Modern servers prefer ECDHE for forward secrecy, but many still accept RSA key exchange when an attacker manipulates the handshake. These domains are downgrade-attackable: a MITM forces RSA, harvested traffic from that session is decryptable with one stolen cert key. This finding is independent of quantum risk — it's a present-day exposure too.
| # | Domain | Score | Grade | Sector | Freshness |
|---|---|---|---|---|---|
| 1 | stripe.com | 6.6 | D | — | verified 3h ago |
| 2 | nordea.com | 6.4 | D | — | verified 5h ago |
| 3 | energy.gov | 6.4 | D | — | verified 5h ago |
| 4 | github.com | 6.2 | D | — | verified 3h ago |
| 5 | uclahealth.org | 5.8 | C | — | verified 5h ago |
| 6 | washingtonpost.com | 5.8 | C | Global News & Media | stale (3d old) |
| 7 | usbank.com | 5.6 | C | — | verified 5h ago |
| 8 | amazon.com | 5.6 | C | — | verified 3h ago |
| 9 | apnews.com | 5.6 | C | Global News & Media | stale (4d old) |
| 10 | ofsted.gov.uk | 5.4 | C | — | verified 5h ago |
| 11 | met.police.uk | 5.4 | C | — | verified 5h ago |
| 12 | barclays.co.uk | 5.4 | C | — | verified 5h ago |
| 13 | monday.com | 5.3 | C | — | verified 2h ago |
| 14 | commerzbank.de | 5.3 | C | — | verified 5h ago |
| 15 | rivian.com | 5.2 | C | Global Automakers | stale (2d old) |
| 16 | alaska.com | 5.2 | C | — | verified 5h ago |
| 17 | cloudflare.com | 5.2 | C | — | verified 3h ago |
| 18 | politico.com | 5.2 | C | Global News & Media | stale (2d old) |
| 19 | epirus.com | 5.2 | C | — | stale (3d old) |
| 20 | cedars-sinai.org | 5.1 | C | — | verified 5h ago |
| 21 | saic.com | 5.1 | C | — | verified 29h ago |
| 22 | audi.com | 5.0 | C | Global Automakers | stale (9d old) |
| 23 | reuters.com | 5.0 | C | Global News & Media | verified 22h ago |
| 24 | twilio.com | 5.0 | C | — | verified 5h ago |
| 25 | pennmedicine.org | 5.0 | C | — | verified 5h ago |
Run the same scan we use for this ranking. See your specific findings, get the migration steps, and track the domain so you know when your score improves.