Scorecard Issue Types
- Unsafe Implementation of Subresource Integrity (SRI)
- Ransomware-Susceptible Remote Access Services Exposed
- Subdomain DMARC Record Contains None Policy Findings
- Certificate Lifetime Is Longer Than Best Practices
- Certificate Without Revocation Control
- Certificate Is Expired
- Certificate Is Self-Signed
- Site Does Not Use Best Practices Against Embedding of Malicious Content
- Certificate Is Revoked
- Website does not implement X-Content-Type-Options Best Practices
- Certificate Signed With Weak Algorithm
- Understanding Patching Cadence Findings
- DNS Server Accessible
- Telephony/VoIP Device Accessible
- FAQ related to "Credentials at Risk" issue types
- Website References Object Storage
- Redirect Chain Contains HTTP
- Site does not enforce HTTPS
- SSL/TLS Service Supports Weak Protocol
- November 2022 OpenSSL 3.X vulnerability detected
- Domain advertised as ransomware victim
- Address score-impacting CVEs in your Scorecard
- Content Security Policy contains broad directives: validation and remediation
- Web application potentially vulnerable to Spring4Shell
- Ransomware infection detected
- Low-, medium-, and high-severity patching cadences analyzed
- Vulnerable Log4j issue types
- FAQ about the Log4j vulnerability
- Website uses GoDaddy TLS certificates
- Website hosted by GoDaddy's Wordpress