Rate my Domain - Risk Assessment

Checking Domain, please wait...

Domain Risk Assessment: % out of 100%

The Risk Assessment score of a domain is directly related with its exposure level - the higher the score, the higher the vulnerability/ exposure level. Therefore, ideally the vulnerability score of a domain would be zero or close to zero.

Headers
Cookies and Security Headers are incredibly important parameters when configuring a domain. They ensure that the information is only transmitted secure connections and that session IDs can't be stolen via XSS or Man-in-the-Middle attacks, for example.
For more information please read Mozilla's Developer Network Docs: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers
Overall
/ 53
Strict-Transport-Security
/ 7
X-Frame-Options
/ 10
X-XSS-Protection
/ 8
Content-Security-Policy
/ 7
Public-Key-Pins
/ 5
X-Content-Type-Options
/ 10
Referrer-Policy
/ 6
Cookies
Cookies and Security Headers are incredibly important parameters when configuring a domain. They ensure that the information is only transmitted secure connections and that session IDs can't be stolen via XSS or Man-in-the-Middle attacks, for example. For this, we check if recommended attributes are missing.
Format: "cookie name":"attribute".
For more information please read Mozilla's Developer Network Docs: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
Overall
/ 44
SSL
We check if the domain allows for SSL connections and if so, if it is correctly configured (the information transmitted would be encrypted).
For more information and recommended configurations please read Mozilla's Page https://wiki.mozilla.org/Security/Server_Side_TLS
Overall
/ 58
No SSL
Main Certificate
- Issuer: Not Found
- Certificate is: Not Found
/ 4
- Signature Algorithm
/ 4
- Self-Signed
/ 4
Heartbleed
/ 10
CCS Injection
/ 6
Crime
/ 6
Renegotiation
/ 6
OCSP Stapling
/ 10
Logjam
/ 6
Drown
/ 6
Poodle
/ 6

Frequently Asked Questions

When someone asks for a score of a domain, a scan event is triggered on that domain and the relevant information is gathered. The final score of the domain is computed and it is presented as a normalized value of the weighted sum of the values given by each category.
Check our Rate My IP feature.
This is an open framework we're trying to establish. Please do a pull request or comment on the following github: ratemyip-openframework.
No, this is just passive scanning. We only check how the domain is configured through multiple sources/methods.
No, it means we haven't detected issues based on what we check, but you might still be attacked by other means.
Top