Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: SSL Labs vs. - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
SSL Labs vs.
Hello -

I am in an argument for a company we hired to create a web-site (strictly content). One of the things I asked for was that the web-site must score a B or higher at both and . The web-site went live, then I ran the tests. We were getting a C on SSL Labs, and an F by SecurityHeaders. I told them they have to fix it. Now we are getting a B a SSL Labs and still getting an F at Securityheaders. I told them that needed to be fixed, but they are refusing, saying that a B from SSL Labs proves the web-site is secure. According to SecurityHeaders they need to add the following headers:


As a former software engineer I think is should be relatively easy to add them, and it is necessary. I wanted to get the opinion of others. Should web-sites score a B or better on both, or is it still secure if it scores an F on one? Am I being unreasonable by requiring at least a B on both?

Sign Up for Free or Log In to start participating in the conversation!