Defaults.Exposed

Defaults.Exposed › Data

Domain security statistics

As of June 2026, 86.2% of 260M graded domains score an F, and fewer than 0.02% score an A — Defaults.Exposed census of 333,206,109 domains across 1,385 TLDs.

Every figure below is dated and individually linkable. Numbers are recomputed each month from the live census; download the underlying aggregates as JSON or CSV.

Grade distribution

As of June 2026

As of June 2026, Defaults.Exposed has graded 260,408,704 domains (260M) drawn from a census of 333,206,109 registered domains (333M) across 1,385 TLDs.

86.2% of graded domains score an F — 224,536,050 domains.

Fewer than 0.02% score an A or A+ (56,502 domains); an A+ is rarer still at 0.00%.

7.9% of registered domains no longer resolve (20,675,690 dead domains).

Email authentication

As of June 2026

Only 10.6% of domains publish an enforcing DMARC policy (quarantine or reject).

75.1% have no DMARC record at all, leaving them open to email spoofing.

53.2% publish an SPF record; 46.8% publish none.

51.8% have a discoverable DKIM selector.

DNS & infrastructure

As of June 2026

Only 2.0% of domains have a valid DNSSEC chain; a further 3.0% are signed but broken.

1.6% publish a CAA record restricting which CAs may issue their certificates.

23.8% publish an AAAA record (IPv6-reachable).

TLS & web security

As of June 2026

78.0% of domains serve over HTTPS.

Of domains serving HTTPS, 91.8% present a valid, trusted certificate (71.6% of all graded domains).

90.5% of HTTPS-serving domains negotiate TLS 1.3; 5.4% top out at TLS 1.2.

Only 22.9% of HTTPS-serving domains send an HSTS header (17.9% of all graded domains).

Cite this

Statistics current as of June 2026. Please cite Defaults.Exposed and link the source page.

Defaults.Exposed, "Domain Security Census" (as of June 2026). https://defaults.exposed/data

Permalink: https://defaults.exposed/data · Machine-readable: census.json, tld-grades.csv · Licence: open data

Methodology: how we grade the internet. Updated monthly.