Estimating the value of hosting companies by counting computers

Is it possible to estimate the revenue of a hosting company based on its public presence — that is, is the number of websites it hosts directly proportional to its market value? By using the market capitalisation (or acquisition purchase price, where appropriate) as a valuation and examining the number of web-facing computers, a striking patterns emerges.

Valuation of a hosting company against the number of web-facing computers found in August 2013.
Blue = "pure" hosting company; Orange = significant other areas of business. The dashed line is based only on pure hosting companies.
†Go Daddy’s valuation is based on its 2011 buyout offer, adjusted for growth in web-facing computers and for inflation.

Amongst the hosting companies examined, there is a fairly strong correlation between the number of web-facing computers and the valuation of the hosting company: the more computers visible at a hosting company, the higher the valuation. Considering only pure hosting companies (without significant other business, marked in blue), the average value per web-facing computer is circa $43,000.

An average company value per web-facing computer on the order of tens of thousands of dollars may seem surprisingly high, but there is, of course, more to it than the cost of a single computer. The number of web-facing computers does not take into account the potentially large number of computers used behind the scenes, which may vary from hosting company to hosting company depending on business model — there are likely to be fewer hidden computers at a shared hosting provider than at a cloud hosting provider.

Even with the same number of web-facing computers, the valuation of a hosting company can vary due to the quality of the physical hardware, the network infrastructure, and also sales and support staff. Most important is the current and future revenue, and hence profit, that each web-facing computer can generate.

This average value per web-facing computer masks a great deal of variation between hosting companies:

Hosting company Value per web-facing
computer (USD)
DADA $15.3k
Peer 1 $30.0k
SoftLayer $49.7k
iomart $52.3k
United Internet* $66.8k
Internap* $67.3k
Rackspace $68.1k
Go Daddy* $177.2k

Value (USD) per web-facing computer. Companies marked with a * have significant other areas of business.

Comparing two competitors in the managed hosting market, Rackspace and Peer1, highlights a significant difference in the valuation based on web-facing computers. Each web-facing computer at Rackspace is valued at twice as much as one at Peer1; perhaps this reflects the value of Fanatical Support and the flexibility of Rackspace's OpenStack-based cloud.

Go Daddy's valuation of $4.1bn is based on a deal in 2011 (adjusted for both inflation and computer growth), which reportedly amounted to $2.25bn for 65% of the company. This valuation is greater than expected from the number of computers at Go Daddy, but this difference could be explained by its equally prominent role as the largest ICANN-accredited domain name registrar.

SoftLayer is in the process of being acquired by IBM, who say the acquisition will strengthen their leadership position in cloud computing and help speed business adoption of public and private cloud solutions. Financial terms were not disclosed, but the deal is speculated to be worth more than $2bn.

The correlation between computers and market value can be used not only to estimate the value of private companies which have never been sold before, but also to estimate the value of the hosting divisions within much larger companies, such as Amazon.

Amazon's market capital stands at around $131bn today, but the majority of its revenue comes from online retailing. A valuation based on computer counting would suggest that its hosting division, Amazon Web Services, could be worth approximately $7.8bn, around 6% of Amazon's entire market value. Based on its Q2 2013 earnings report, Amazon's AWS division (within the Other category) accounted for 5.7% of its total revenue between 1st April and 30th June 2013.

Netcraft has developed a technique for identifying the number of computers (rather than IP addresses) acting as web servers on the Internet, providing an independent view with a consistent methodology on the number of web-facing computers at each hosting location worldwide. For more information, see our Hosting Provider Server Count.

August 2013 Web Server Survey

In the August 2013 survey we received responses from 716,822,317 sites, an increase of 18 million. Based on the trends over the last six months, Netcraft expects to see 1 billion responsive sites within the next 18 months.

Apache lost a significant amount of market share this month, tumbling by 5.23 percentage points. Its market share now stands at 46.96%, the lowest since March 2009. This large change was caused by the loss of 28 million Apache sites, a large gain of 26 million sites powered by Microsoft IIS, plus other reasonably significant gains by nginx and Google. Google's growth was primarily due to 3.1 million new sites using Google's App Engine ( infrastructure and 2.7 million new Blogger sites (

The bulk of the changes in Apache and Microsoft web server market share this month can be attributed to a single hosting company: Go Daddy was previously hosting 25 million sites using Apache Traffic Server on Linux, but these are now served by Microsoft IIS 7.5. The machines still exhibit the TCP/IP characteristics of Linux, and are likely reverse proxies, each of which is serving an average of about 150 thousand sites. Apache Traffic Server first appeared at Go Daddy during Netcraft's May survey. At the time, 75% of all sites hosted by Go Daddy were using ATS, which made Go Daddy responsible for hosting 99% of all ATS sites in the world.

Remarkably, this is the first time since December 2009 that Apache has not been used by more than half of the world's websites. During that period, Apache's market share peaked at 66% in July 2011, although its greatest ever market share was observed in November 2005, when it hit 71%.

Despite speculation that the recent PRISM revelations would result in a mass exodus from American data centers and web hosting companies, Netcraft has not yet seen any evidence of this. Within the most popular 10 thousand sites, Netcraft witnessed only 40 sites moving away from US-based hosting companies. Contrary to some people's expectations, 47 sites moved to the US, which actually resulted in a net migration to the US.

This trend is also reflected by the entire web server survey, where a net sum of 270 thousand sites moved to the US from other countries (in total, 3.9 million sites moved to the US, while 3.6 million moved from the US). Germany was the most popular departure country, with nearly 1.2 million sites moving from German hosting companies. This was followed by Canada, where 803 thousand sites hopped across the border to the US.

DeveloperJuly 2013PercentAugust 2013PercentChange
Continue reading

Most Reliable Hosting Company Sites in July 2013

Rank Performance Graph OS Outage
DNS Connect First
1 Swishmail FreeBSD 0:00:00 0.003 0.134 0.076 0.152 0.209
2 ServerStack Linux 0:00:00 0.003 0.096 0.078 0.158 0.158
3 iWeb Linux 0:00:00 0.003 0.146 0.083 0.166 0.166
4 Hyve Managed Hosting Linux 0:00:00 0.006 0.267 0.083 0.166 0.168
5 XILO Communications Linux 0:00:00 0.009 0.230 0.094 0.399 0.561
6 Qube Managed Services Linux 0:00:00 0.012 0.136 0.065 0.132 0.132
7 Virtual Internet Linux 0:00:00 0.015 0.164 0.089 0.383 0.594
8 Datapipe FreeBSD 0:00:00 0.018 0.089 0.031 0.062 0.095
9 New York Internet FreeBSD 0:00:00 0.018 0.142 0.079 0.159 0.491
10 Bigstep Linux 0:00:00 0.018 0.293 0.084 0.174 0.321

See full table

Swishmail had the most reliable hosting company site in July 2013. The New York based company failed to respond to only one of Netcraft's requests during the whole month, and had an average connection time of 0.076s. Swishmail primarily operates as an email hosting provider and uses three different data centers, run by Savvis, Level3 and Globix in New York City. Upstream connectivity is provided by Level3, Savvis, Cogent, AboveNet and Globix.

In second and third place, both also with only one failed request, were ServerStack and iWeb. ServerStack had the most reliable hosting company site during the previous month, and has data centers in New Jersey, San Jose and Amsterdam. iWeb's data centers in Montreal have a total dedicated server capacity of nearly 35,000.

For the second month in a row, none of July's top ten hosting companies were running on Windows operating systems. The most reliable hosting company site, Swishmail, was running on FreeBSD, as were two others sites within the top ten; the remaining seven were running on Linux. In terms of web server software, Apache was used by seven of the top ten sites, while nginx was used by three sites, including Swishmail's.

Netcraft measures and makes available the response times of around forty leading hosting providers' sites. The performance measurements are made at fifteen minute intervals from separate points around the internet, and averages are calculated over the immediately preceding 24 hour period.

From a customer's point of view, the percentage of failed requests is more pertinent than outages on hosting companies' own sites, as this gives a pointer to reliability of routing, and this is why we choose to rank our table by fewest failed requests, rather than shortest periods of outage. In the event the number of failed requests are equal then sites are ranked by average connection times.

Information on the measurement process and current measurements is available.

Microsoft Achieves World Domination (in OCSP Stapling)

Certificate revocation checking is an essential part of any connection to an SSL site; without it, an attacker can impersonate an SSL site with a compromised certificate until it expires of its own accord — an event which may be 5 years away — even if the issuer of the certificate (the certificate authority, or CA) is made aware of the breach. One of the methods used to check the revocation status, OCSP, requires the browser to make a per-certificate request to the issuing CA as part of the initial connection to an SSL site.

This separate OCSP request can increase the time taken for the browser to connect to an SSL site and imposes a traffic burden on the CA. OCSP stapling is advantageous because it removes the need for a separate request to the CA by bundling the OCSP response with the existing SSL connection.

The proportion of certificates in the July 2013 Netcraft SSL survey served over an SSL connection with a stapled OCSP response.

In the latest Netcraft SSL Survey, more than 22% of certificates were served with a stapled OCSP response. Of those SSL certificates seen with a stapled OCSP response, almost all (96%) were served from computers running Microsoft Windows. OCSP stapling has been enabled by default in IIS since Windows 2008, significantly before its competitors — Apache added support in version 2.4 in February 2012 and nginx added support in version 1.4.0 in April 2013.

Operating System Share
Windows Server 200894.54%
Windows Server 20121.76%

The certificates in the July 2013 Netcraft SSL survey served over an SSL connection with a stapled OCSP response, split by operating system.

More than 99% of the stapled OCSP responses corresponded to a 'good' status, but somewhat surprisingly, there were around 900 responses which corresponded to a revoked status. These include a certificate on a Maybank website (the largest financial institution in Malaysia) and a certificate on the mobile version of, an official US Marine Corps recruitment website. appears to be load balanced across at least two machines, one of which staples a revoked response, the other uses a different non-revoked certificate. in Google Chrome (on Windows) and Safari on iOS6.

Browser support for OCSP stapling is patchy and varies with the operating system. As well as on the server-side with IIS, Microsoft's client-side support for OCSP stapling is good: Internet Explorer supports stapling, as does every other browser tested on Windows except Firefox. Firefox does particularly poorly on all platforms, with no support at all for OCSP stapling in the current release, though support is on its way. Google Chrome uses a patched version of NSS (the same library as Firefox) on Linux which does include stapling support. The upgrade from Opera 12 to Opera 15 on Mac OS X removes support for OCSP stapling, perhaps as a side-effect of the move to WebKit (blink), leaving Mac OS X without support for OCSP stapling when using the latest release of any common browser.

Where OCSP stapling may help the most — on mobile networks where latency may be high — there is no support, at least in conventional browsers which make direct requests. Opera Mini, which uses a proxy to compress responses, does make SSL requests which include a request for an OCSP stapled response, but security conscious users may be reticent to trust their SSL encrypted data to Opera (which proxies SSL connections through its servers) in exchange for OCSP stapling.

Browser/OSWindowsLinuxMac OS XiOSAndroid
Google Chrome 28YesYesNoNoNo
Firefox 22NoNoNoN/ANo
Internet Explorer 10YesN/AN/AN/AN/A
Safari 6NoN/ANoNoN/A
Opera 12YesYesYesN/AN/A
Opera 15YesN/ANoN/AN/A
Opera MiniN/AN/AN/AYesYes
Opera MobileN/AN/AN/AN/ANo

CloudFlare is a vocal supporter of OCSP stapling and claims that stapling can improve the time taken to start an SSL connection by up to 30%. CloudFlare’s implementation of OCSP, though, does not consistently provide a stapled OCSP response. Netcraft took 50 random CloudFlare IP addresses seen in the SSL survey and made 50 sequential requests with OCSP stapling enabled after an initial priming request which was discarded.

The number of CloudFlare IP Addresses responding with OCSP stapled grouped by the request number. 50 IP addresses were connected to with openssl s_client -status, the initial request was discarded and then after a 5 second pause, 50 sequential requests were made.

Fewer than 50% of the CloudFlare IP addresses responded with an OCSP response stapled on the first non-discarded connection attempt. Even after 20 requests, the response rate is not consistent, some IP addresses still fail to staple an OCSP response on each and every SSL connection. This inconsistent behaviour may be down to a number of separate machines responding to the same IP address either in different locations, or behind a load balancer.

OCSP stapling, at least in its current form, does not exempt most browsers from all OCSP requests; even if the OCSP response for the certificate of the SSL site itself is stapled, the OCSP responses from the intermediates certificates — the chain of certificates which link the site’s certificate to a trusted certificate embedded in the browser — are not included. Yngve Pettersen, formerly of Opera, has recently authored RFC 6961 defining a standard which is intended to combat some of the problems with the current generation of OCSP stapling.

July 2013 Web Server Survey

In the July 2013 survey we received responses from 698,823,509 sites, an increase of 25.8M.

Apache and nginx, both open source web servers, have lost market share this month whilst Microsoft gained significantly, up by 2.43 percentage points, to just shy of 20% of worldwide sites. For the second consecutive month, nginx is powering fewer sites than in the previous month's Web Server Survey, which is due, in part, to almost 2M sites moving from nginx and to Apache. Within the million busiest sites, a similar picture emerges: nginx lost over 4,000 busy sites, many of which have moved to Apache.

Windows Azure, Microsoft's own cloud platform, is, as expected, dominated by Microsoft IIS — more than 96% of all sites hosted on the platform are using IIS. Azure is not, however, limited to just the Windows operating system, Linux is also available. This month, Netcraft found 170,000 (13,000 more than last month) sites being served on 18,000 (+1,100) web-facing computers at Azure. Azure had net gains of sites from several of the best known hosting providers including Amazon, Rackspace, SoftLayer, and Go Daddy.

Previous hosting provider Net movement to Microsoft
Go Daddy+594

Sites (hostnames) switching to being hosted at Microsoft from notable providers, June 2013 to July 2013

Amidst continuing uncertainty over the scale of both PRISM and related surveillance programmes, some people have expressed concerns about hosting personal information in the United States. Currently, the United States is a Safe Harbour for European data, which allows American businesses to comply with European data protection legislation. With the European Commission seeking clarification from the US Government regarding the surveillance programme, and hosting companies selling guaranteed European hosting as a feature, the recent revelations might lead to international businesses moving away from US-based hosting providers.

Currently, almost one third of the world's sites are hosted in Europe but the United States has a near majority of 49.5% of all sites. Looking at the top 5 European TLDs by the number of sites (.de, .pl, .nl, .fr, and .uk) only 7% are hosted in the United States and the vast majority are hosted in their home country — for example, 90% of sites within the .de TLD are hosted in Germany — with the exception of the United Kingdom, which hosts 56% at home and almost 20% in the United States. Additionally, the use of open source software is significantly more prominent in Europe: more than 80% of European hosted sites use Apache or nginx and less than 5% use Microsoft IIS. The United States, on the other hand, has more than 25% of its sites running on Microsoft IIS while Apache and nginx have a slim majority of just 53%.

Last month, Netcraft wrote about the meteoric rise of DigitalOcean, a US-based cloud hosting provider. The service, which has been attracting users with competitive pricing and rapid deployment (within a minute), has seen strong growth again this month, the number of web-facing computers is up 31% since last month. Only 7% of the web-facing computers at DigitalOcean are based in their Dutch data centre, down (as a proportion) from 31% at the beginning of this year — perhaps caused by a shortage of available IP addresses.

Previous hosting provider Net movement to DigitalOcean
Shore Network Tech (Linode)+824

Sites (hostnames) switching to being hosted at DigitalOcean from notable providers, June 2013 to July 2013

DeveloperJune 2013PercentJuly 2013PercentChange
Continue reading

Most Reliable Hosting Company Sites in June 2013

Rank Performance Graph OS Outage
DNS Connect First
1 ServerStack Linux 0:00:00 0.007 0.089 0.073 0.146 0.146
2 Codero Linux 0:00:00 0.010 0.234 0.084 0.266 0.528
3 Swishmail FreeBSD 0:00:00 0.014 0.133 0.070 0.137 0.184
4 Virtual Internet Linux 0:00:00 0.014 0.162 0.074 0.329 0.502
5 Datapipe FreeBSD 0:00:00 0.017 0.083 0.018 0.037 0.057
6 Bigstep Linux 0:00:00 0.017 0.289 0.072 0.147 0.228
7 Midphase Linux 0:00:00 0.017 0.246 0.111 0.225 0.380
8 Linux 0:00:00 0.017 0.209 0.129 0.214 0.517
9 Memset Linux 0:00:00 0.021 0.111 0.074 0.146 0.291
10 Iomart Linux 0:00:00 0.021 0.115 0.088 0.181 0.339

See full table

ServerStack had the most reliable hosting company site in June, with only two failed requests. ServerStack provides managed dedicated hosting from data centres in New Jersey, San Jose, and Amsterdam, and counts amongst its clients high-traffic sites such as MTV and academic publisher Elsevier. Over the eight months Netcraft has been monitoring ServerStack's performance, it has appeared in the top 10 five times and been the most reliable hosting company site twice.

Codero and Swishmail took second and third place respectively. Both companies had 100% uptime and just two failed requests separate the top three companies. Both Codero and Swishmail are based in the United States: Codero has a presence in Virginia, Illinois and Arizona, whilst Swishmail operates out of three New York data centres.

Bigstep, which focuses on providing hosting infrastructure for big data companies, started being monitored three months ago and has maintained a 100% uptime record thus far.

For the first time since May 2012, none of the companies in the top 10 Most Reliable Hosting Company Sites were running a version of Windows Server. ServerStack runs Linux, as do seven other hosting companies in the top 10. FreeBSD is used by the remaining two: Datapipe and Swishmail.

Netcraft measures and makes available the response times of around forty leading hosting providers' sites. The performance measurements are made at fifteen minute intervals from separate points around the internet, and averages are calculated over the immediately preceding 24 hour period.

From a customer's point of view, the percentage of failed requests is more pertinent than outages on hosting companies' own sites, as this gives a pointer to reliability of routing, and this is why we choose to rank our table by fewest failed requests, rather than shortest periods of outage. In the event the number of failed requests are equal then sites are ranked by average connection times.

Information on the measurement process and current measurements is available.