In the November 2022 survey we received responses from 1,135,089,912 sites across 271,689,143 domains and 12,306,625 web-facing computers. This reflects a gain of 4.7 million sites, a loss of 194,480 domains, and a gain of 6,685 web-facing computers.

The biggest growth this month comes from Cloudflare, with it gaining 8.3 million sites (+8.91%) and 490,000 domains (+1.94%). Cloudflare now accounts for 8.93% of all sites seen by Netcraft, up by 0.70pp since October.

nginx saw significant losses in its number of sites and domains this month. It lost 8.5 million sites (-2.75%) and 490,000 domains (-0.66%). However, nginx still holds its strong lead as the most widely used web server software, with a market share of 26.51% sites. Apache has the second largest number of sites, with a market share of 21.40%.

LiteSpeed continues its strong growth — this month it gained 720,000 sites (+1.28%) and 110,000 domains (+1.32%). This brings its market share of sites from 4.97% to 5.01% (+0.04pp).

Following its web-wide trend, Cloudflare has also seen growth in the top million sites. Since October, it gained 1,733 of the top million sites, with its market share increasing from 20.83% to 21.00% (+0.17pp). Meanwhile, both Apache and nginx have lost market share in the top million sites, with Apache down from 21.72% to 21.66% (-0.06pp) and nginx down from 21.36% to 21.21% (-0.15pp).

Vendor news

• nginx 1.23.2 was released on 19th October 2022. This version fixes memory corruption and disclosure vulnerabilities in ngx_http_mp4_module.
• njs 0.7.8, the scripting language used to extend nginx, was released on 25th October 2022, adding many language features and bug fixes.
• Apache Tomcat versions 8.5.83, 9.0.68, 10.0.27, and 10.1.1 were released on 3rd October 2022. Most of the changes are bugfixes.
• Cloudflare announced early access for Privacy Gateway, a proxy allowing HTTP traffic to be securely encapsulated. It is based on the Oblivious HTTP IETF draft.
• AWS announced two new Local Zones: Hamburg, Germany and Warsaw, Poland. These are the first locations in Europe, and add to the now 20 generally available Local Zones.

Continue reading

In the October 2022 survey we received responses from 1,130,378,382 sites across 271,883,623 unique domains, and 12,299,940 web-facing computers. This reflects a gain of 1.13 million sites, 258,363 unique domains, and 47,769 web-facing computers.

Cloudflare saw strong growth, with an increase of 9.44 million (+11.3%) sites resulting in an increase of 0.83pp in market share. It also gained a moderate 0.20 million unique domains (+0.79%), an increase of 0.06pp in market share.

Both nginx and Apache experienced decreases across all metrics. nginx lost 10.07 million (-3.15%) sites, a loss of 0.92pp in market share, 1,201 web-facing computers (-0.16pp market share), and 20,677 unique domains (-0.03pp market share). Apache lost 1.17 million sites (-0.13pp market share), 973 web-facing computers (-0.12pp market share), and 306,055 unique domains (-0.13pp market share).

Within the top million busiest sites, Apache remains the most used web server, but its market share continues its long-term downward trend, decreasing by 0.21pp. nginx also lost 0.12pp, but closes its gap to Apache to 3,622 sites. Cloudflare’s growth continues, with a gain of 0.07pp, bringing its market share to 20.83%. This reduces Apache’s lead to less than 1pp, and Cloudflare is set to overtake both Apache and nginx in the next few months if the trends continue.

OpenResty had the largest increase in web-facing computers, gaining 13,972 (+7.69%). However, it was overtaken by Cloudflare in overall number of sites after a decrease of 1.06 million (-1.14%) sites. It also saw a decrease of 0.26 million (-0.65%) unique domains, losing 0.11pp in market share.

Vendor news

• LiteSpeed Web Server 6.1 RC2 was released on 7th October 2022. This is the latest version in the LSWS 6.1 stream and includes support for the PROXY protocol.
• At Google Cloud Next ’22, Google anounced five new Google Cloud regions in Austria, Greece, Norway, South Africa, and Sweden. It also announced that the new C3 machine series is now available in private preview.
• Cloudflare enabled support for post-quantum hybrid key agreements on all websites and APIs served through it in protocols based on TLS 1.3. These agreements are a hybrid of the classical X25519 and the new post-quantum Kyber512 and Kyber768.
• Microsoft announces Azure Firewall Basic is now available in public preview, providing a more cost-effective network firewall protection aimed at small and medium businesses.
• AWS announced the launch of two new Local Zones in Taipei and Delhi, adding to its existing 16 Local Zones.

Continue reading

In the September 2022 survey we received responses from 1,129,251,133 sites across 271,625,260 unique domains, and 12,252,171 web-facing computers. This month all three metrics have decreased since August, with a loss of 5.82 million sites, 115,512 unique domains and 113,356 web-facing computers.

nginx had the largest increase in web-facing computers, gaining 28,887 (+0.56%) this month. OpenResty had the second largest increase, gaining 6,008 (+3.54%) web-facing computers, along with a gain of 339,813 (+0.86%) domains and 149,893 (+2.35%) active sites. Google showed strong growth in all metrics, with an increase of 5,127 web-facing computers, 211,135 (+8.83%) domains, and 895,225 (+4.71%) active sites.

Within the top million busiest sites, Apache lost 0.21pp of its market share. Despite this, it continues to be the most commonly used web server in the top million. nginx also continued its long-term downward trend, but lost only 0.14pp, further closing the gap between Apache and nginx. The gap now stands at 4,499 sites, a decrease of 13.8% since last month. Meanwhile, Cloudflare’s growth continues, with its market share in the top million increasing by 0.25pp.

Apache also experienced a loss in overall market share, losing 414,684 (-0.94%) active sites and 18,156 computers (-0.49%). The only other developers to lose active sites were Microsoft and nginx, with losses of 58,443 (-1.01%) and (-0.10%) respectively.

LiteSpeed’s market share continues to increase at a steady rate, with it gaining 92,704 (+1.14%) domains and 70,146 (+0.73%) active sites this month.

Vendor news

• njs 0.7.7, the scripting language used to extend nginx, was released on 30 August 2022, with new features and bug fixes.
• Lighttpd 1.4.67 was released, with a variety of bug fixes.
• Amazon AWS opened a new region in the United Arab Emirates. This is the second AWS region in the Middle East, joining the existing region in Bahrain.
• Cloudflare published an article about the development of its purpose built HTTP Proxy, Pingora.

Continue reading

In the August 2022 survey we received responses from 1,135,075,578 sites across 271,740,771 unique domains and 12,365,527 web-facing computers. This reflects a loss of 4.4 million sites, but a gain of 12,212 domains and 24,355 computers.

OpenResty saw the most significant change in web-facing computers, with a gain of 10,138 (6.1%). Furthermore, 2.8 million (3.1%) extra sites were seen since July, with a small loss of 466,322 domains (1.2%). This continues the trend of OpenResty’s fast growth in web-facing computers (46% since August 2021) while the number of domains and sites has not grown in tandem, remaining roughly static over the period.

nginx continues to be the most commonly used web server and saw modest gains of 25,053 domains (0.03%) and 13,481 computers (0.3%). However, we experienced a significant reduction in the number of nginx-hosted sites responding to our requests this month, with a loss of over 15 million. This represents around 4% of sites hosted using nginx in July.

Continuing the trend of strong growth over the past two months, Cloudflare gained an additional 4.4 million sites (6%) and 1.1 million domains (4.7%). This gives Cloudflare a total market share of 6.8% of sites and 9% of domains, an increase of 0.4pp on both metrics since July. Cloudflare also had the strongest growth amongst the top million busiest sites, gaining 0.25pp, thereby holding a 20.51% market share.

Apache’s position as the most commonly used web server for the top million busiest sites continues to erode, with a loss of 0.19pp this month. nginx continues to gain market share, up 0.07pp. If this trend continues, nginx will overtake Apache in the short term, and in the long term, Cloudflare will overtake both of its rivals.

Vendor news

• nginx reaffirmed its commitment to the open source community in this year’s roadmap, with a greater focus on modernising its community management approach and optimising end developer experiences.
• Lighttpd 1.4.66 was released on 7 August 2022, featuring a range of bug fixes.
• Apache Tomcat 8.5.82 was released on 13 August 2022. The majority of changes were minor, however, the release includes a mitigation for an XSS vulnerability in example code distributed with Tomcat (CVE-2022-34305).
• Cloudflare announced the availability of Weighted Pools for its Load Balancer product, which allows for assigning weights to origin servers to distribute requests non-uniformly.
• LiteSpeed Web Server 6.1 RC1 Dev was released on 17 August 2022. This is the latest version in the LSWS 6.1 stream and includes support for triggering reCAPTCHA in its mod_security engine, and several bugfixes.

Continue reading

In the July 2022 survey we received responses from 1,139,467,659 sites across 271,728,559 unique domains and 12,341,172 web-facing computers. This reflects a loss of 7.5 million sites and 1.3 million domains, but a gain of 116,386 computers.

Cloudflare continues its trend of strong growth across the sites and domains metrics this month, increasing by 5.8 million (8.6%) and 259,000 (1.24%), around double that of last month. This gives Cloudflare a total market share of 6.4% share of sites and 8.6% domains, increases of 0.5pp and 0.1pp compared to June.

Whilst still being the most popular vendor across the sites, domains and web-facing computers metric, nginx takes a loss of 4.99 million sites (1.43%), 775,000 domains (1.02%) and 3,400 computers (0.1%) this month. Apache also saw losses, dropping by 1.28 million sites (0.49%) and 379,000 domains (0.61%), however experienced the largest gain in web-facing computers of almost 22,000 (0.6%).

Apache continues to hold on to the top spot in the market share of the top million busiest sites with 22.33%, with nginx in close second at 21.55%. Both however have seen decreases in market share of 0.22pp and 0.1pp respectively, with Cloudflare increasing by 0.08pp to 20.26%. If this trend continues, we should expect to see Cloudflare overtake its rivals within the next year.

OpenResty saw its most significant change over the last 4 months with a decrease of 2.9 million sites (3.21%) and 354,000 domains (0.87%). Conversely, it experienced a significant gain of 17,700 web-facing computers (12.0%).

Lightspeed saw strong growth this month with an increase of 745,000 sites (1.4%), 88,000 domains (1.1%) and 4,500 computers (3.3%).

Vendor News

• nginx 1.23.1 was released on 19 Jul 2022 containing bug fixes, and most notably a memory usage optimization for setups using SSL proxying.
• njs 0.7.6, the scripting language used to extend nginx was also released on 19 Jul 2022, adding various language features and bug fixes.
• Google introduces a preview release of batch on 13 July 2022, a managed service for scheduling batch jobs at scale on the Google Cloud Platform. Batch can manage a job queue, provision and autoscale resources, run jobs, execute subtasks, and deal with common errors automatically.
• Oracle announce the general availability of their Oracle Database Service on Microsoft Azure.
• Cloudflare announces Location-Aware DDoS Protection for Cloudflare Enterprise customers that are subscribed to the Advanced DDoS service. The technology records the typical locations of traffic to a website and uses this as a metric to detect DDoS attacks coming from more unusual and wider spread locations.
• Microsoft warns that attackers are increasingly leveraging Internet Information Services (IIS) extensions as covert backdoors into servers this month, encouraging organisations to follow security practises to help defend their servers.

Continue reading

In the June 2022 survey we received responses from 1,146,976,964 sites across 273,010,403 unique domains and 12,224,786 web-facing computers. This reflects a loss of 8.75 million sites and 583,000 domains, but a gain of 155,000 computers.

Cloudflare experienced strong growth this month, gaining 2.99 million sites and 85,000 domains, representing a 4.64% growth in its number of sites. Cloudflare experienced a significant outage on 21 June, impacting around half of the total requests made to its network. The outage lasted around an hour and a half and affected a significant number of popular sites. 20.2% of the million most visited sites rely on Cloudflare (up 1,400 sites since last month).

The three largest vendors by the million most visited sites metric—Apache, nginx, and Cloudflare—all have similar market share, though only Cloudflare gained market share this month. Apache saw the largest loss, dropping 2,190 sites (-0.96%), while nginx lost 280 sites (-0.13%).

LiteSpeed gained a significant number of sites with an addition of 2.96 million (+5.89%), and gained 171,000 (+2.21%) domains - the second largest increase this month. The number of web-facing computers using LiteSpeed also showed strong growth, increasing by 4,460 (+3.44%) to a total of 134,000.

nginx and Apache remain the two largest server vendors, though both saw similar losses of 6.52 million (-1.84%) and 6.18 million (-2.33%) sites this month. Despite this, nginx gained 795,000 (+1.06%) domains and saw continued growth in the number of web-facing computers with 158,000 (+3.44%) computers. Conversely, Apache lost 1.07 million domains (-1.71%) and 25,700 (-0.74%) web-facing computers.

Vendor news

• Apache httpd 2.4.54 was released on 8 June 2022. This release resolves multiple security issues, including several that affect mod_lua.
• nginx 1.23.0 was released on 21 June 2022. This is the first release in the 1.23.x mainline branch which will include newly developed features and bug fixes. By comparison, the 1.22.x stable branch released last month will only receive major bug fixes from the 1.23 mainline release. The update includes several changes that affect headers in addition to several bug fixes.
• njs 0.7.5 was also released on 21 June alongside nginx 1.23.0. njs is nginx’s JavaScript-based scripting language, and this update includes several small changes affecting headers in addition to bug fixes.
• Lighttpd 1.4.65 was released on 7 June 2022, bringing with it an implementation of WebSockets over HTTP/2. The release also includes an announcement of future scheduled behaviour changes that include using strong, modern TLS cipher suites by default.
• Apple announced support for Private Access Tokens in upcoming releases of iOS and macOS. This is part of the Privacy Pass standard, a collaboration between Apple, Google, and Cloudflare that can replace CAPTCHAs across the web by providing a secure way for the device to attest that it is an authentic device.
• Google Cloud recently added five new regional data centers, taking the total number of available GCP regions to 34. The new regions added were in Columbus, OH, Madrid, Dallas, TX, Milan, and Paris.

Continue reading