Skip to main content
45672 sites analysed

EU Web Technology Landscape

CMS, hosting providers, and consent platforms across 45672 EU websites

WordPress

Top CMS (69.3%)

6595

Sites with CMS

Apache

Top Server (26.6%)

40%

EU-hosted providers

In this report

CMS Distribution Server Technology Hosting Landscape

CMS Distribution

6595 sites with detected CMS

CMS choice directly affects security posture — outdated CMS versions are a leading attack vector. Plugin ecosystems, update frequency, and default security configurations vary significantly between platforms, impacting vulnerability exposure and patch cycles.

WordPress
69.3% (4572)
Magento
4.0% (265)
Wix
4.0% (262)
Joomla
3.9% (254)
Drupal
3.8% (248)
Next.js
3.7% (241)
TYPO3
2.2% (146)
Shopify
2.1% (141)
Squarespace
1.8% (117)
All in One SEO (AIOSEO) 4.9.5.1
1.3% (89)
PrestaShop
0.9% (61)
Webnode 2
0.5% (34)
Jimdo Creator
0.5% (31)
One.com Web Editor
0.5% (31)
Contao Open Source CMS
0.4% (25)

Server Technology

9854 sites with detected server

Web server software and runtime frameworks. Server version disclosure can aid attackers — but also helps identify outdated, vulnerable infrastructure. End-of-life PHP versions receive no security patches.

Web Servers

Apache
26.6%
nginx
26.1%
Cloudflare
17.1%
LiteSpeed
11.1%
Apache 2.4
4.1%
Pepyaka
2.7%
openresty
2.2%
Microsoft-IIS 10.0
2.0%
Apache 2
1.8%
OVHcloud
1.4%
Squarespace
1.3%
aruba-proxy
1.2%
Apache / ZoneOS
1.1%
Vercel
0.8%
Simply.com
0.6%

Frameworks & PHP Versions

PHP 7.4 ⚠
17.8%
PHP 8.3
14.3%
ASP.NET
13.6%
PHP 8.2
11.0%
PHP 8.1
9.9%
PHP 8.4
8.1%
PHP 5.6 ⚠
4.9%
PHP 8.0 ⚠
4.1%
PHP 7.3 ⚠
4.0%
Express (Node.js)
3.1%
PHP 7.2 ⚠
2.6%
PHP 8.5
2.2%
PHP 7.0 ⚠
2.0%
PHP 5.3 ⚠
1.2%
PleskLin
1.1%

Hosting Provider Landscape

42462 sites with hosting data

GDPR Art. 28 requires data processing agreements specifying where data is stored. Art. 44-49 regulate international transfers — hosting with US-headquartered providers triggers Schrems II (CJEU C-311/18) and CLOUD Act considerations, requiring SCCs with supplementary measures.

40%

EU-headquartered provider

60%

Non-EU provider (CLOUD Act / Schrems II)

Top hosting providers

Cloudflare (US · non-EU) 6719 15.8%
Amazon Web Services (US · non-EU) 4069 9.6%
Hetzner (DE · EU) 1964 4.6%
Google Cloud (US · non-EU) 1390 3.3%
Microsoft Azure (US · non-EU) 1344 3.2%
OVHcloud (FR · EU) 1317 3.1%
Akamai (US · non-EU) 757 1.8%
IONOS (1&1) (DE · EU) 741 1.7%
Fastly (US · non-EU) 592 1.4%
Combell (BE · EU) 540 1.3%

Top hosting countries

US
33.9%
DE
13.9%
FR
5.6%
NL
4.1%
CZ
2.9%
PL
2.8%
IT
2.7%
GB
2.6%
CH
2.5%
DK
2.4%

Server location via IP geolocation (MaxMind GeoLite2). Company HQ from ASN registry. A site may be physically hosted in the EU but use a US-headquartered provider subject to the CLOUD Act — per Schrems II (CJEU C-311/18), this requires SCCs with supplementary measures. · GDPR Art. 44–49

Methodology

How this data was collected and what it represents.

CMS detection uses multiple signals: HTTP response headers (X-Powered-By, X-Generator), HTML meta generator tags, characteristic URL patterns, CSS class naming conventions, and JavaScript global variables. Detection covers WordPress, Joomla, Drupal, Typo3, Shopify, Wix, Squarespace, and 40+ other platforms.

CMP detection identifies consent management platforms via script sources, cookie names, DOM elements, and IAB TCF API presence (window.__tcfapi). Over 33 CMP vendors are tracked including Cookiebot, OneTrust, Usercentrics, Borlabs Cookie, and Complianz.

Hosting provider identification combines IP geolocation (MaxMind GeoLite2) for server location with ASN/WHOIS data for provider identification and company headquarters mapping.

No individual sites are named. All statistics are aggregated and anonymised. The data represents a snapshot and is updated continuously as new scans complete.

Where does your website stand?

Run a free security scan and see how you compare — TLS, headers, email, DNS, accessibility, cookies — in 30 seconds, no account needed.

Scan your website now Security report Accessibility report

Based on automated scans of 45672 European websites. Updated continuously.