The state of the sector

We've assembled the most complete list yet of domains across the public sector, and collected a large dataset about their security.

These are the headline statistics.

Domains

Of a total
56,771
domains

67%
are online
(38,051)

What does this mean?

10%
require strict transport security
(3,953)

What does this mean?

6%
enable browser XSS protections
(2,252)

What does this mean?

2%
have a content security policy
(700)

What does this mean?

Secure HTTP

Of a total
56,771
domains

54%
support HTTPS
(30,919)

Of
30,919
domains that support HTTPS

51%
use valid HTTPS
(15,644)

What does this mean?

32%
default to HTTPS
(9,856)

What does this mean?

20%
have certificates with an incorrect common name
(6,296)

What does this mean?

7%
have expired certificates
(2,112)

What does this mean?

32%
support a cipher graded 'C'
(10,023)

What does this mean?

16%
support a cipher graded 'A'
(4,911)

What does this mean?

4%
support a cipher graded 'D'
(1,117)

What does this mean?