Cookie Policy

This site uses cookies. When browsing the site, you are consenting its use. Learn more

I understood



Briefly, what’s the purpose of verifies the (correct) implementation of the standards, best practices and configurations that most contribute to guarantee the security, integrity and confidentiality in the communications through the Internet. At this stage, it essentially targets the security conditions presented by the internet and e-mail domains.

Are the stated requirements mandatory?

The evaluations resulting from this tool, as well as the recommendations presented, are only informative and indicative of the best practices that should be adopted for a safer use and presence in the cyberspace.


How are the tests performed on the different domains? Are the results accurate? uses validation mechanisms based on open-source code to measure compliance with standards and good practices. Given the multiplicity of existing domains, the heterogeneity of the systems that support them, and the existence of possible protection mechanisms that influence the validations, the results obtained in the tests may not correspond to the actual state of implementation of a given requirement.

Can I test any domain or are the tests restricted to some top-level domain (TLD)?
The tests can be performed on any type of domain and subdomain, regardless of its top-level domain.

What are optional tests?
Optional tests represent assessments of security aspects that are considered relevant. However, their inclusion as a requirement is still under evaluation.

Are the requirements static or will they likely change?
Like any platform focused on aspects of information security and cybersecurity, intends to evolve and incorporate the evaluation of new standards, best practices and recommendations, whenever this is considered relevant. The News section will be one of the channels used to update the platform users regarding this evolution.


How is a category-level result obtained?
A category-level result ("Website Component" and "E-mail Component") reflects the compliance status of an internet domain (typically associated with a website) or an e-mail domain with all the tests defined for that category.

The result of the category will reflect the worst result obtained by an individual test of that category:
Compliant ("green"), if all the requirements defined for that category are verified;
Not compliant ("red"), if at least one of the requirements for that category is not met;
Partially compliant ("yellow"), if a partial compliance with at least one test and full compliance with the remaining tests of this category is verified.

What is the meaning of a "Test not performed" ?
A "Test not performed" results from the inability to perform a particular validation, which may occur due to one of the following reasons:
- The test depended on an earlier validation that failed;
- It was not possible to collect all the technical information necessary for the validation.

What is the impact of an optional test on the results of a category?
An optional test result will not be considered in terms of a category-level result calculation. states that my domain does not meet the X requirement, however it is implemented. How can I report this issue?
As stated in a previous point (see: How are tests performed on different domains? Are the results accurate?), the results obtained in the tests may not correspond to the actual state of implementation of a particular requirement. If you detect a particular situation where this happens, please use our contact form to report the situation.