methodology / Security & Infrastructure / #28
Subdomain takeover surface
#28 · Recommended · Web Quality · weighted · Security & Infrastructure · weight 1.3% · impl implemented · method v1.2.0
Web Quality factor
This factor is part of Web Quality — the weighted 0..100 score that sits above Web Standards. Its weight depends on what kind of site is being measured. Web Standards items take priority; this factor only enters the score once Web Standards passes.
- Base weight
- 1.0 applied to every site type unless overridden below
- Why this weight
- Subdomain takeover lets an attacker serve content from your domain. Universally relevant.
What this means for your business
If you ever spun up something like blog.yoursite.com or shop.yoursite.com and later abandoned it without cleaning up the DNS, a stranger can sometimes claim that address and put their own content under your name.
Plain title: Forgotten subdomains aren't an open door
What we measure
Dangling CNAME records pointing at deactivated cloud services (e.g. an old Heroku app, abandoned Azure resource) can be claimed by attackers — letting them serve content under your domain.
How to improve your score
Audit DNS, remove CNAMEs to dead services, lock down provider accounts.
Facts
Implementation notes
Pull subdomains from CT logs, resolve each, flag dangling CNAMEs.
Scoring
Scoring formulas are versioned with the methodology. The current method (v1.2.0) maps raw measurements to pass, warn, fail. Factor weights determine how much each contributes to the composite — see the methodology index for the full table.
Version history
| Version | Change | Date |
|---|---|---|
| v1.2.0 | Factor introduced. Status: live. Scoring impl: implemented. | 2026-04-25 |