RFC 9460 Adoption Analysis

Tracking the deployment of HTTPS and SVCB DNS Resource Records across the top 100 websites

View Analysis Read RFC 9460
Last scan: September 15, 2025 at 11:30 AM
9%
Overall Adoption
18
Compliant Domains
72%
HTTP/3 Support
100
Domains Tested

What is RFC 9460?

RFC 9460 defines the HTTPS and SVCB (Service Binding) DNS resource record types, enabling improved connection establishment and enhanced privacy for HTTPS connections.

Key Benefits

Faster Connections

Enables HTTP/3 and QUIC discovery without additional round trips

Enhanced Privacy

Supports Encrypted Client Hello (ECH) for improved TLS privacy

Protocol Negotiation

Advertises supported protocols (HTTP/2, HTTP/3) via DNS

IP Address Hints

Provides IPv4 and IPv6 hints for faster resolution

Adoption Metrics

Overall Adoption Rate

Key Findings:

  • Root domains: 8% adoption (8 out of 100)
  • WWW subdomains: 10% adoption (10 out of 100)
  • Combined unique domains: 9% adoption

Feature Distribution

Among HTTPS-enabled domains:

  • 72% support HTTP/3 via ALPN
  • 56% provide IPv4 address hints
  • 33% provide IPv6 address hints
  • 100% use standard port (443)
  • 0% have ECH configuration

SVCB vs HTTPS Record Usage

Key Finding

0% SVCB adoption - None of the top 100 websites have deployed SVCB records. All RFC 9460 implementations exclusively use HTTPS (Type 65) records.

  • HTTPS Records: 18 domains (9% adoption)
  • SVCB Records: 0 domains (0% adoption)
  • Both Types: 0 domains

SVCB records are for general service binding, while HTTPS records are specifically for HTTP services. The exclusive use of HTTPS records makes sense for web services.

Port Configuration Analysis

Standard Port Usage

All 18 domains with HTTPS records use standard HTTPS port (443). No custom port configurations were detected.

  • Standard Port (443): 100% of HTTPS records
  • Custom Ports: 0 domains
  • Port Hints in Records: Not specified (defaults to 443)

The universal use of standard ports indicates conservative deployment strategies among early adopters.

Industry Leaders

Organizations leading RFC 9460 adoption with the highest compliance scores

Rank Domain Compliance Score Features Details
1 discord.com
85/100
 HTTPS RR HTTP/3 IPv4 IPv6
1 cloudflare.com
85/100
 HTTPS RR HTTP/3 IPv4 IPv6
1 doordash.com
85/100
 HTTPS RR HTTP/3 IPv4
4 google.com
70/100
 HTTPS RR HTTP/3
4 facebook.com
70/100
 HTTPS RR HTTP/3
4 instagram.com
70/100
 HTTPS RR HTTP/3
7 stackoverflow.com
65/100
 HTTPS RR IPv4 IPv6
8 linkedin.com
42.5/100
 HTTPS RR
9 youtube.com
40/100
 HTTPS RR
10 theverge.com
32.5/100
 HTTPS RR
Notable Observations
  • CDN providers (Cloudflare) are leading adoption with comprehensive feature support
  • Major tech platforms (Google, Facebook, Discord) have partial implementation
  • HTTP/3 support is the most commonly implemented feature (72% of HTTPS-enabled domains)
  • ECH (Encrypted Client Hello) has not been deployed by any tested domain yet

Technical Implementation Details

ALPN Protocol Distribution

Application-Layer Protocol Negotiation (ALPN) values found in HTTPS records

Priority Values

All implementations use priority 1 (highest) for their HTTPS records

DNS Query Examples

$ dig +short cloudflare.com TYPE65
1 . alpn=h3,h2 ipv4hint=104.16.132.229,104.16.133.229 ipv6hint=2606:4700::6810:84e5,2606:4700::6810:85e5
;; ANSWER SECTION:
cloudflare.com.    300    IN    TYPE65    \# 67 00010000010003026833026832000400081A0
                                           68104E51A068105E5000600202606470000000
                                           000000006810084E526064700000000000000
                                           006810085E5
{
  "priority": 1,
  "target": ".",
  "params": {
    "alpn": ["h3", "h2"],
    "ipv4hint": ["104.16.132.229", "104.16.133.229"],
    "ipv6hint": ["2606:4700::6810:84e5", "2606:4700::6810:85e5"]
  }
}

RFC 9460 Features Analysis

HTTP/3 Support
72%

of HTTPS-enabled domains advertise HTTP/3 via ALPN

IPv4 Hints
56%

provide IPv4 address hints for faster resolution

IPv6 Hints
33%

include IPv6 address hints for dual-stack support

ECH Config
0%

currently deploying Encrypted Client Hello

Methodology

Data Collection
  • Analyzed top 100 websites from global traffic rankings
  • Queried both root domain and www subdomain for each site
  • Checked for both HTTPS (Type 65) and SVCB (Type 64) DNS records
  • Used public DNS resolvers (8.8.8.8, 1.1.1.1) for queries
  • Total of 400 DNS queries (100 domains × 2 subdomains × 2 record types)
Scoring System
  • Base Score (40 points): Presence of HTTPS record
  • HTTP/3 Support (30 points): ALPN includes h3 protocol
  • IP Hints (15 points): IPv4 or IPv6 address hints
  • ECH Support (15 points): Encrypted Client Hello configuration
Tools Used

Analysis performed using custom Python tooling with dnspython library. Source code available on GitHub.