January 2017 Web Server Survey

In the January 2017 survey we received responses from 1,800,047,111 sites and 6,328,006 computers, reflecting a gain of 61 million sites and 159,000 computers.

Microsoft gained the largest number of sites this month – 38 million – although it was closely followed by Apache, which gained 32 million. Nearly 822 million sites (45.7%) are now powered by Microsoft webserver software.

Meanwhile, nginx gained 17 million sites, and has also continued to show strong and steady computer growth. This month's gain of 60,000 web-facing nginx computers was the largest seen by any vendor, outweighing Microsoft's and Apache's gains of 40,000 and 20,000. If last year's trends continue in 2017, it seems plausible to expect that nginx could overtake Microsoft to become the second largest vendor (by computers) in the second half of 2017.

Microsoft's latest version of Internet Information Services – IIS 10.0, which uses Windows Server 2016 as its primary platform – was found powering 45,000 websites this month. Future migration to IIS 10.0 may be slower than with previous IIS versions, however, as Microsoft announced Windows Server Premium Assurance in December 2016, which extends the support period from 10 to 16 years for existing Windows Server products. This means Premium Assurance customers will continue to receive security updates (as well as "critical" and "important" bulletins) for Windows Server 2008 until January 2026. In January 2017, more than 600 million sites are served from Windows Server 2008 machines.

Each of the other major server vendors released updates last month. nginx 1.11.7 mainline version was released on 13 December, followed by 1.11.8 on 27 December. Both releases included several bug fixes and a few new features.

The mainline 1.11.x branch of nginx is typically updated every 4-6 weeks and is aimed at users who require the latest features, whereas the 1.10.x stable branch is only updated when critical issues need to be fixed. Only two updates have been released on the stable branch since 1.10.0 was forked from mainline in April 2016. Stable is the most commonly used branch: nearly 24 million sites are using 1.10.x stable, compared with 2.2 million using 1.11.x mainline.

Apache 2.4.25 was released on 20 December 2016, incorporating security, feature and bug fixes (including many from the unreleased 2.4.24 version). The security fixes include a mitigation for issues caused by the httpoxy vulnerability, and better enforcement of the HTTP request grammar in RFC 7230 to reduce the likelihood of response splitting and cache pollution attacks.

While many sites still use older versions of Apache, such as the 2.2.x legacy versions, the Apache Project continues to point out that the latest release from the 2.4.x stable branch represents the best available version of Apache HTTP Server. Nonetheless, most sites—just over 100 million— report to be using 2.2.x legacy versions, compared with 69 million sites that use 2.4.x. The most commonly observed Apache Server banners are Apache/2.4.7 (Ubuntu) (36 million sites), followed by Apache/2.2.15 (CentOS) (25 million); however, these servers may not necessarily be as old and vulnerable as their version numbers imply. Netcraft previously discussed this "backporting" behaviour a few years ago.

LiteSpeed suffered the largest loss of sites this month, returning to October 2016 levels after plummeting by 42 million sites to leave a total of 5.5 million. Despite the large loss of sites, the number of web-facing computers using LiteSpeed increased modestly by 323 to 9,740. LiteSpeed 5.1.11 was released on 15 December, featuring improved caching and a few bug fixes.

December also saw the release of Tengine 2.2.0 development version, which came nearly two years after the previous development version, and a year after the most recent stable version. Not only does Tengine have a relatively sedate release cycle, but its latest version is based on nginx 1.8.1 (the final version of nginx's previous stable branch), which itself is already a year old.

Despite having relatively infrequent releases, 58 million sites are currently using Tengine. Most of these sites do not reveal which version has been installed, but among the 18 million that do, about two-thirds are using the relatively old 1.4.2 development version which was released in November 2012 and based on the nginx 1.2.x stable branch. Tengine was originally created by the Chinese marketplace Taobao, which modified the nginx core to better suit its requirements. It was released as an open source project in December 2011, and today sites under the taobao.com domain account for only 5% of its users.

Total number of websites

Web server market share

DeveloperDecember 2016PercentJanuary 2017PercentChange
Continue reading

Most Reliable Hosting Company Sites in December 2016

Rank Performance Graph OS Outage
DNS Connect First
1 Netcetera Linux 0:00:00 0.004 0.103 0.075 0.156 0.187
2 Qube Managed Services Linux 0:00:00 0.021 0.143 0.058 0.117 0.117
3 XILO Communications Ltd. Linux 0:00:00 0.021 0.222 0.066 0.132 0.132
4 Anexia Linux 0:00:00 0.021 0.254 0.081 0.174 0.174
5 Aruba Windows Server 2012 0:00:00 0.034 0.182 0.079 0.165 0.165
6 New York Internet FreeBSD 0:00:00 0.038 0.343 0.026 0.055 0.232
7 One.com Linux 0:00:00 0.038 0.192 0.038 0.109 0.109
8 krystal.co.uk Linux 0:00:00 0.063 0.158 0.072 0.155 0.155
9 EveryCity SmartOS 0:00:00 0.063 0.121 0.073 0.147 0.147
10 Webair Internet Development Linux 0:00:00 0.092 0.156 0.051 0.110 0.111

See full table

Netcetera rounded off the year by having the most reliable hosting company site in December 2016, successfully responding to all but one of Netcraft's requests. In 2016, Netcetera made eight appearances in the top ten, reaching second place in February, March and June. Earlier in 2016, Netcetera celebrated 20 years of successful business, thanking its clients, including some that have been with the company since the day it opened.

Netcetera is based on the Isle of Man, a self-governing territory of the United Kingdom known for its low-tax economy. Netcetera's data centre, The Dataport, uses several energy-saving technologies including Free Air Cooling and virtualisation, which when coupled with carbon offsetting, make it a zero carbon data centre. This carbon-neutral approach is estimated to have saved more than two million kilograms of CO2 to date.

Qube Managed Services took second place in December, with five failed requests. Qube also fared well over the course of 2016, with December marking its tenth appearance in the top ten, including two times at the top of the table, in March and October. Qube uses data centres in London, New York and Zurich to provide its cloud, colocation and managed services; and like Netcetera's website, Qube's is served from a Linux machine.

XILO Communications Ltd came third, also with five failed requests, but with a slower average connection time than Qube. XILO uses enterprise-class Dell hardware for its shared, reseller and cloud hosting services, and also made ten appearances in the top ten during 2016, which included a first place in July. Like Qube, XILO is headquartered in the UK and uses Linux to host its own website.

Seven of December's top ten most reliable hosting company sites were served from Linux machines, including Anexia's, which also had only five failed requests. The remainder used Windows Server 2012, FreeBSD and SmartOS. Linux was the most common operating system used amongst the top ten hosting provider sites over the course of 2016, with two months having a top ten that consisting entirely of Linux-powered websites.

Netcraft measures and makes available the response times of around forty leading hosting providers' sites. The performance measurements are made at fifteen minute intervals from separate points around the internet, and averages are calculated over the immediately preceding 24 hour period.

From a customer's point of view, the percentage of failed requests is more pertinent than outages on hosting companies' own sites, as this gives a pointer to reliability of routing, and this is why we choose to rank our table by fewest failed requests, rather than shortest periods of outage. In the event the number of failed requests are equal then sites are ranked by average connection times.

Information on the measurement process and current measurements is available.