Frequently asked questions

Short answers about what Scorifya does and what it does not do.

Run a scan from the homepage, open stack guides for deploy-ready header and TLS recipes, or browse latest CVE notices for curated vulnerability signals outside the scorecard.

What is Scorifya?

Scorifya is a breadth-first hardening scorecard for a public URL: one published 0–100 score that combines TLS/HTTPS behavior, security headers, exposure and hygiene signals, cookie attributes when visible, and passive DNS/email checks (SPF, DMARC, limited DKIM hints, MX, curated subdomains), plus infrastructure visibility hints—each with documented weights and penalties. Results prioritize what to fix and why, not a substitute for professional penetration testing or compliance certification.

Why use Scorifya instead of deep TLS graders, browser-focused posture tools, or header-only checkers?

We keep the full walkthrough on its own page so this FAQ stays scannable: How Scorifya compares to other tool types.

How does scoring work?

We sum five base category scores—TLS & HTTPS, security headers, exposure & hygiene, cookie practices, and DNS & email signals—plus a conditional WordPress category when we detect WordPress on the scanned site, scaled to a 0–100 overall score. Weights and penalties are documented on How Scorifya works. Each finding can show how many points it costs in its category, a short real-world risk note, and copy buttons for fix steps. It reflects public configuration only—no exploitation, no port scanning, no logins.

Is Scorifya a website security scanner?

In everyday terms, yes: you enter a URL and we return a structured check of public security configuration—not malware scanning, not authenticated crawling, and not exploitation. See the website security scanner page for what is included and what is out of scope.

Is this a penetration test or vulnerability scan?

No. We do not attempt to exploit systems, crawl authenticated areas, or enumerate vulnerabilities. The score reflects publicly visible configuration, not breach likelihood or “how hackable” a site is.

Will you scan pages behind login?

No. We only request the URL you enter (and follow redirects). We cannot access areas that require credentials or special permissions.

Do you store my scans?

The current public MVP is designed for on-demand checks. See our Privacy Policy for what we may log and how long it is retained. Future paid features (history, monitoring) would use a clear notice and consent where required.

How much does Pro cost?

See Scorifya Pro for exports, unlimited scans, and trial details. Pro is $9.99 USD per month as a recurring subscription. You are not charged for simply creating an account or signing in—only if you choose Subscribe to Pro and complete checkout. The billing interval, taxes (if any), and final amount are shown before you confirm. You can cancel anytime from Account → Manage billing & cancellation, or using links in subscription emails—renewals stop going forward but you keep access through the period you already paid for.

Why did my score change?

Certificates expire, headers change, and CDNs update. Re-run a scan after deployments or infrastructure changes. Small score movements are normal.

Can I scan any website?

You should only scan sites you own or have permission to test. We block private networks, localhost, and common cloud metadata hostnames to reduce abuse and accidental internal probing.

How do I contact you?

Use the Contact page. We will list an official support address as the service matures.