureMonk skew toward developer-curiosity targets and the homelabs and personal projects of the people running the scans. Treat the absolute percentages as a snapshot of this corner of the web, not a global figure.