Methodology
How SiteScope Scores a Website
An open look at the signals, weights, and editorial process behind every audit.
The SiteScope trust score is a composite of four weighted sub-signals. Each sub-signal is collected automatically, then sanity-checked by an editor before publication. The final 0–100 number is a blended estimate of how safe, legitimate, and useful a site is likely to be for a typical visitor in its category.
1. Domain age & continuity
We pull the registration history of every domain in the catalog. Long, continuous registrations under stable ownership are a positive signal. They correlate with ongoing operations, accumulated reputation, and the simple fact that the operator has paid the renewal fee year after year. Short or recently-changed registrations are not disqualifying, especially for new launches, but they raise the editorial bar for the rest of the audit.
2. Transport security
We check that the site responds over HTTPS, presents a certificate from a recognized authority, and has a clean chain of trust. This is the absolute baseline of operating on the modern web. Failures here (expired certificates, mismatched names, self-signed chains) are immediately reflected in the score. Passing this check is necessary but not sufficient: even a perfectly-configured TLS setup tells you nothing about what the site does with your data once it has it.
3. Observed reputation & rank
We weight the site's position in publicly available popularity rankings (primarily referring-subnet rankings derived from open data sources) alongside any reputation flags we observed during our crawl. High public visibility is a positive signal because heavily-trafficked sites are continuously audited by the wider security community. Low visibility is neutral, not negative. Plenty of excellent niche sites never crack a global top-10,000 list.
4. Category-specific expectations
This is where editorial judgment enters. Every category in our catalog has its own checklist. An e-commerce site is expected to surface clear shipping and return policies, a working customer-support channel, and a recognizable payment processor. A news site is expected to disclose ownership and corrections policy. A SaaS site is expected to publish status pages and security documentation. A site that meets the category baseline scores well. A site that misses parts of it loses points proportionally.
How the four signals combine
The four sub-signals are weighted, summed, and clipped to a 0–100 range, then mapped to one of three editorial bands: Trusted (80+), Caution (60–79), and Risky (under 60). The band is what most readers actually use. The underlying number is shown for transparency and to make comparisons within a band possible.
What we deliberately don't score
We don't score sites on aesthetic preference, political alignment, or business-model purity. A site can be ugly and still earn a Trusted rating, and a beautifully-designed site with thin operations and unclear ownership will still be flagged. SiteScope is an audit, not a taste guide.
Update cadence
Audits are reviewed on a rolling schedule: the highest-traffic and highest-risk categories more frequently, the long tail less often. Every audit page shows the date of its most recent editorial pass at the top of the article. If something material changes about a site between passes, you can tell us and we'll prioritize a re-audit.
Limitations
SiteScope is not a vulnerability scanner, not a fraud-detection service, and not a substitute for your own judgment. We catch a useful slice of what makes a site trustworthy, but we cannot see inside private databases, interview employees, or audit financials. Use our score the way you'd use a movie review: a useful prior, not a guarantee.