DNS CAA Catalog

CAA (Certification Authority Authorization) records allow domain owners to specify which Certificate Authorities are permitted to issue certificates for their domain. By setting CAA records, organizations can prevent unauthorized certificate issuance and strengthen their security posture. This catalog surveys CAA deployment across the top 10,000 domains to provide insight into real-world adoption patterns.

CAA Statistics Summary

10000

Total Domains

1681

With CAA Records

16.8%

1556 ✅

With 'issue' Records

15.6%

587 ✳️

With 'issuewild' Record

5.9%

504 📬

With 'iodef' Records

5.0%

13 📧

With 'issuemail' Records

0.1%

166 📩

With 'contactemail' Records

1.7%

0 📞

With 'contactphone' Records

0.0%

Top Certificate Authorities

✅ issue

Certificate Authority	Count	%
letsencrypt.org	862	8.6
digicert.com	829	8.3
pki.goog	737	7.4
amazon.com	417	4.2
globalsign.com	297	3.0
sectigo.com	260	2.6
comodoca.com	256	2.6
ssl.com	186	1.9
amazonaws.com	152	1.5
amazontrust.com	120	1.2
awstrust.com	108	1.1
godaddy.com	79	0.8
microsoft.com	74	0.7
entrust.net	48	0.5
certainly.com	35	0.3
symantec.com	27	0.3
pki.apple.com	25	0.2
thawte.com	14	0.1
geotrust.com	13	0.1
comodo.com	11	0.1
telesec.de	11	0.1
identrust.com	10	0.1
trust-provider.com	10	0.1
quovadisglobal.com	10	0.1
www.digicert.com	10	0.1
harica.gr	7	0.1
certum.pl	7	0.1
usertrust.com	7	0.1
visa.com	6	0.1
d-trust.net	6	0.1
swisssign.com	5	0.1
rapidssl.com	5	0.1
cloudflare.com	4	0.0
twca.com.tw	4	0.0
starfieldtech.com	3	0.0
buypass.no	3	0.0
cybertrust.ne.jp	3	0.0
secomtrust.net	2	0.0
dtrust.de	2	0.0
certificados.serpro.gov.br	2	0.0
kpn.com	2	0.0
affirmtrust.com	2	0.0
cloudflaressl.com	1	0.0
letsencrypt	1	0.0
e-szigno.hu	1	0.0
serpro.gov.br	1	0.0
certum.eu	1	0.0
jprs.jp	1	0.0
emsign.com	1	0.0
zerossl.com	1	0.0
gandi.net	1	0.0
alphassl.com	1	0.0
globalsign.org	1	0.0
docusign.fr	1	0.0
actalis.it	1	0.0
ica.cz	1	0.0
pki.dfn.de	1	0.0
aws.amazon.com	1	0.0
starfieldtech.org	1	0.0
akamai.net	1	0.0
buypass.com	1	0.0
secitgo.com	1	0.0
letsencrypt.com	1	0.0
zscaler.com	1	0.0
netnod.se	1	0.0
certsign.ro	1	0.0
register.globalsign.com	1	0.0
amazonaws.cn	1	0.0
amazonzonaws.com	1	0.0
trustwave.com	1	0.0
cloudfront.net	1	0.0

✳️ issuewild

Certificate Authority	Count	%
digicert.com	350	3.5
letsencrypt.org	317	3.2
pki.goog	226	2.3
comodoca.com	190	1.9
ssl.com	172	1.7
amazon.com	126	1.3
sectigo.com	112	1.1
globalsign.com	90	0.9
amazonaws.com	42	0.4
amazontrust.com	27	0.3
pki.apple.com	26	0.3
awstrust.com	24	0.2
godaddy.com	22	0.2
telesec.de	9	0.1
certainly.com	9	0.1
geotrust.com	5	0.1
certum.pl	5	0.1
www.digicert.com	5	0.1
trust-provider.com	4	0.0
comodo.com	4	0.0
microsoft.com	4	0.0
identrust.com	4	0.0
usertrust.com	4	0.0
harica.gr	4	0.0
entrust.net	4	0.0
rapidssl.com	3	0.0
quovadisglobal.com	2	0.0
cloudflare.com	2	0.0
d-trust.net	2	0.0
swisssign.com	2	0.0
thawte.com	2	0.0
cloudfront.net	1	0.0
certsign.ro	1	0.0
emsign.com	1	0.0
certum.eu	1	0.0
pixfuture.com	1	0.0
jprs.jp	1	0.0
amazonaws.cn	1	0.0
alphassl.com	1	0.0
letsencrypt.com	1	0.0
gandi.net	1	0.0
akamai.net	1	0.0
wordpress.com	1	0.0
symantec.com	1	0.0
affirmtrust.com	1	0.0
secomtrust.net	1	0.0

Domain ranking data from Cloudflare Radar used under CC BY-NC 4.0.