Every term that turns up in a site safety check, explained without jargon. If a report told you something is missing and you are not sure what it means, start here.
A DNS record listing who is allowed to send email using your domain.
A DNS record telling inboxes what to do with email that fails your checks.
A cryptographic signature that proves an email really came from your domain.
A way of signing DNS answers so they cannot be quietly forged.
A DNS record naming which authorities may issue certificates for your domain.
The general purpose DNS record that holds SPF, DMARC and verification strings.
The public record of who registered a domain and when.
How long a domain has existed, and why brand new ones deserve caution.
A header that tells browsers to only ever reach your site over HTTPS.
A header controlling what a page is allowed to load and run.
A header stopping other sites from putting yours in a hidden frame.
A header controlling how much of your URL is leaked to other sites.
Instructions your server sends browsers to switch on extra protection.
A standard file telling researchers how to report a security problem.
Tricking someone into clicking something they cannot see.
An HTTPS page loading some parts insecurely over HTTP.
The file that lets a site prove its identity and encrypt the connection.
The protocol that actually encrypts the connection. SSL is its old name.
HTTP over an encrypted connection. The padlock in your address bar.
An organisation browsers trust to issue certificates.
A certificate nobody vouched for, which browsers warn about.
Messages that impersonate someone to steal passwords or payment details.
Software built to damage a device or steal from the person using it.
Registering lookalike domains to catch people who mistype or misread.
Hidden code on a checkout page that copies card details as they are typed.
Google's blocklist of sites known for malware or phishing.
When information a business holds is exposed or stolen.
A seal claiming a site has been checked. Only useful if it can be verified.
Asking your card provider to reverse a payment that went wrong.
The card industry security rules that apply if you take card payments.
When a shopper fills a cart and leaves without paying.
A second step at login, so a stolen password is not enough.
Run a free check and find out in seconds, then fix whatever needs fixing.