Back to Dashboard

Understanding Your Security Score

How we calculate the health rating of your website's security posture.

The Scoring Algorithm

Every scan starts with a perfect score of 100. As our scanner analyzes your website, it deducts points for every vulnerability, missing best practice, or potential risk found. The final score represents your overall security health, with 0 being critical risk and 100 being standardized best practice.

Deductions by Severity

Not all issues are equal. We weigh them based on the potential impact to your users and your business.

Critical Severity
-15 to -20 points

Active vulnerabilities that can be immediately exploited, such as exposed API keys within the HTML, mixed content on secure payment pages, or missing HSTS enforcement.

High Severity
-10 points

Significant risks like missing Content Security Policies (CSP), unencrypted forms, or insecure cookie configurations that leave sessions vulnerable.

Medium Severity
-5 points

Best practices that are missing, such as X-Frame-Options headers (clickjacking protection) or weak referrer policies.

Low Severity
-1 to -3 points

Informational issues or minor configuration tweaks, such as missing "lang" attributes or legacy header configurations.

Score Tiers

90 - 100
Excellent
A Grade
70 - 89
Good / Fair
B - C Grade
0 - 69
Critical Risk
D - F Grade

What We Check

  • Strict-Transport-Security (HSTS)
  • Content-Security-Policy (CSP)
  • X-Frame-Options (Clickjacking)
  • Referrer Policies
  • Secure & HttpOnly Cookie Flags
  • Exposed Secrets (API Keys, Tokens)
  • Mixed Content (HTTP over HTTPS)
  • Unsafe External Links (Tab-nabbing)
  • SEO Metadata (Robots, Sitemaps)
  • Accessibility Basics (Alt text, Lang)
Start a New Scan