Modern servers prefer ECDHE for forward secrecy, but many still accept RSA key exchange when an attacker manipulates the handshake. These domains are downgrade-attackable: a MITM forces RSA, harvested traffic from that session is decryptable with one stolen cert key. This finding is independent of quantum risk — it's a present-day exposure too.
| # | Domain | Score | Grade | Sector | Freshness |
|---|---|---|---|---|---|
| 1 | nordea.com | 6.4 | D | — | verified 8h ago |
| 2 | energy.gov | 6.4 | D | — | verified 8h ago |
| 3 | stripe.com | 5.9 | C | — | verified 2h ago |
| 4 | github.com | 5.9 | C | — | verified 2h ago |
| 5 | washingtonpost.com | 5.8 | C | Global News & Media | stale (2d old) |
| 6 | usbank.com | 5.6 | C | — | verified 8h ago |
| 7 | uclahealth.org | 5.6 | C | — | verified 8h ago |
| 8 | amazon.com | 5.6 | C | — | verified 2h ago |
| 9 | met.police.uk | 5.4 | C | — | verified 8h ago |
| 10 | barclays.co.uk | 5.4 | C | — | verified 8h ago |
| 11 | monday.com | 5.3 | C | — | verified 2h ago |
| 12 | ico.org.uk | 5.2 | C | — | verified 8h ago |
| 13 | politico.com | 5.2 | C | Global News & Media | stale (6d old) |
| 14 | epirus.com | 5.2 | C | US Defense Contractors | stale (3d old) |
| 15 | cloudflare.com | 5.2 | C | — | verified 2h ago |
| 16 | alaska.com | 5.2 | C | — | verified 8h ago |
| 17 | cedars-sinai.org | 5.1 | C | — | verified 8h ago |
| 18 | saic.com | 5.1 | C | US Defense Contractors | stale (2d old) |
| 19 | audi.com | 5.0 | C | Global Automakers | stale (2d old) |
| 20 | reuters.com | 5.0 | C | Global News & Media | stale (5d old) |
| 21 | rtx.com | 5.0 | C | US Defense Contractors | verified 4h ago |
| 22 | frontier.com | 5.0 | C | — | verified 8h ago |
| 23 | twilio.com | 5.0 | C | — | verified 8h ago |
| 24 | sendgrid.com | 5.0 | C | — | verified 8h ago |
| 25 | jpmorgan.com | 5.0 | C | — | verified 2h ago |
Run the same scan we use for this ranking. See your specific findings, get the migration steps, and track the domain so you know when your score improves.