Summary
No - SecurityScorecard raises findings across the platform against webservers that are returning any 4xx (e.g. 404) HTTP response. If the application returns a 4xx HTTP response it is still vulnerable to a potential attack against that webserver, including a MitM.