CAA (Certification Authority Authorization) records allow domain owners to specify which Certificate Authorities are permitted to issue certificates for their domain. By setting CAA records, organizations can prevent unauthorized certificate issuance and strengthen their security posture. This catalog surveys CAA deployment across the top 10,000 domains to provide insight into real-world adoption patterns.
CAA Statistics Summary
10000
Total Domains
1732
With CAA Records
17.3%
1606 ✅
With 'issue' Records
16.1%
630 ✳️
With 'issuewild' Record
6.3%
531 📬
With 'iodef' Records
5.3%
20 📧
With 'issuemail' Records
0.2%
162 📩
With 'contactemail' Records
1.6%
0 📞
With 'contactphone' Records
0.0%
Top Certificate Authorities
✅ issue
✳️ issuewild
| Certificate Authority | Count | % |
|---|---|---|
| digicert.com | 385 | 3.9 |
| letsencrypt.org | 350 | 3.5 |
| pki.goog | 256 | 2.6 |
| comodoca.com | 204 | 2.0 |
| ssl.com | 191 | 1.9 |
| amazon.com | 136 | 1.4 |
| sectigo.com | 116 | 1.2 |
| globalsign.com | 84 | 0.8 |
| amazonaws.com | 48 | 0.5 |
| amazontrust.com | 35 | 0.3 |
| awstrust.com | 31 | 0.3 |
| pki.apple.com | 25 | 0.2 |
| godaddy.com | 23 | 0.2 |
| certainly.com | 12 | 0.1 |
| telesec.de | 7 | 0.1 |
| certum.pl | 5 | 0.1 |
| geotrust.com | 5 | 0.1 |
| trust-provider.com | 5 | 0.1 |
| entrust.net | 5 | 0.1 |
| harica.gr | 4 | 0.0 |
| identrust.com | 4 | 0.0 |
| www.digicert.com | 4 | 0.0 |
| microsoft.com | 4 | 0.0 |
| usertrust.com | 4 | 0.0 |
| swisssign.com | 2 | 0.0 |
| d-trust.net | 2 | 0.0 |
| thawte.com | 2 | 0.0 |
| rapidssl.com | 2 | 0.0 |
| cloudflare.com | 2 | 0.0 |
| amazonaws.cn | 1 | 0.0 |
| symantec.com | 1 | 0.0 |
| gandi.net | 1 | 0.0 |
| akamai.net | 1 | 0.0 |
| letsencrypt.com | 1 | 0.0 |
| wordpress.com | 1 | 0.0 |
| gogetssl.com | 1 | 0.0 |
| pixfuture.com | 1 | 0.0 |
| comodo.com | 1 | 0.0 |
| trustasia.com | 1 | 0.0 |
| quovadisglobal.com | 1 | 0.0 |
| certum.eu | 1 | 0.0 |
| affirmtrust.com | 1 | 0.0 |
| emsign.com | 1 | 0.0 |
Domain ranking data from Cloudflare Radar used under CC BY-NC 4.0.