Defaults.Exposed › Data
Domain security statistics
As of June 2026, 86.2% of 260M graded domains score an F, and fewer than 0.02% score an A — Defaults.Exposed census of 333,206,109 domains across 1,385 TLDs.
Every figure below is dated and individually linkable. Numbers are recomputed each month from the live census; download the underlying aggregates as JSON or CSV.
Grade distribution
As of June 2026
¶ As of June 2026, Defaults.Exposed has graded 260,408,704 domains (260M) drawn from a census of 333,206,109 registered domains (333M) across 1,385 TLDs.
¶ 86.2% of graded domains score an F — 224,536,050 domains.
¶ Fewer than 0.02% score an A or A+ (56,502 domains); an A+ is rarer still at 0.00%.
¶ 7.9% of registered domains no longer resolve (20,675,690 dead domains).
Email authentication
As of June 2026
¶ Only 10.6% of domains publish an enforcing DMARC policy (quarantine or reject).
¶ 75.1% have no DMARC record at all, leaving them open to email spoofing.
¶ 53.2% publish an SPF record; 46.8% publish none.
¶ 51.8% have a discoverable DKIM selector.
DNS & infrastructure
As of June 2026
¶ Only 2.0% of domains have a valid DNSSEC chain; a further 3.0% are signed but broken.
¶ 1.6% publish a CAA record restricting which CAs may issue their certificates.
¶ 23.8% publish an AAAA record (IPv6-reachable).
TLS & web security
As of June 2026
¶ 78.0% of domains serve over HTTPS.
¶ Of domains serving HTTPS, 91.8% present a valid, trusted certificate (71.6% of all graded domains).
¶ 90.5% of HTTPS-serving domains negotiate TLS 1.3; 5.4% top out at TLS 1.2.
¶ Only 22.9% of HTTPS-serving domains send an HSTS header (17.9% of all graded domains).
Cite this
Statistics current as of June 2026. Please cite Defaults.Exposed and link the source page.
Defaults.Exposed, "Domain Security Census" (as of June 2026). https://defaults.exposed/data
Permalink: https://defaults.exposed/data · Machine-readable: census.json, tld-grades.csv · Licence: open data
Methodology: how we grade the internet. Updated monthly.