Industry benchmarks

How each sector scores

Different industries have different baselines. Banks ship HSTS preload by default; news sites skip CSP because ad-tech makes it commercially impractical; government sites span a wide range depending on whether federal directives apply. Each benchmark below describes the typical posture in that sector, the most common gaps, and lists representative domains you can scan for live comparison.

E-commerce
Typical 62–82 / 100
E-commerce website security benchmarks — how online stores score
Public hardening benchmarks for e-commerce sites: typical TLS, header, and DNS posture across stores, marketplaces, and payment-handling pages — with representative domains you can scan for live comparison.
SaaS
Typical 78–92 / 100
SaaS website security benchmarks — how cloud apps score
Public hardening benchmarks for SaaS marketing and app sites: how productivity tools, dev platforms, and B2B services handle TLS, headers, and DNS — with representative domains for live comparison.
News & media
Typical 55–78 / 100
News & media website security benchmarks — how publishers score
Public hardening benchmarks for news, blogs, and digital media sites: how publishers handle ads, analytics, and TLS — with representative domains for live comparison.
Fintech & banking
Typical 80–95 / 100
Fintech & banking security benchmarks — how financial sites score
Public hardening benchmarks for banks, neobanks, and payment processors: TLS rigor, header coverage, and email auth across the financial sector — with representative domains for live comparison.
Government & public sector
Typical 70–90 / 100
Government website security benchmarks — how .gov sites score
Public hardening benchmarks for government and public-sector websites: how federal, state, and municipal sites handle TLS, headers, and DNS — with representative domains for live comparison.
Healthcare
Typical 60–88 / 100
Healthcare website security benchmarks — how hospitals & telehealth score
Public hardening benchmarks for healthcare websites: how hospital systems, insurers, and telehealth platforms handle TLS, headers, and DNS — with representative domains for live comparison.

Don’t see your sector?

Scan your site directly — the full hardening score works for any public URL, not just the sectors we benchmark explicitly. Send feedback if there’s an industry you’d like covered.

Scan your site Suggest a sector

How each sector scores

E-commerce

Typical 62–82 / 100

E-commerce website security benchmarks — how online stores score

Public hardening benchmarks for e-commerce sites: typical TLS, header, and DNS posture across stores, marketplaces, and payment-handling pages — with representative domains you can scan for live comparison.

SaaS

Typical 78–92 / 100

SaaS website security benchmarks — how cloud apps score

Public hardening benchmarks for SaaS marketing and app sites: how productivity tools, dev platforms, and B2B services handle TLS, headers, and DNS — with representative domains for live comparison.

News & media

Typical 55–78 / 100

News & media website security benchmarks — how publishers score

Public hardening benchmarks for news, blogs, and digital media sites: how publishers handle ads, analytics, and TLS — with representative domains for live comparison.

Fintech & banking

Typical 80–95 / 100

Fintech & banking security benchmarks — how financial sites score

Public hardening benchmarks for banks, neobanks, and payment processors: TLS rigor, header coverage, and email auth across the financial sector — with representative domains for live comparison.

Government & public sector

Typical 70–90 / 100

Government website security benchmarks — how .gov sites score

Public hardening benchmarks for government and public-sector websites: how federal, state, and municipal sites handle TLS, headers, and DNS — with representative domains for live comparison.

Healthcare

Typical 60–88 / 100

Healthcare website security benchmarks — how hospitals & telehealth score

Public hardening benchmarks for healthcare websites: how hospital systems, insurers, and telehealth platforms handle TLS, headers, and DNS — with representative domains for live comparison.

Don’t see your sector?

Scan your site directly — the full hardening score works for any public URL, not just the sectors we benchmark explicitly. Send feedback if there’s an industry you’d like covered.

Scan your site Suggest a sector