The Risk Assessment score of a domain is directly related with its exposure level - the higher the score, the higher the vulnerability/ exposure level. Therefore, ideally the vulnerability score of a domain would be zero or close to zero.
Headers
Cookies and Security Headers are incredibly important parameters when configuring a domain. They ensure that the information is only transmitted secure connections and that session IDs can't be stolen via XSS or Man-in-the-Middle attacks, for example.
For more information please read Mozilla's Developer Network Docs: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers
Overall
/ 53
Strict-Transport-Security
/ 7
X-Frame-Options
/ 10
X-XSS-Protection
/ 8
Content-Security-Policy
/ 7
Public-Key-Pins
/ 5
X-Content-Type-Options
/ 10
Referrer-Policy
/ 6
Cookies
Cookies and Security Headers are incredibly important parameters when configuring a domain. They ensure that the information is only transmitted secure connections and that session IDs can't be stolen via XSS or Man-in-the-Middle attacks, for example. For this, we check if recommended attributes are missing. Format: "cookie name":"attribute".
For more information please read Mozilla's Developer Network Docs: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
Overall
/ 44
SSL
We check if the domain allows for SSL connections and if so, if it is correctly configured (the information transmitted would be encrypted).
For more information and recommended configurations please read Mozilla's Page https://wiki.mozilla.org/Security/Server_Side_TLS
When someone asks for a score of a domain, a scan event is triggered on that domain and the relevant information is gathered. The final score of the domain is computed and it is presented as a normalized value of the weighted sum of the values given by each category.