Skip to main content

Trust Scoring

The score field in an AiHint document represents a trust assessment of the target domain, expressed as a number from 0.0 (no trust) to 1.0 (full trust).

This page explains what the score means, how it can be calculated, and how AI systems should interpret it.

What the Score Represents

The trust score is a single numeric summary of how trustworthy a domain is, based on the scoring methodology identified in the method field. It is not a guarantee — it is a signal that AI systems can factor into their decision-making alongside other information.

The score is always:

  • Issuer-specific: Different issuers may assign different scores to the same domain, based on their own criteria.
  • Method-specific: The method field identifies which scoring methodology was used, allowing consumers to weight scores accordingly.
  • Time-bound: Scores are valid only between issued_at and expires_at.

Trust Levels

While the score is a continuous value, it can be interpreted using these general trust levels:

Score RangeLevelDescription
0.90–1.00Very HighComprehensive verification passed. Strong trust signals across all categories.
0.70–0.89HighMost verification checks passed. Minor gaps in trust signals.
0.50–0.69MediumBasic verification passed. Some trust signals present but incomplete.
0.30–0.49LowLimited verification. Few trust signals detected.
0.00–0.29Very LowMinimal or no verification. Significant trust concerns.

Scoring Methodology

The AiHint standard does not mandate a specific scoring algorithm. The method field identifies which methodology was used, so consumers can evaluate scores in context.

However, a reference scoring methodology — aihint-core-v1 — evaluates domains across multiple signal categories:

Signal Categories

CategoryWhat It Measures
SSL/TLSCertificate validity, strength, and configuration
Security HeadersPresence and correctness of HTTP security headers (CSP, HSTS, X-Frame-Options, etc.)
Domain ReputationDomain age, registration history, DNS configuration
PrivacyPresence of a privacy policy, GDPR compliance signals
Contact InformationAvailability of contact details, business registration info
Content QualityPage structure, accessibility, content coherence
Malware / BlocklistsWhether the domain appears on known malware or phishing blocklists

Scoring Phases

The reference methodology uses a three-phase approach:

  1. Data Collection — Automated analysis gathers raw signals from the target domain (HTTP responses, DNS records, page content, certificate info, third-party databases).

  2. Signal Scoring — Each signal category produces a sub-score from 0.0 to 1.0 based on predefined criteria.

  3. Aggregation — Sub-scores are combined using weighted averaging into a single final score. Weights reflect the relative importance of each category to overall trust.

How AI Systems Should Use the Score

  • Check expiration first: If expires_at is in the past, discard the hint and attempt to fetch a fresh one.
  • Verify the signature: An unverified score should not be trusted. Always verify the signature before using the score.
  • Consider the issuer: A score from a well-known issuer carries more weight than a self-signed score.
  • Use as one signal among many: The trust score is an input to decision-making, not a final verdict.

What the Score is NOT

  • Not a safety guarantee — A high score does not mean the site is safe for all purposes.
  • Not permanent — Scores expire and can change when re-evaluated.
  • Not universally comparable — Scores from different issuers using different methods are not directly comparable.

Self-Signed vs. Issuer-Signed Scores

TypeUse CaseTrust Implication
Self-signedDevelopment, testing, private useScore reflects the site owner's own assessment. No third-party validation.
Issuer-signedProduction, public-facingScore reflects an independent third-party assessment. Verifiable via the issuer's public key.

Self-signed hints are valid according to the protocol but carry no third-party trust. AI systems may choose to weight them differently.

Next Steps