Infrastructure Hygiene
120 points total
Examines the health and exposure of your internet-facing infrastructure — subdomain resolution, dangling CNAMEs, stale DNS records, WAF/CDN coverage, origin IP exposure, and HTTPS consistency.
Checks
| Check | Weight | What it measures |
|---|---|---|
Dangling CNAME Detection subdomain_dangling_cname | 35 pts | Identifies CNAME records pointing to deprovisioned services, which are vulnerable to subdomain takeover. |
Stale A Record Detection stale_a_record_detection | 25 pts | Detects A records pointing to IP addresses that no longer serve content or return errors. |
Subdomain Resolution subdomain_resolution | 20 pts | Resolves discovered subdomains and assesses the overall health of subdomain DNS. |
WAF/CDN Detection waf_cdn_detection | 15 pts | Checks whether web-facing hosts are served through a WAF or CDN, indicating a protection layer. |
Origin IP Exposure origin_ip_exposure | 15 pts | Checks whether the real origin server IP is exposed despite WAF/CDN usage, allowing direct access. |
HTTPS Consistency https_consistency | 10 pts | Verifies that all discovered hosts consistently serve traffic over HTTPS. |
Pass / Warn / Fail Logic
For many checks, earned points follow the verdict: full weight on pass, partial credit on some checks for warn, and none on fail. Where it matters, we spell out the points below.
Dangling CNAME Detection
Pass if no dangling CNAMEs; fail if any are detected.
Stale A Record Detection
Pass if all A records resolve to active hosts; fail if stale records found.
Subdomain Resolution
Pass if subdomains resolve normally; warn/fail on resolution anomalies.
WAF/CDN Detection
Pass if WAF/CDN detected on all hosts; warn on partial coverage; fail on none.
Origin IP Exposure
Pass if origin is not exposed; fail if origin IP is directly reachable.
HTTPS Consistency
Pass if all hosts use HTTPS; warn on mixed; fail on HTTP-only.
Findings & How to Fix Them
These are the specific findings RedScore may report for this category, along with remediation guidance.
origin_ip_exposedConfigure your WAF/CDN to prevent direct access to origin server IPs. Restrict origin firewall rules to only accept traffic from your CDN's IP ranges.
no_httpsEnable HTTPS on all internet-facing hosts. Use automated certificate issuance (e.g. Let's Encrypt) if cost is a concern.
mixed_scheme_infrastructureStandardize all hosts on HTTPS and redirect HTTP to HTTPS. Ensure certificates are valid on every endpoint.
no_waf_cdn_detectedPlace web-facing hosts behind a WAF or CDN to add a protection layer and reduce direct exposure.
infra_probe_missingEnsure that infrastructure hosts are reachable for scanning. Unreachable hosts cannot be evaluated.
partial_waf_coverageExtend WAF/CDN coverage to all public-facing hosts, not just the primary site.