
AI Summary
A decade of web security data from Scott Helme confirms universal HTTPS adoption for top sites, but identifies lingering gaps that encryption alone cannot bridge.
- •Scott Helme's June 2026 analysis of the top 1 million websites marks the conclusion of a ten-year longitudinal study on web security.
- •Data confirms that HTTPS transition is nearly universal among top-tier sites, replacing the unencrypted HTTP standard that dominated the web in 2016.
- •The report stops short of detailing the specific security posture of the 'long tail' of the internet, leaving questions about whether small, lower-traffic sites have achieved similar gains.
Security researcher Scott Helme has released a comprehensive ten-year analysis tracking the security evolution of the top 1 million websites. While the transition to encrypted HTTPS connections is now standard for global top-tier domains, this shift represents a long-overdue move away from the unencrypted protocols that defined the early web. However, the report highlights that simple encryption does not equate to perfect security, as complex vulnerabilities remain persistent across the board. The true challenge for the next decade will be moving beyond transport security to address application-layer threats that automation cannot easily solve.
Sources
Get the story before everyone else.
1-minute briefings. Zero noise. Straight to your inbox.
Join 1,200+ readers
Discussion
No comments yet. Be the first to start the conversation!