Aggregate state of public TLS posture across the 427 domains Cipherwake observed this week. No specific domains called out — pure aggregate signal. Drawn from cert_observations, posture_snapshots, subdomain_observations, script_observations, and caa_observations.
| Posture | Domains | % |
|---|---|---|
| Ephemeral-only (no RSA-kex fallback) ✓ | 111 | 45.7% |
| Ephemeral-preferred but RSA-fallback accepted ⚠ | 129 | 53.1% |
| RSA-only (no forward secrecy) ✗ | 2 | 0.8% |
53.9% of observed domains still accept RSA key exchange — meaning a single harvested cert key would decrypt every TLS session captured under that posture, retroactively.
4.1% of observed domains advertise a hybrid post-quantum key exchange (X25519MLKEM768 or similar). The remaining 95.9% are exposed to harvest-now-decrypt-later attacks if quantum decryption arrives during the cert's lifetime.
55.1% of observed domains advertise HSTS. Domains without HSTS allow clients to be downgraded to HTTP, breaking the encryption guarantee entirely.
Cipherwake Monitoring tracks attack-surface changes on your own + your vendors' domains. Alerts on cert rotations, posture regressions, third-party script drift, and SPKI reuse across vendor tenants.
See Monitoring → Scan your domain →Methodology: Pulse is generated from Cipherwake's own observation history — every live-TLS probe and cert observation we've run in the last 7 days. Aggregate only; no individual domain identification per our methodology + Rule 3. Data accumulates daily via the observe-popular cron + organic user scans. JSON feed.