In this article:
Problem
Some findings related to a subdomain may be present in the findings listing, however the said subdomain is not present on the Digital Footprint of the Scorecard.
Answer
Domain based findings with a 'Final URL' column use the apex domain as the association, rather than the subdomain. As a result, the presence of those findings is independent of the presence of the subdomain on the Digital Footprint.
The following domain based Issue types contain a 'Final URL' column:
- Site does not enforce HTTPS (domain_missing_https_v2)
- Website Does Not Implement HSTS Best Practices (hsts_incorrect_v2)
- Insecure HTTPS Redirect Pattern (insecure_https_redirect_pattern_v2)
- Redirect Chain Contains HTTP (redirect_chain_contains_http_v2)
- Content Security Policy (CSP) Missing (csp_no_policy_v2)
- Site Does Not Use Best Practices Against Embedding of Malicious Content (x_frame_options_incorrect_v2)
- Website does not implement X-Content-Type-Options Best Practices (x_content_type_options_incorrect_v2)
- Content Security Policy Contains Broad Directives (csp_too_broad_v2)
To find these findings in the Digital Footprint for a subdomain, it may be necessary to view the details page of the apex domain, or go directly to the noted issue type pages above.
A Feature Request to link those issue types to the subdomain has been created for our Product Team to review for possible inclusion in the future.