While I’m checking which and how many servers use RC4 cipher suites I haven’t said anything about clients in general. The reason is two fold, firstly because basically all current clients should be supporting at least 3DES and usually AES ciphers and secondly because I don’t have access to any meaningfully large data set (or a site popular enough to make the statistics meaningful) to say anything about clients in general.
Interestingly, people at CloudFlare not only have analyzed their data but also provided quite a few nice graphs to go along it.
The gist of the article is that about 0.000002% (1 in 50 million) of requests ends up using RC4 ciphers. Of that about 50% are MitM proxies used by schools or institutions and 30% are old candy bar phones (from 2006 and 2007).
Head over to The Web is World-Wide, or who still needs RC4? for more info.