Report guide

Reading your WebTrustScore report

Every term that appears on a WebTrustScore report, in plain language — what each line means, how it is measured, and how it moves the score.

Understanding the score

Term What it means
Overall score (0–1000)The single headline number, from 0 to 1000 — higher is better. It is a weighted blend of the categories below; nothing else moves it.
BandThe word beside the score, such as Strong or Average, that groups the number into a plain-language tier. A label for the score, not a separate measurement.
WeightHow much a category counts toward the overall score. The weights add up to 100%, so a higher-weighted category moves the score more.
Data coverageHow much of a category's evidence we could actually collect — shown as Full data, Partial data, No data, or Unverifiable.
ConfidenceThe percentage beside data coverage: how complete the evidence behind a category is. Lower coverage lowers confidence, never the score silently.
Excluded categoryA category we could not evaluate at all is dropped and the rest are re-weighted, rather than counted as zero. Excluded categories show a dash.

The five trust categories

Category Weight What it means
Security posture28%Whether the site protects visitors in transit: HTTPS by default, an HTTP→HTTPS redirect, secure response headers, and a clean malware/phishing reputation.
Ownership identity20%How clearly the site and its owner can be identified: registration records, organization metadata, a reachable contact path, and structured organization data.
Reputation history20%The domain’s track record: how long it has been registered, its history with us, and third-party abuse signals.
Consumer transparency17%Whether the site publishes the policies a visitor expects: privacy policy, terms, contact details, and — for shops — returns and cookie notices.
Operational resilience15%Operational hygiene that keeps a site dependable: multiple nameservers, DNSSEC, and correctly configured mail and certificate records.

What the evidence lines mean

Security posture

TermWhat it means
HTTPS reachableWhether the site loads over HTTPS at all — the baseline for any secure connection.
HTTP statusThe HTTP status code the homepage returned (200 means it loaded normally).
HTTP → HTTPS redirectWhether plain http:// requests are upgraded to https:// automatically, so visitors are never left on an unencrypted connection.
Security headersHow many of six recommended security response headers (such as HSTS and X-Content-Type-Options) the site sets.
Malware / phishing (Web Risk)Whether the domain appears on Google’s Web Risk malware/phishing lists. Clean is good; flagged is a serious warning.

Ownership identity

TermWhat it means
RegistrarThe company the domain is registered through, from registry records.
Domain registration (RDAP)Registration data pulled live from the registry (the modern replacement for WHOIS): the registrar, and when the domain was created.
Organization metadataWhether the registration names a real organization rather than hiding behind privacy redaction only.
Abuse contactWhether an abuse-reporting contact is published for the domain.
Contact path on siteWhether the site offers a reachable way to get in touch — a contact page, email, or form.
Organization structured dataWhether the page publishes structured Organization data (schema.org JSON-LD) that identifies who runs it.

Reputation history

TermWhat it means
Domain ageHow long ago the domain was first registered, from public registry records. Older domains are harder to fake.
Prior scansHow many times we have scored this domain before — a longer history adds context.
Last scoreThe score from the most recent previous scan, for comparison.

Consumer transparency

TermWhat it means
Privacy · Terms · Contact · Returns · Cookies Whether the site publishes the policy pages visitors expect — privacy, terms, contact, and, for shops, returns and cookie notices. Each is marked present or missing.

Operational resilience

TermWhat it means
NameserversThe servers that answer DNS for the domain. Two or more is normal and points to a properly run domain.
DNSSECA cryptographic signature on the domain’s DNS records that stops attackers from forging them. Present or absent.
Mail records (MX)Mail (MX) records: whether the domain is set up to receive email.
SPF recordAn SPF DNS record listing who may send email for the domain — a basic anti-spoofing control.
DMARC recordA DMARC DNS record telling receivers what to do with email that fails authentication — a stronger anti-spoofing control.
CAA recordsA CAA DNS record that restricts which certificate authorities may issue TLS certificates for the domain.

Reported alongside the score

TermWhat it means
RegistrationWhether the name is available, registered, an active site, parked, or for sale — detected from DNS, registry records, and the live web. Reported beside the score, never folded into it.
Site statusWhat a visitor actually lands on: an active site, a parking page, a for-sale listing, a redirect to another domain, or nothing reachable. A dead site can cap a trust score.

Verification & proof

TermWhat it means
Signed proofA machine-readable record of the score, cryptographically signed the moment it was issued, so anyone can confirm it is genuine and unaltered.
Blockchain recordFor verified owners, a permanent public entry on the Base blockchain that anyone can check — an independent, tamper-proof copy of the score.
Verified ownerA badge shown when the domain’s owner has proven control of it, which unlocks publishing a public, shareable scorecard.