FAQ
- Phased Re-introduction of Historical Findings Data
- Let's Encrypt discontinued its OCSP service on August 6, 2025
- Message 'Every row should contain the ";" separator.' received when uploading a custom compliance framework
- Asset has a self-signed certificate finding but the certificate is signed by a public CA
- Why do I see "This IP address is no longer attributed to this scorecard" on a custom scorecard?
- Why does a ‘Medium-Severity’ CVSS finding have a lower score impact then ‘Low-Severity’ CVSS findings?
- Understanding the meaning of 'Status' in the Compliance CSV export.
- Multiple domains are attributed to my company but the WHOIS information is a 3rd party
- Understanding the Column 'Criticality' in the Digital Footprint
- Custom and Parent scorecards discrepancies between findings and digital footprint
- Is there a count of resolved findings using the remediation process?
- Email not received when resolving a finding by selecting 'Fixed'
- ERR_SSL_VERSION_OR_CIPHER_MISMATCH when accessing SecurityScorecard Platform
- Time Zones for Timestamps on the Platform UI, CSV exports and APIs
- Why is the "Fixed" button not available for Patching Cadence issue types?
- Multiple assets shown in observations for 'SSL/TLS' issue types for a single finding
- The usage of hxxp/hxxps next to some links in Platform and API
- Merge scorecards
- Time-to-live (TTL) for attributed assets on Digital Footprint
- What are the egress regions for SecurityScorecard scanners?
- How and why Website Copyright is Not Current (website_copyright_expired) is an issue
- Infection Date
- History Tab Score Change does not match "Overall score impact" reported under Issue Types
- Findings on a subdomain which is not present in the Digital Footprint
- All CVSS v3 Issue types have a Low Severity despite of their Criticality
- How is Reduced User-Agent String addressed?
- Why is a new zero day vulnerability set to informational with no impact?
- Adding and removing subdomains to the Digital Footprint