Security
DNSSEC
Cryptographically signs your DNS records so resolvers can detect tampering. Underused — but increasingly expected for finance, gov, and email.
What it is
Domain Name System Security Extensions. A chain of cryptographic signatures from the root zone down to your domain that lets resolvers detect cache poisoning, MITM, and registrar-level hijacks.
Why it matters
DNSSEC + DANE is the only way to fully secure SMTP-in-transit without trusting the public CA system. .gov mandates it; major banks deploy it.
Who it applies to
High-trust domains — gov, finance, healthcare, email at scale.
How WQI scores it
Web Quality Index considers this standard satisfied when the supporting factor passes.
| # | Factor | Status |
|---|---|---|
| 22 | DNSSEC validation | planned |
0 of 1 supporting factors are currently collected. Sites where the remaining 1 haven't been measured will show as partial or unknown on this standard until the data lands.