What is the security rating for clevelandclinic.org?

clevelandclinic.org has a security posture score of 85/100 (Pass) based on 8 passive checks covering TLS, DMARC, headers, breaches, CVEs, DNS, and certificates. Scanned February 15, 2026.

Is clevelandclinic.org secure?

clevelandclinic.org meets LynxRadar's threshold with 85/100. 5 passed, 3 warnings, 0 failures.

Pass

clevelandclinic.org

Item: clevelandclinic.org
Rating: 85
Author: LynxRadar

Security posture assessment · Scanned February 15, 2026

Findings

5 · 3 · 0

Checks

8 passive

Executive Summary AI-GENERATED

clevelandclinic.org scored 85/100, demonstrating a strong security posture. Minor improvements are noted below.

Positive signals: TLS Configuration, DNS Configuration, DMARC / Email Security all passed.

3 action items identified, including 0 critical. The issues are configuration gaps, not architectural problems. A focused remediation effort of 2–5 days could address all findings.

Action Items

Ordered by priority · 3 items

Increase HSTS max-age duration

Effort: < 30 minutes Owner: Web server administrator

medium

HSTS is enabled but the max-age (0s) is below the recommended minimum of 15768000s (6 months). A short max-age means browsers forget the HTTPS-only policy quickly, reducing protection between visits.

Compliance Impact

PCI-DSS 4.0Req 6.4.1

Application security header configuration

Remediation Steps

Update header: Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

Verify: curl -sI https://clevelandclinic.org | grep -i strict

🔒

Unlock the full remediation plan

Get detailed steps, compliance mapping, and ownership for all 3 action items. Free — just enter your work email.

No spam. We'll only contact you about this report.

✓ Report unlocked. Scroll down for full details.

Review certificate configuration — expires in 27 days

Effort: 1–2 hours Owner: Infrastructure / DevOps

medium

Certificate issues found for clevelandclinic.org: certificate expires in 27 days. Ensure auto-renewal is configured to prevent expiry. These are operational hygiene items, not immediate security risks.

Remediation Steps

Verify auto-renewal is configured (Let's Encrypt: certbot renew --dry-run)

Consolidate certificate issuance to 1–2 trusted CAs

Add optional security headers (Referrer-Policy, Permissions-Policy)

Effort: < 1 hour Owner: Web server administrator

low

clevelandclinic.org has most security headers configured. Missing: Referrer-Policy, Permissions-Policy. These are best-practice additions that reduce the attack surface for client-side vulnerabilities.

Remediation Steps

Add: Referrer-Policy: strict-origin-when-cross-origin

Add: Permissions-Policy: camera=(), microphone=(), geolocation=()

Scan Findings

HSTS Header

Warning

Security Headers

Warning

Certificate Hygiene

Warning

TLS Configuration

Healthy

DNS Configuration

Healthy

DMARC / Email Security

Healthy

Known Breaches

Healthy

CVE Exposure

Healthy