In the April 2014 survey we received responses from 958,919,789 sites — 39 million more than last month.
Microsoft made the largest gain this month, with nearly 31 million additional sites boosting its market share by 1.9 percentage points. IIS is now used by a third of the world's websites. Although this is not Microsoft's largest ever market share (it reached 37% in October 2007), this is the closest it has ever been to Apache's leading market share, leaving Apache only 4.7 points ahead. Although Apache gained 6.9 million sites, this was not enough to prevent its market share falling by 0.87 to 37.7%. nginx, which gained 3.1 million sites, also lost some of its market share.
More than 70% of this month's new IIS-powered websites are hosted in the US, followed by 22% in China. Nearly 20 million of the new IIS sites in the US are hosted by a single company, Nobis Technology Group, which was also responsible for much of Microsoft's growth in February. A smaller amount of Microsoft IIS growth was also seen on the Windows Azure platform (which will be renamed to Microsoft Azure on April 3), where the total number of active sites has grown by 25% since February, when we compared the platform against Amazon AWS. 84% of all active sites hosted on the Azure platform are running Microsoft web server software.
Many of the new IIS sites hosted by Nobis Technology Group feature similar content and form part of a Chinese link farm. Link farming is often an attempt to influence search engine results, and each individual site within a link farm is typically of little interest to a human. Netcraft's active sites metric therefore provides a better idea of how many websites are actively managed rather than being automatically generated en mass, such as link farm content and domain holding pages. Of the 114 million sites hosted by Nobis, only a fifth are counted as active sites.
In terms of active sites, Apache remains in a much stronger position with a 52% share of the market, compared with Microsoft's 11%. A significantly higher proportion of Apache sites are active: 26% of all Apache sites were deemed to be active, whereas only 6% of Microsoft's were. nginx takes a 14% share of the active sites market, putting it 3 points ahead of Microsoft.
Apache also fares well amongst the million busiest sites, where there is intrinsically very little interference from domain holding pages, link farms and other web spam. Here Apache takes a 53% share of the market, while nginx has 18% and Microsoft has 12%. Although only 3% of the top million sites use Google web server software, Google's dominance amongst the very busiest sites give it a presence on 8 of the top 10 sites.
Both Apache and nginx were affected by security vulnerabilities which were resolved during March, whereas Microsoft IIS has yet to be affected by publicly-known security issues this year.
The latest version of Apache (2.4.9) was released on March 17. The Apache Software Foundation describes this as representing fifteen years of innovation by the project, and this major release of the 2.4 stable branch is recommended over all previous releases. Nevertheless, it is still common for many websites to use the legacy 2.2 branch of releases, or even older versions. Apache 2.4.9 is primarily a security and bug fix release, although it also includes the changes introduced in 2.4.8, which was not actually released. A workaround for a bug in older versions of OpenSSL, which prevented the release of 2.4.8, has been included in 2.4.9.
Although Apache 2.4.8 was not released, the development version (Apache/2.4.8-dev) was found on 675 sites during this survey, which ran in March. Nearly all of these sites were running on FreeBSD servers which belonged to various Apache projects, mostly Apache HTTPD and Apache OpenOffice.
The stable branch of nginx was updated twice during March. Two bugs were resolved in nginx 1.4.6, which was released on March 4. nginx 1.4.7 was then released on March 18, addressing another bug and a heap buffer overflow vulnerability. This security vulnerability affected nginx's SPDY module, where a specially crafted request could allow a remote attacker to execute arbitrary code on a vulnerable web server. nginx is notable for its SPDY support, which is used extensively by CloudFlare and also by Automattic, which hosts millions of WordPress blogs and co-sponsored the development of the ngx_http_spdy_module. The same SPDY vulnerability also affected the mainline branch of nginx, which was resolved with the release of nginx 1.5.12.
Many of the new generic top level domains (gTLDs) are starting to appear in Netcraft's Web Server Survey in significant numbers. For example, the previous survey saw only one website using the .guru gTLD, whereas this month's survey (which ran during March) found 36 thousand. Other gTLDs which have shown significant growth since last month's survey include .photography, .today, .tips, .technology, .directory, .land, .gallery, .estate and .singles.
Amongst established TLDs, the number of sites using the .ga country code top level domain grew by 140% this month. The My GA website allows .ga domains to be registered for free from between 1 and 12 months, which has no doubt helped towards their goal of increasing the awareness of Gabon across the globe. The .ga ccTLD is administered by the Agence Nationale des Infrastructures Numériques et des Fréquences (ANINF) in Libreville, Gabon, while the registration process is provided by Freenom, who also provide free domain registrations for the more popular .tk ccTLD. Registered Freenom users are allowed an unlimited number of domain name renewals on both the .ga and .tk d domains, while paying customers can choose to register domains for as long as 10 years in one go and can automatically renew the registration.
Free and easily-registerable domain names are obviously attractive to fraudsters: During February, Netcraft blocked nearly 1,500 unique phishing sites hosted on .ga domains alone, and this figure jumped to more than 2,400 in March. The vast majority of these phishing attacks targeted Chinese companies, particularly the Taobao marketplace and the Alipay online payment escrow service.
Developer March 2014 Percent April 2014 Percent Change Apache 354,956,660 38.60% 361,853,003 37.74% -0.87 Microsoft 286,014,566 31.10% 316,843,695 33.04% 1.94 nginx 143,095,181 15.56% 146,204,067 15.25% -0.31 20,960,422 2.28% 20,983,310 2.19% -0.09
In the March 2014 survey we received responses from 919,533,715 sites — around half a million fewer than last month.
Apache has gained some breathing space this month. Nearly a year of strong market share growth by Microsoft eventually culminated in the gap between Apache and Microsoft being reduced to only 5.4 percentage points. After the gap dropped to its lowest point last month, Microsoft had looked set to usurp Apache as the most common web server within a matter of months. This month's survey saw Microsoft lose 15.8 million sites and Apache gain 3.2 million, however. Apache's market share increased to 38.6%, 7.5 percentage points ahead of Microsoft and bucking the recent trend.
Most of Microsoft's losses this month were seen at Nobis Technology Group, where more than 30 million link-farming sites stopped operating. Nobis is a private holding company, which owns the DarkStar voice communications network and Ubiquity Hosting Solutions, which has seven data centres across the United States.
nginx gained 5 million sites this month, increasing its market share to 15.6%. The latest mainline version of nginx (1.5.10) now supports SPDY 3.1, which extends the flow control features of SPDY 3.0 by allowing different sessions within a single connection to send data at different rates. It is no surprise that SPDY 3.1 is already supported in the Google Chrome web browser; SPDY was primarily developed by Google, and is one of their trademarks. SPDY 3.1 has also been supported in Mozilla Firefox since 4th February 2014.
Content delivery network CloudFlare — which uses its own web server software based on nginx — rolled out SPDY 3.1 support for all of its customers in February. Since last month, Netcraft's SSL Survey has identified a four-fold increase in the number of HTTPS websites supporting SPDY 3.1, most of which are hosted by CloudFlare. A smaller number of these SPDY 3.1 sites are hosted by the owner of the WordPress.com blogging platform, Automattic, which was one of the sponsors of the ngx_http_spdy_module.
Mozilla has been planning to remove SPDY 2 support from Firefox since September 2013, and this looks set to happen with the release of Firefox 28. Some developers asked for SPDY 2 support to be retained, arguing that dropping support for SPDY 2 would effectively drop SPDY support in many SPDY-enabled websites. However, nginx and CloudFlare now supporting SPDY 3.1 allays some of that concern.
LibreOffice — the free open source office suite bundled with Ubuntu Linux — moved its website from an Apache web server to nginx at the end of January, apparently for performance reasons. Incidentally, this further distances LibreOffice from the Apache Software Foundation - LibreOffice was forked from OpenOffice.org in 2010, before the latter was given to the ASF where development continued under the name of Apache OpenOffice.
More than 30 new generic top-level domains (gTLDs) were delegated to the Root Zone during February, making them officially part of the internet. There are now 471 top level domains in total. The new ones added in February included .flights, .wiki, .xyz, .fish and .移动 (xn--6frz82g – Chinese for "mobile").
Many of these new gTLDs were applied for by Donuts Inc, a US domain registry which was founded in 2011. The company's CEO and co-founder, Paul Stahura, previously founded domain name registrar eNom in 1997. Donuts raised more than $100,000,000 in its Series A financing round and applied to ICANN for more than 300 TLDs in 2012. As a registry, Donuts does not sell domain names directly to the public; instead, customers must purchase them from one of its accredited registrars.
Developer February 2014 Percent March 2014 Percent Change Apache 351,700,572 38.22% 354,956,660 38.60% 0.38 Microsoft 301,781,997 32.80% 286,014,566 31.10% -1.69 nginx 138,056,444 15.00% 143,095,181 15.56% 0.56 21,129,509 2.30% 20,960,422 2.28% -0.02
In the February 2014 survey we received responses from 920,102,079 sites — over 58 million more than last month.
Microsoft gained a staggering 48 million sites this month, increasing its total by 19% — most of this growth is attributable to new sites hosted by Nobis Technology Group. Along with Microsoft, nginx also made a large gain of 14 million sites, whereas Apache fell by 7 million. Unsurprisingly, these changes have had a dramatic effect on the overall market share of each web server vendor, with Microsoft's share growing by 3.38 percentage points to 32.8% (302 million sites) while Apache's has fallen by 3.41 to 38.2% (352 million sites).
Microsoft's market share is now only 5.4 percentage points lower than Apache's, which is the closest it has ever been. If recent trends continue, Microsoft could overtake Apache within the next few months, ending Apache's 17+ year reign as the most common web server. Apache is faring much better in both the active sites and top million sites datasets, however, where it is still dominating with just over half of the market share in both metrics.
Nearly 2% of the top million websites are now being served by CloudFlare's customised version of nginx (cloudflare-nginx), which it uses to serve web content via its globally distributed CDN edge nodes. This month's survey saw more than a thousand of the top million sites migrate to cloudflare-nginx from other web server software, including pizzahut.co.uk, pet-supermarket.co.uk, the image server used by the popular Cheezburger network of blogs, and the official PRINCE2 website which switched from Microsoft IIS 6.0 running on Windows Server 2003.
Overall, nginx powers 17.5% of the top million sites, including popular overclocking forum www.overclock.net, despite its server headers declaring that it is now using Microsoft IIS 4.1. Responses from the server also include an X-Powered-By header which claims the application is running on Visual Basic 2.0 on Rails (Visual Basic 2.0 is a long-deprecated language which was released more than 20 years ago, while Microsoft IIS 4.1 never actually existed). The server claimed to be running nginx during Netcraft's previous survey, and indeed, it exhibits characteristics which suggest it is still using nginx.
The number of sites using the .pw country-code top-level domain (ccTLD) grew by more than half this month, reaching 10M sites in total. This ccTLD is assigned to Palau, but the .pw registry has branded the domain as the Professional Web and allows domains to be registered by the general public, regardless of which country they are in. 97% of this month's new .pw sites are hosted in the US (87% at Nobis Technology Group alone), and 2.7 million of them are running on Windows.
The busiest .pw domain is the single-letter u.pw, which is used by viral social media site Upworthy. Other than that, the ccTLD remains relatively obscure, with less than 0.02% of the top million sites using .pw domains, while other single-letter domains have been sold for the modest sums of $8,000 each. Only two single-letter .pw domains actually appear within the top million sites, and there are no two-letter domains at all. Last year, Symantec noted an increase in spam messages containing URLs with .pw TLDs, and .pw later became the first TLD to adopt the Uniform Rapid Suspension (URS) rights protection mechanism.
Version 1.0 of the URS Technical Requirements were published by ICANN in October 2013, and are intended to make it faster and cheaper for trademark holders to seek resolution when there are obvious cases of infringement. URS is intended to complement rather than replace the existing Uniform Domain-Name Dispute-Resolution Policy (UDRP).
Developer January 2014 Percent February 2014 Percent Change Apache 358,669,012 41.64% 351,700,572 38.22% -3.41 Microsoft 253,438,493 29.42% 301,781,997 32.80% 3.38 nginx 124,052,996 14.40% 138,056,444 15.00% 0.60 21,280,639 2.47% 21,129,509 2.30% -0.17
In the January 2014 survey we received responses from 861,379,152 sites, an increase of 355,935 since last month.
2013 has been a year of significant change: the web has grown by more than one third, the importance of SSL has been highlighted by a series of spying revelations, Microsoft now power just below 30% of all web sites, and Apache has lost almost 14 percentage points of market share. Additionally, nginx, the relative newcomer, saw its market share peak at 16%, just shy of Microsoft’s position at the beginning of last year.
The total number of web sites discovered has increased dramatically this year — from 630 million web sites in January 2013 to 861 million in January 2014 (+37%) — though the growth does not compare to the doubling in size during 2011.
With the revelations from the NSA documents leaked by Edward Snowden providing months of mainstream publicity, 2013 has been a bumper year for the SSL industry. Websites are increasingly being served over HTTPS: 48% more sites within the million busiest are using SSL than in January 2013. In total, there are over half a million more SSL certificates (+22%) in use on the web since January 2013. The estimated total revenue of the industry has increased even more rapidly, by 28% from September 2012 to September 2013, reflecting the increased uptake of more expensive certificates including Extended Validation, multi-domain, and wildcard certificates.
Apache remains the most commonly used web server on the internet, 10 million more web sites are using it than this time last year; however, this growth has not been sufficient to maintain its share of a market which grew by more than 200 million web sites. As a result, Apache’s market share has fallen by 14 percentage points since January and now stands at 42%.
In stark contrast to Apache, Microsoft had a strong year — almost 150 million more web sites use a Microsoft web server than in January 2013. Microsoft’s share is close to 30% of the entire market and a combination of its strong growth and the corresponding lack of growth of sites using Apache has resulted in Apache’s lead shrinking by more than 26 percentage points to just 12. Microsoft's own cloud platform, Azure, has grown steadily throughout 2013 — there are 39% more web-facing computers hosted by Microsoft in January 2014 than the same time last year — and despite offering alternatives, Microsoft's IIS is by far the most common web server on Azure.
Open-source web server nginx has continued to gain acceptance, especially amongst the busiest web sites. Nginx is now used on 14% of all web sites found, up 2 percentage points since January 2013, but has fallen slightly from the peak of 16% it achieved in October. In May 2013, nginx overtook Microsoft to become the second most common web server within the top million busiest sites and now powers almost 16% of them.
Developer December 2013 Percent January 2014 Percent Change Apache 355,244,900 41.26% 358,669,012 41.64% 0.38 Microsoft 241,777,723 28.08% 253,438,493 29.42% 1.34 nginx 126,485,204 14.69% 124,052,996 14.40% -0.29 38,263,525 4.44% 21,280,639 2.47% -1.97
In the December 2013 survey we received responses from 861,023,217 sites, an increase of 75.7M since last month.
For the third consecutive month Microsoft experienced the largest growth in web server market share; an additional 51M sites boosted its market share by almost 4 percentage points. Apache had the biggest loss in market share, despite seeing an increase of 7M sites. Nginx’s growth this month has led to them regaining some of the market share lost last month, and results in a net gain of 3M sites over the last two months (a loss of 13M in November, followed by a gain this month of 16M).
Considering only active sites, Microsoft’s growth was significantly lower (compared to its gain of 51M sites) with an increase of 478k active sites. Apache saw the largest increase of 622k active sites, and increased its market share by 2 percentage points to 54%. Google meanwhile saw a large loss of 8.6M active sites within its App Engine service.
Microsoft's web server market share could see further gains from its own Windows Azure cloud service — Microsoft has made Azure more cost-effective with price reductions and a new enterprise plan. Microsoft also has plans to expand Azure into Brazil in 2014. Unsurprisingly Microsoft IIS is the most common Web Server seen on Azure, used by 87% of sites. Amazon followed Microsoft's price cuts by introducing price reductions on EC2 M3 Instances. At Amazon, 36% of sites are running on nginx, followed by Apache with 27% and Microsoft IIS with 14%.
ICANN has begun delegating new generic Top-Level Domains (gTLDs) from its new gTLD expansion program, adding them into the Internet's Root Zone. The first four gTLDs (شبكة, онлайн, сайт, 游戏) were delegated on October 23rd and a further 30 new gTLDs have been delegated throughout November. ICANN has a mandatory 30-day sunrise period following delegation where registries "complete a final process built into the new gTLD Program to protect trademark rights holders"; after this has passed the new gTLD can be made available to the general public at the registry's discretion. The شبكة dotShabaka registry was first to start its sunrise period on 31 October, this is to be followed by an (optional) Landrush Period before general availability commences on February 4th. So far the only sites found by Netcraft have been for the NICs (Network Information Center) themselves, such as: nic.游戏, nic.сайт, nic.онлайн, nic.شبكة.
The first gTLDs signed agreements back in July and more are being agreed each month. Recent notable gTLDs that have been agreed include the cities .london, .berlin, .budapest, .wein (Vienna) and .tokyo.
Developer November 2013 Percent December 2013 Percent Change Apache 348,159,702 44.33% 355,244,900 41.26% -3.08 Microsoft 190,451,702 24.25% 241,777,723 28.08% 3.83 nginx 109,968,564 14.00% 126,485,204 14.69% 0.69 37,748,743 4.81% 38,263,525 4.44% -0.36
In the November 2013 survey we received responses from 785,293,473 sites, reflecting net growth of more than 18 million sites since last month.
Microsoft experienced the largest gains this month, with an additional 13.2 million sites taking its market share up by 1.15 percentage points. In contrast to recent trends, nginx's market share fell by more than 2 percentage points to 14.0% after it lost 13.1 million sites. Despite the absolute gain at Microsoft being almost the same as the number of lost nginx sites, this is merely a coincidence — only 1.2 million nginx sites actually switched to using IIS this month (0.8 million of which opted for IIS 6.0), whereas 1.4 million switched to Apache. 23 million nginx sites that were present in last month's survey have since expired, including a large number of .ru domains previously hosted by Hetzner Online.
nginx enjoyed better fortunes amongst the million busiest sites, where it extended its market share by 0.22 percentage points to 15.31%, placing it 2.46 points ahead of Microsoft. File sharing site rapidshare.com has recently started displaying an nginx Server header; previously the site did not reveal which server software it was running, and New Zealand Post has switched from Apache to nginx.
Google's market share went up to 4.81% this month (+0.36) after gaining 3.6 million sites, and could be set to grow even further now that the Google App Engine PHP runtime is widely available. In January, 244 million sites were using PHP (mostly on Apache), highlighting the strong demand. Once a PHP application has been deployed on App Engine, it can make direct use of Google Cloud Storage through existing PHP filesystem functions such as
Google is specifically targeting WordPress users to migrate to App Engine — Google have produced an App Engine plugin for WordPress to allow it to interact with App Engine-specific services such as mail and storage. Google cites motherboard.vice.com as one of the early adopters of the App Engine PHP runtime, having moved from nginx running on Amazon EC2. Vice's in-house content management system is powered by the Yii PHP framework, and was moved fully over to App Engine during a limited preview period.
Developer October 2013 Percent November 2013 Percent Change Apache 344,408,387 44.89% 348,159,702 44.33% -0.55 Microsoft 177,216,296 23.10% 190,451,702 24.25% 1.15 nginx 123,114,800 16.05% 109,968,564 14.00% -2.04 34,127,482 4.45% 37,748,743 4.81% 0.36