Modern servers prefer ECDHE for forward secrecy, but many still accept RSA key exchange when an attacker manipulates the handshake. These domains are downgrade-attackable: a MITM forces RSA, harvested traffic from that session is decryptable with one stolen cert key. This finding is independent of quantum risk — it's a present-day exposure too.
| # | Domain | Score | Grade | Sector | Freshness |
|---|---|---|---|---|---|
| 1 | nordea.com | 6.6 | D | — | stale (2d old) |
| 2 | energy.gov | 6.5 | D | — | stale (2d old) |
| 3 | politico.com | 6.2 | D | Global News & Media | stale (2d old) |
| 4 | zoom.us | 6.0 | D | — | stale (2d old) |
| 5 | sendgrid.com | 6.0 | D | — | stale (2d old) |
| 6 | dwp.gov.uk | 6.0 | D | — | stale (2d old) |
| 7 | ico.org.uk | 6.0 | D | — | stale (2d old) |
| 8 | hyundai.com | 6.0 | D | Global Automakers | stale (2d old) |
| 9 | newrelic.com | 6.0 | D | — | stale (2d old) |
| 10 | gov.uk | 6.0 | D | — | stale (2d old) |
| 11 | ofsted.gov.uk | 6.0 | D | — | stale (2d old) |
| 12 | apnews.com | 6.0 | D | Global News & Media | stale (2d old) |
| 13 | intercom.com | 6.0 | D | — | stale (2d old) |
| 14 | twilio.com | 6.0 | D | — | stale (2d old) |
| 15 | nyulangone.org | 6.0 | D | — | stale (2d old) |
| 16 | honda.com | 6.0 | D | — | stale (2d old) |
| 17 | rivian.com | 6.0 | D | Global Automakers | stale (2d old) |
| 18 | github.com | 5.9 | C | — | verified 4h ago |
| 19 | stanfordhealthcare.org | 5.8 | C | — | stale (2d old) |
| 20 | theguardian.com | 5.8 | C | Global News & Media | stale (2d old) |
| 21 | pennmedicine.org | 5.8 | C | — | stale (2d old) |
| 22 | zendesk.com | 5.7 | C | — | stale (6d old) |
| 23 | linear.app | 5.7 | C | — | stale (6d old) |
| 24 | fbi.gov | 5.7 | C | — | stale (6d old) |
| 25 | santander.com | 5.7 | C | — | stale (6d old) |
Run the same scan we use for this ranking. See your specific findings, get the migration steps, and track the domain so you know when your score improves.