methodology / Security & Infrastructure / #23
CAA records
#23 · Recommended · Web Quality · weighted · Security & Infrastructure · weight 0.7% · impl implemented · method v1.2.0
Web Quality factor
This factor is part of Web Quality — the weighted 0..100 score that sits above Web Standards. Its weight depends on what kind of site is being measured. Web Standards items take priority; this factor only enters the score once Web Standards passes.
- Base weight
- 0.6 applied to every site type unless overridden below
- Why this weight
- CAA records limit which CAs can issue certs for the domain. Modest baseline; matters more for high-trust sites.
Per-site-type overrides
| Site type | Weight | Δ vs base |
|---|---|---|
| E-commerce | 0.9 | +0.3 |
| Government | 1.0 | +0.4 |
| SaaS / Product | 0.8 | +0.2 |
Site types not listed inherit the base weight.
What this means for your business
A short list at your domain registrar that names which companies are allowed to issue security certificates for your site. Without it, a sloppy or compromised certificate vendor anywhere in the world could mint a fake one for your domain.
Plain title: Only your approved vendors can issue your padlock
What we measure
CAA records tell Certificate Authorities which ones are allowed to issue SSL certs for your domain. Without CAA, any CA can issue a cert — including a malicious one.
How to improve your score
Add a TXT-style CAA record listing your trusted issuer, e.g. `0 issue "letsencrypt.org"`.
Facts
When this applies
This platform doesn't let site owners edit DNS records, so CAA can't be set.
- Marked n/a when the detected platform doesn't support canEditDns (e.g., Squarespace and Wix can't set custom HTTP headers, so factor #4 becomes n/a there).
Scoring
Scoring formulas are versioned with the methodology. The current method (v1.2.0) maps raw measurements to pass, warn, fail. Factor weights determine how much each contributes to the composite — see the methodology index for the full table.
Cited by these standards
Standards in the Standards Library whose satisfiedBy requirement tree references this factor. Each link goes to the standard's full entry — methodology, scope, and the other factors it relies on.
Version history
| Version | Change | Date |
|---|---|---|
| v1.2.0 | Factor introduced. Status: live. Scoring impl: implemented. | 2026-04-25 |