Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

Browser-side HTTPS support now almost complete

Server-side adoption has hit a ceiling

'HTTPS' in address bar of browser screen
  • Wednesday 5 June 2024

Adoption of HTTPS (for secure web traffic) has stalled, particularly on the server side, data from Google, Firefox, W3Techs and Cloudflare shows. Although support is now a standard feature of all modern web browsers, HTTPS isn't yet available on all servers. According to the Electronic Frontier Foundation (EFF), the explanation is a combination of old and neglected servers, servers that don't use encryption for performance reasons or because of their limited content/functionality, lack of HTTPS support on some mobile devices, and some operators' reluctance to obtain certificates for privacy and security reasons.

Half a percentage point per year

As the chart below shows, encrypted traffic now accounts for 96 per cent of all Google's web service traffic. For the Netherlands, the figure is 95 per cent. However, the numbers haven't been rising significantly for quite some time. Over the last 6 years, HTTPS use has increased by about half a percentage point per year. On the other hand, it's not really surprising that adoption of the security standard is asymptotic: the last of the old, problematic web clients are expected to 'die out' naturally from the internet in the years ahead.

Although the high traffic shares might suggest that HTTPS is now the de facto standard on the web, that observation requires some qualification. Google's data relates exclusively to Chrome users who have the telemetry option enabled. The figures are not necessarily representative of all web traffic, therefore.

HTTPS-encrypted traffic as a percentage of Google's worldwide service traffic. [Source: Google]

Figure 1: HTTPS-encrypted traffic as a percentage of Google's worldwide service traffic. [Source: Google]

HTTPS-encrypted traffic as a percentage of Google's Dutch service traffic. [Source: Google]

Figure 2: HTTPS-encrypted traffic as a percentage of Google's Dutch service traffic. [Source: Google]

Firefox

Firefox's statistics are less selective than the Google data, because they relate to all the websites visited by Firefox users. They indicate that only 80 per cent of loaded web pages support HTTPS. Although page loads are not the same thing as traffic, the same picture of plateaued adoption does emerge.

HTTPS-encrypted web pages as a percentage of all pages loaded by Firefox users. [Source: Let's Encrypt/Firefox Telemetry]

Figure 3: HTTPS-encrypted web pages as a percentage of all pages loaded by Firefox users. [Source: Let's Encrypt/Firefox Telemetry]

W3Techs

W3Techs gathers data using a web crawler. Like the Firefox stats, the W3Techs data therefore provides a broader picture than the numbers published by Google or Cloudflare. W3Techs' information points to 86 per cent adoption, based on the availability of TLS on scanned websites.

Percentage of websites with HTTPS configured as the default protocol. [Source: W3Techs]

Figure 4: Percentage of websites with HTTPS configured as the default protocol. [Source: W3Techs]

It's important to recognise that W3Techs doesn't measure the same things as either Google or Firefox. While Google looks at encrypted traffic as a percentage of all its web service traffic, and Firefox at the percentage of loaded web pages that are encrypted, W3Techs measures the percentage of scanned websites that have HTTPS configured as their default protocol. The various datasets are not therefore directly comparable.

Top 100 websites

Google also publishes overall data on HTTPS adoption by the top 100 websites. By this metric, adoption is very high: 97 per cent. Indeed, if sites that support HTTPS but don't have an HTTPS port configured as the default are included, the support figure is 100 per cent. Google estimates that the top 100 sites account for about 25 per cent of all web traffic worldwide.

Percentage of the top 100 websites with HTTPS-secured ports. [Source: Google]

Figure 5: Percentage of the top 100 websites with HTTPS-secured ports. [Source: Google]

Cloudflare

Cloudflare, which provides reverse proxy/cache services (CDN) for high-traffic websites, reports a similar figure: 98 per cent of connection requests are for HTTPS (TCP port 443). Again, of course, that figure is valid only for very popular sites.

Percentage of connection requests accounted for by HTTPS. [Source: Cloudflare]

Figure 6: Percentage of connection requests accounted for by HTTPS. [Source: Cloudflare]

Older versions of HTTP and TLS

Cloudflare's measurements also show that only 10 per cent of the secure connections use HTTP version 1, while just 6 per cent use TLS version 1.2. HTTP/3, which is based on the much more efficient QUIC protocol (incorporating TLS 1.3), is now used for nearly 30 per cent of connections.

Breakdown of HTTPS connections by version used. [Source: Cloudflare]

Figure 7: Breakdown of HTTPS connections by version used. [Source: Cloudflare]

Breakdown of TLS connections by version used. [Source: Cloudflare]

Figure 8: Breakdown of TLS connections by version used. [Source: Cloudflare]

W3Techs' data similarly indicates 30 per cent server-side use, which also implies that support for HTTP/3 on the browser side is complete.

Percentage of websites that use HTTP/3. [Source: W3Techs]

Figure 9: Percentage of websites that use HTTP/3. [Source: W3Techs]

Bathtub curve?

Viewed in the round, the data shows that browser-side support for HTTPS is not a problem. The picture is similar where popular websites are concerned: nearly all have fully functional TLS ports. It is mainly medium-sized sites that are lacking in terms of HTTPS support. Although we have no statistical evidence, we think it's likely that the distribution of support for HTTPS follows a 'bathtub curve', as seen with the adoption of other modern internet standards: At the one end of the curve are the biggest sites. As the Google and Cloudflare data show, these sites have the best HTTPS support; the reason being that the internet is central to their activities. At the other end are the small sites. They generally have good support as well, because they're typically hosted by bulk service providers who use security as a selling point. And in the trough of the curve are medium-sized sites. These sites have the worst adoption rates because they tend to be independently hosted and/or developed, and may not receive as much attention as they should.

W3Techs' measurements also indicate that the HTTPS adoption level falls with each step down from the top 1,000, to the top 10,000, to the top 100,000 and the top 1,000,000 websites.

Percentage of the top websites that have HTTPS as their default port. [Source: W3Techs]

Figure 10: Percentage of the top websites that have HTTPS as their default port. [Source: W3Techs]

Neglected and rarely visited sites

Our own statistics, which relate to all domains in the .nl zone, show that 48 per cent of websites have valid TLS certificates. Although that number is much lower than figures of the 80 to 85 per cent recorded by Firefox and W3Techs, the discrepancy is easily explained. About 30 per cent of all .nl domain names are parked, and a high proportion of parked domains probably don't have HTTPS ports. What's more, the zone as a whole is likely to include numerous domains whose websites are abandoned and/or barely used. Although Let's Encrypt gave the adoption of HTTPS an enormous boost, self-signed certificates and long-validity certificates are no longer supported. As a result, neglected websites quickly become insecure.

Percentage of .nl websites that have valid TLS certificates. [Source: SIDN]

Figure 11: Percentage of .nl websites that have valid TLS certificates. [Source: SIDN]

Mandatory for government organisations

After discontinuing its HTTPS Everywhere browser extension early last year, the EFF said that HTTPS support was now a standard feature of all modern web browsers. isn't yet available on all servers. According to the EFF, the explanation is a combination of old and neglected servers, servers that don't use encryption for performance reasons or because of their limited content/functionality, lack of HTTPS support on some mobile devices, and some operators' reluctance to obtain certificates for privacy and security reasons.

Last summer, with progress on adoption stalled, rules were introduced making HTTPS (and HSTS) support mandatory for Dutch government organisations. The two standards have been on the Forum for Standardisation's 'use-or-explain' list since May 2017, and TLS has been on the list for even longer. In 2018, the Pan-governmental Digital Government Policy Liaison Forum (OBDO) produced an additional Joint Ambition Statement on HTTPS and HSTS, in line with which all government sites should have adopted those standards by the end of 2018.

The Digital Government Act (WDO) now enables the government to make the use of modern internet standards mandatory for public and semi-public bodies. Hence, the Decree on Secure Connections to Government Websites and Web Applications was issued last summer, requiring support for HTTPS and HSTS. A similar requirement on DNSSEC support is expected to follow. Under the relevant Joint Ambition Statement, DNSSEC should have been implemented by relevant operators by the end of 2017!