DNS CAA Catalog

CAA (Certification Authority Authorization) records allow domain owners to specify which Certificate Authorities are permitted to issue certificates for their domain. By setting CAA records, organizations can prevent unauthorized certificate issuance and strengthen their security posture. This catalog surveys CAA deployment across the top 10,000 domains to provide insight into real-world adoption patterns.

CAA Statistics Summary

10000

Total Domains

1691

With CAA Records

16.9%

1566 ✅

With 'issue' Records

15.7%

591 ✳️

With 'issuewild' Record

5.9%

516 📬

With 'iodef' Records

5.2%

16 📧

With 'issuemail' Records

0.2%

165 📩

With 'contactemail' Records

1.6%

0 📞

With 'contactphone' Records

0.0%

Top Certificate Authorities

✅ issue

Certificate Authority	Count	%
letsencrypt.org	870	8.7
digicert.com	830	8.3
pki.goog	739	7.4
amazon.com	438	4.4
globalsign.com	292	2.9
sectigo.com	273	2.7
comodoca.com	248	2.5
ssl.com	184	1.8
amazonaws.com	163	1.6
amazontrust.com	130	1.3
awstrust.com	114	1.1
godaddy.com	78	0.8
microsoft.com	73	0.7
entrust.net	49	0.5
certainly.com	36	0.4
symantec.com	25	0.2
pki.apple.com	25	0.2
thawte.com	14	0.1
geotrust.com	13	0.1
comodo.com	12	0.1
trust-provider.com	12	0.1
identrust.com	11	0.1
quovadisglobal.com	10	0.1
www.digicert.com	9	0.1
telesec.de	9	0.1
usertrust.com	8	0.1
harica.gr	8	0.1
certum.pl	7	0.1
visa.com	7	0.1
d-trust.net	6	0.1
rapidssl.com	4	0.0
swisssign.com	4	0.0
starfieldtech.com	4	0.0
twca.com.tw	4	0.0
certificados.serpro.gov.br	3	0.0
cybertrust.ne.jp	3	0.0
cloudflare.com	3	0.0
buypass.no	3	0.0
dtrust.de	2	0.0
kpn.com	2	0.0
e-szigno.hu	2	0.0
affirmtrust.com	2	0.0
buypass.com	2	0.0
zscaler.com	1	0.0
emsign.com	1	0.0
trustasia.com	1	0.0
alphassl.com	1	0.0
register.globalsign.com	1	0.0
certum.eu	1	0.0
amazonaws.cn	1	0.0
amazonzonaws.com	1	0.0
akamai.com	1	0.0
aws.amazon.com	1	0.0
zerossl.com	1	0.0
letsencrypt	1	0.0
letsencrypt.com	1	0.0
akamai.net	1	0.0
fnmt.es	1	0.0
gandi.net	1	0.0
netnod.se	1	0.0
networksolutions.com	1	0.0
cloudflaressl.com	1	0.0
ica.cz	1	0.0
mastercard.com	1	0.0
docusign.fr	1	0.0
certsign.ro	1	0.0
cloudfront.net	1	0.0
starfieldtech.org	1	0.0
pki.dfn.de	1	0.0
secomtrust.net	1	0.0
serpro.gov.br	1	0.0
trustwave.com	1	0.0
web.com	1	0.0
actalis.it	1	0.0

✳️ issuewild

Certificate Authority	Count	%
digicert.com	347	3.5
letsencrypt.org	317	3.2
pki.goog	227	2.3
comodoca.com	183	1.8
ssl.com	169	1.7
amazon.com	137	1.4
sectigo.com	116	1.2
globalsign.com	83	0.8
amazonaws.com	46	0.5
amazontrust.com	31	0.3
awstrust.com	27	0.3
pki.apple.com	26	0.3
godaddy.com	23	0.2
certainly.com	10	0.1
telesec.de	8	0.1
geotrust.com	5	0.1
certum.pl	5	0.1
microsoft.com	4	0.0
comodo.com	4	0.0
trust-provider.com	4	0.0
entrust.net	4	0.0
usertrust.com	4	0.0
identrust.com	4	0.0
harica.gr	4	0.0
www.digicert.com	4	0.0
swisssign.com	2	0.0
thawte.com	2	0.0
cloudflare.com	2	0.0
d-trust.net	2	0.0
rapidssl.com	2	0.0
akamai.net	1	0.0
affirmtrust.com	1	0.0
emsign.com	1	0.0
trustasia.com	1	0.0
certsign.ro	1	0.0
certum.eu	1	0.0
cloudfront.net	1	0.0
alphassl.com	1	0.0
quovadisglobal.com	1	0.0
letsencrypt.com	1	0.0
pixfuture.com	1	0.0
gandi.net	1	0.0
amazonaws.cn	1	0.0
wordpress.com	1	0.0

Domain ranking data from Cloudflare Radar used under CC BY-NC 4.0.