Skip to content
Innovation & Growth

Modern Frameworks Now Outnumber Legacy on the High-Traffic Web. The Crossover Is Here.

In May 2025, 58.3% of the Tranco top 10K ran legacy frameworks. In July 2026, that number fell to 43.9%. Modern frameworks now hold 48.7%. The structural shift crossed the midpoint.

· 5 min read
Share on X LinkedIn
Modern Frameworks Now Outnumber Legacy on the High-Traffic Web. The Crossover Is Here.

The Midpoint

WebPulse classifies every detected framework into one of three generations: legacy (WordPress, Drupal, Joomla, Magento), modern (Next.js, Nuxt, Astro, Angular, React, Vue, Hugo, Rails, Django, Laravel, and others built after 2010 with contemporary architectures), and emerging (SolidJS, Qwik, Hono, and other frameworks still in early adoption). In May 2025, legacy frameworks held 58.3% of the Tranco top 10K. Modern held 41.7%. Emerging was untracked.

In July 2026, the generation split has inverted. Modern frameworks now hold 48.7% — up 7 percentage points. Legacy has fallen to 43.9% — down 14.4 percentage points. The remaining 7.4% belongs to emerging frameworks, a category that did not exist in the previous scan.

48.7%
Modern framework share
Source: WebPulse Census — 1,609 of 3,301 detected sites
43.9%
Legacy framework share
Source: WebPulse Census — 1,448 of 3,301 detected sites
14.4 percentage points
Legacy share decline
Source: WebPulse baseline comparison (May 2025 → July 2026)

Where Legacy Lost Ground

The legacy decline is not driven by a single framework collapsing. It is broad-based. WordPress dropped from 30.4% to 22.4%. Drupal dropped from 27.0% to 21.1%. Joomla from 0.5% to 0.3%. Magento from 0.4% to 0.1%. Every legacy CMS in the scan contracted. No legacy framework gained share.

The modern gains are similarly distributed. Next.js gained 7.9 percentage points — the single largest gain of any framework. Astro gained 0.4 points. React gained 0.7 points. Hugo gained 0.4 points. Vue and SvelteKit held roughly steady. The growth is led by Next.js but supported across the modern cohort.

The Security Dimension

Legacy and modern are not just architectural labels. They correlate directly with security exposure. The legacy cohort — WordPress, Drupal, Joomla, Magento — carries a combined 22,000+ CVEs in the NVD. The modern cohort's total is under 500. Framework generation is a proxy for vulnerability density, and the high-traffic web is migrating toward the lower-density option.

22,000+
Legacy cohort combined CVEs
Source: NVD/NIST (July 2026)
<500
Modern cohort combined CVEs
Source: NVD/NIST (July 2026)

The CSP Signal

WebPulse's July 2026 census also measured Content Security Policy header adoption across the full scan. 24.7% of all scanned domains — 2,458 of 9,947 — return a CSP header. This is not a framework metric but a security posture indicator. Sites with CSP headers are actively managing their content security boundaries. The correlation between CSP adoption and modern framework usage is worth tracking as the census expands to the full 10 million site dataset.

24.7%
CSP header adoption
Source: WebPulse Census — 2,458 of 9,947 scanned domains

What Happens Next

The generation crossover on the high-traffic web is a leading indicator. The top 10,000 sites are run by teams with the resources and incentive to migrate first. The broader web — tens of millions of sites — follows on a longer timeline. WebPulse is currently scanning the June 2026 Common Crawl index to measure the generation split across 10 million domains. The top-10K crossover tells us where the web is heading. The full census will tell us how far behind the rest of the web is.

Share this insight