In the June 2022 survey we received responses from 1,146,976,964 sites across 273,010,403 unique domains and 12,224,786 web-facing computers. This reflects a loss of 8.75 million sites and 583,000 domains, but a gain of 155,000 computers.
Cloudflare experienced strong growth this month, gaining 2.99 million sites and 85,000 domains, representing a 4.64% growth in its number of sites. Cloudflare experienced a significant outage on 21 June, impacting around half of the total requests made to its network. The outage lasted around an hour and a half and affected a significant number of popular sites. 20.2% of the million most visited sites rely on Cloudflare (up 1,400 sites since last month).
The three largest vendors by the million most visited sites metric—Apache, nginx, and Cloudflare—all have similar market share, though only Cloudflare gained market share this month. Apache saw the largest loss, dropping 2,190 sites (-0.96%), while nginx lost 280 sites (-0.13%).
LiteSpeed gained a significant number of sites with an addition of 2.96 million (+5.89%), and gained 171,000 (+2.21%) domains - the second largest increase this month. The number of web-facing computers using LiteSpeed also showed strong growth, increasing by 4,460 (+3.44%) to a total of 134,000.
nginx and Apache remain the two largest server vendors, though both saw similar losses of 6.52 million (-1.84%) and 6.18 million (-2.33%) sites this month. Despite this, nginx gained 795,000 (+1.06%) domains and saw continued growth in the number of web-facing computers with 158,000 (+3.44%) computers. Conversely, Apache lost 1.07 million domains (-1.71%) and 25,700 (-0.74%) web-facing computers.
- Apache httpd 2.4.54 was released on 8 June 2022. This release resolves multiple security issues, including several that affect mod_lua.
- nginx 1.23.0 was released on 21 June 2022. This is the first release in the 1.23.x mainline branch which will include newly developed features and bug fixes. By comparison, the 1.22.x stable branch released last month will only receive major bug fixes from the 1.23 mainline release. The update includes several changes that affect headers in addition to several bug fixes.
- Lighttpd 1.4.65 was released on 7 June 2022, bringing with it an implementation of WebSockets over HTTP/2. The release also includes an announcement of future scheduled behaviour changes that include using strong, modern TLS cipher suites by default.
- Apple announced support for Private Access Tokens in upcoming releases of iOS and macOS. This is part of the Privacy Pass standard, a collaboration between Apple, Google, and Cloudflare that can replace CAPTCHAs across the web by providing a secure way for the device to attest that it is an authentic device.
- Google Cloud recently added five new regional data centers, taking the total number of available GCP regions to 34. The new regions added were in Columbus, OH, Madrid, Dallas, TX, Milan, and Paris.
|Developer||May 2022||Percent||June 2022||Percent||Change|
|3||New York Internet (NYI)||FreeBSD||0:00:00||0.000||0.541||0.076||0.150||0.151|
|4||Hyve Managed Hosting||Linux||0:00:00||0.000||0.126||0.090||0.179||0.179|
Rackspace had the most reliable hosting company site in May 2022, climbing up ten places on the leaderboard this month. Rackspace provides a variety of cloud, data, and security services, with data centres across the globe including in cities such as London, Sydney, Chicago, and Shanghai.
Krystal came in second, whilst New York Internet (NYI) secured third place, resulting in both companies moving up one spot compared to April 2022. UK-based Krystal offers a range of hosting solutions including dedicated servers, managed and application hosting, and Cloud VPS. NYI provides hybrid IT solutions ranging from cloud solutions to colocation services.
In May, eight out of the top ten hosting company sites were using Linux, with NYI using FreeBSD and Aruba using an unidentified OS. Additionally, the top five hosting company sites, which included Hyve Managed Hosting and ServerStack, responded to all requests made by Netcraft.
In the May 2022 survey we received responses from 1,155,729,496 sites across 273,593,762 unique domains and 12,069,814 web-facing computers. This reflects a loss of 5.23 million sites but a gain of 1.63 million domains and 95,200 computers.
nginx gained the largest number of domains (+1.24 million) and also a hefty amount of web-facing computers (+21,500), further securing its lead in both metrics. The total number of domains powered by nginx is now 75.0 million (+1.68%) and its market share has increased to 27.4% (+0.29). In terms of web-facing computers, nginx now has a total of 4.60 million; and although its leading market share fell slightly to 38.1%, Apache’s fell slightly further, extending the gap between the two to 9.54 percentage points.
nginx also continues to lead with a 30.7% share of all sites, despite losing the largest amount this month (-6.57 million). Apache follows with a share of 23.0%, but also lost a large number of sites (-2.32 million). The largest gain in this metric was seen by Google, which added 2.96 million sites to its total and increased its market share to 4.14%. LiteSpeed made the second largest gain of 1.26 million sites, and stays slightly ahead of Google with a share of 4.35%.
Google and LiteSpeed also made the only significant gains in the active sites metric, with Google gaining 977,000 and LiteSpeed gaining 151,000. Google has a greater lead in this metric, with a market share of 9.49% versus LiteSpeed’s 4.60%.
Cloudflare is continuing to edge its way up towards the leaders in the top million websites. This month it gained an additional 1,822 sites and now accounts for more than 20% of the top million sites for the first time. Meanwhile, both Apache and nginx lost more than a thousand sites each in the top million, making it look ever more likely that Cloudflare could gain places by the end of the year. Apache, nginx and Cloudflare currently have top-million site shares of 22.8%, 21.7% and 20.0% respectively.
One surprise this month was that the largest computer growth was seen not by nginx, but by the awselb (Amazon Web Services Elastic Load Balancing) web server, which gained 26,200 computers to reach a total of 378,000. These computers are likely to form only a small fraction of the AWS infrastructure used by the 1.86 million sites that are served from these computers, as AWS ELB achieves fault tolerance and scalability by automatically distributing incoming application traffic across multiple targets, and can also spread traffic across multiple AWS Availability Zones.
- nginx 1.22.0 was released on 24 May 2022. This is the first release in the 1.22.x stable branch and incorporates new features and bug fixes from the 1.21.x mainline branch. Some of the notable new features include support for OpenSSL 3.0 and the PCRE2 library, as well as some security improvements such as hardening against potential request smuggling and cross-protocol attacks.
- Apache Tomcat 9.0.63, 10.0.21 and 10.1.0-M15 (alpha) were released on 16 May 2022. Tomcat 8.5.79 was later released on 23 May. Amongst other changes, all of these versions include a new error message that is shown when the Linux kernel duplicate accept bug is detected. This change follows the identification of the root cause of the bug along with the kernel version that includes the fix.
- OpenResty 184.108.40.206 was released on 18 May 2022. This web platform now uses nginx 1.21.4 mainline as its core and incorporates many other new features, including support for BoringSSL.
- On 3 May 2022, Microsoft announced the general availability of its next-generation WAF (web application firewall) engine on Azure Application Gateway. This makes use of Open Web Application Security Project (OWASP) Core Rule Set 3.2 (CRS 3.2), which is intended to provide increased coverage for web vulnerabilities, reduce false positives, and protect against specific vulnerabilities like Log4J and SpringShell.
- Microsoft has also expanded its Azure Migration and Modernization Program (AMMP) to encourage more customers to move their web applications to Azure. Azure also offers free Extended Security Updates for SQL Server 2012 and Windows Server 2012, giving more time to modernize older applications for three additional years beyond the 10 years granted by Microsoft Support.
- Cloudflare made several new features available during the month of May, including:
- The ability for everyone to proxy DNS wildcard records. This feature was previously only available to enterprise customers.
- Cloudflare Pages now support direct uploads.
- The Cloudflare R2 object storage solution has entered open beta.
- Cloudflare D1 – an SQL database based on SQLite – was also announced. A demo site that runs on Cloudflare Workers can be seen at https://northwind.d1sql.com/.
- Cache Reserve provides a new way to persistently serve all static content from Cloudflare’s global cache.
- Workers Analytics Engine provides a new way to get telemetry about anything that uses Cloudflare Workers.
- Cloudflare has open sourced a Cloudflare Relay Worker that takes a generic webhook response and delivers it to Rocket Chat.
- Cloudflare’s Ethereum and IPFS gateways are now publicly available to all Cloudflare customers.
- Workers for Platforms, Pages Plugins, and Custom Domains for Workers were also announced.
|Developer||April 2022||Percent||May 2022||Percent||Change|
|2||CWCS Managed Hosting||Linux||0:00:00||0.000||0.338||0.063||0.128||0.128|
|4||New York Internet (NYI)||FreeBSD||0:00:00||0.000||0.565||0.076||0.151||0.152|
|8||Hyve Managed Hosting||Linux||0:00:00||0.009||0.141||0.076||0.153||0.153|
Aruba had the most reliable hosting company site in April, its fifth month in a row at the top. The top seven hosting company sites each responded to all of Netcraft’s requests in April and were separated by average connection time. Aruba had the fastest average connection time of 7ms. Aruba provides hosting, cloud and digital signature services, fibre optic internet, digital preservation, and much more, with data centres across Europe in the UK, Germany, Czechia, Poland, Italy and France.
The podium places were completed by CWCS Managed Hosting in second and Krystal Hosting in third place. CWCS offers dedicated servers, cloud and VPS hosting, colocation services, domain names and email services from their seven data centres across the UK, USA and Canada. Krystal is based in the UK and offers a variety of cloud hosting solutions, including VPS and managed hosting, dedicated servers and domain names from four data centres across London and the US, with in-house support. Both CWCS and Krystal are powered by 100% renewable energy.
In April, seven of the top 10 hosting company sites were identified to be using Linux. FreeBSD made an appearance in fourth place with New York Internet (NYI). Aruba and Swishmail had unidentified operating systems.
In the April 2022 survey we received responses from 1,160,964,134 sites across 271,960,629 unique domains and 11,974,636 web-facing computers. This reflects a loss of 8.66 million sites and 217,000 domains, but a gain of 97,400 computers.
Amongst the top ten vendors, nginx gained the largest number of domains and computers this month, maintaining its lead in both of these metrics. Its net growth of 537,000 domains has taken its total up to 73.8 million domains and increased its market share in this metric to 27.1%. Coupled with a net loss of 573,000 domains powered by Apache, this has culminated in nginx’s market share lead over Apache being extended from 3.63 percentage points to 4.04.
The number of web-facing computers running nginx grew by 80,200 (+1.78%), pushing its market share up to 38.3% while Apache’s fell to 29.0%. nginx also continues to have the largest market share of sites (31.1%), despite losing more than half a million this month.
Within the top million websites, Cloudflare made the largest gain of 3,350 sites as it continues to edge its way up towards the leaders. Apache is currently still in the lead with 229,000 sites in the top million, but lost 1,700 this month; and nginx is in second place with 218,000 sites after losing 2,250. Cloudflare now has 199,000 sites and looks set to overtake both nginx and Apache by the end of the year if it maintains this pace of growth. Amongst all websites, Cloudflare lost 38,400 sites but gained 115,000 domains.
OpenResty was the major vendor that gained most sites this month, increasing its total by 1.47 million to 93.0 million (+1.61%), and it also gained 6,890 web-facing computers.
While most of the top vendors lost active sites this month, Pepyaka made a significant gain of 1.22 million active sites (+27.6%). This server is predominantly used by the Wix web development platform, which switched from using nginx in 2018. It is currently the 8th most commonly used web server by active sites, and 11th by sites. Similarities in the version numbering since 2018 suggest Pepyaka is likely based on mainline releases of nginx.
Further down the field, GHS gained 1.08 million (+36.7%) sites and 554,000 (+35.5%) domains. GHS (Google Host Server) is one of Google’s proprietary web servers, which can be used by sites registered through Google Domains. It is also still used to redirect traffic from googlepages.com sites that were created with Google Page Creator. When this website creation service shut down in 2009, existing pages were migrated to Google Sites, which hosts user content in subdirectories under the sites.google.com hostname.
- Apache Tomcat 8.5.78, 9.0.62, 10.0.20 and 10.1.0-M14 (alpha) were released on 1 April 2022. Amongst other changes, all of these releases include a mitigation for a Spring Framework vulnerability (CVE-2022-22965) that could make some Tomcat servers vulnerable to remote code execution attacks.
- Tomcat Native 1.2.32 was released on 22 March 2022. This is an optional component for use with Apache Tomcat that can provide better performance and compatibility by allowing Tomcat to use certain native resources.
- OpenResty 220.127.116.11 RC3 was released on 18 April 20202. This includes some bugfixes and uses a newer version of the LuaJIT 2 compiler.
- Microsoft Azure now offers a bring your own IP address (BYOIP) feature with Custom IP Prefix that lets customers bring their own public IPv4 address ranges to Azure in all public regions. These ranges can then be associated with Azure resources, interact with private addresses and VNETs within Azure’s networks, and reach external destinations via Microsoft’s Wide Area Network.
- Cloudflare’s Magic Transit DDoS mitigation solution now offers a new mode (On Demand + Flow-based Monitoring) that integrates Kentik Protect to automatically detect attacks.
- Finally, have you noticed fewer CAPTCHAs on the web? Cloudflare has reduced the number of CAPTCHAs it serves by 91% over the past year, and now plans to stop using them altogether.
|Developer||March 2022||Percent||April 2022||Percent||Change|
|3||Hyve Managed Hosting||Linux||0:00:00||0.000||0.140||0.069||0.138||0.138|
|8||New York Internet (NYI)||FreeBSD||0:00:00||0.008||0.575||0.085||0.170||0.170|
The most reliable hosting company site in March 2022 was Aruba, which has now topped the table for four months in a row. Aruba provides hosting, cloud and digital signature services, fibre optic internet, digital preservation, and more. The company has data centres across Europe, in the UK, Germany, Czechia, Poland, Italy and France.
Rackspace appeared in second place once more, also appearing in this position for the fourth consecutive month. Rackspace provides a wide variety of cloud services from its global network of over 50 locations across five continents. Hyve Managed Hosting came in third place and has also appeared in the top 10 every month so far in 2022. Hyve offers cloud hosting, dedicated servers and managed services from data centres in 34 locations around the world.
Whilst Linux continued to dominate the top 10, being used by eight of the top 10, FreeBSD made an appearance in eighth place with New York Internet (NYI). Flexential was the remaining site in the top 10 that used Linux, appearing in ninth place. Swishmail used an unidentified OS.