How Scorifya fits next to deep TLS graders, browser-focused posture tools, and header-only checkers
Specialized tools are often the right place for depth in one lane. Scorifya is deliberately breadth-first: one pass over a public URL that feeds a single 0–100 score with published category weights (TLS, headers, exposure, cookies, passive DNS/email), prioritized findings, and remediation copy, so product owners and agencies get a consistent scorecard before ship, not another raw header grid alone.
- Browser-focused posture tools: often emphasize browser-facing policy (for example CSP and HSTS). Scorifya overlaps on important header and TLS signals but also scores passive DNS and email auth (SPF, DMARC, limited DKIM hints, MX), security.txt, curated public subdomains, and session cookie flags visible on the response, all folded into the same weighted categories with per-finding penalties you can audit on the methodology page.
- Deep TLS graders: typically go deep on cipher suites, chain quality, and server TLS configuration. Scorifya checks certificate and protocol hygiene that affects your score but is not a substitute for full TLS grading depth. The differentiation is one prioritized list that combines that TLS snapshot with headers, hygiene, cookies, and DNS/email context for the same hostname.
- Header-only checkers: fast pass/warn rows on response headers. Headers are only one pillar here (one published cap toward the total). Scorifya adds TLS/redirect behavior, exposure and banner signals, cookie attributes when present, and passive DNS/email signals, each with plain-language risk, ordered fix steps, and (for common gaps) copy-ready config examples aimed at people shipping changes, not only machine-parseable header output.
We still do not run penetration tests, authenticated crawls, or exploit attempts. Scope is public configuration and hygiene only, documented on the methodology page.