Security score just "B"

Hello,

I was looking at the "Security score" of a customer site on webpagetest.org. I discovered that it only says "B". Is there a way to increase the security score of refraktiv.com with Let's encrypt from "B" to "A"?

Thanks & greetings,
Mace

That site shows you the reason they scored it that way:

Unfortunately, this is really not a forum for these types of questions/answers.

I agree with my fellow volunteer above: the "X frame options" and "Content Security Policy" are not TLS related. And as this is a Community specifically for Let's Encrypt and also for TLS/certificate related stuff in a broader sense, I'm afraid the issues you are facing are not really something for this Community.

2 Likes

That B means you should BEE POSITIVE about improving your site's security score!

There are many links in this forum to security analyzer tools. They will generally help you optimize your security settings if you look at their errors. You can also check to ensure your site is using the current recommended settings from Certbot.

3 Likes

Thanks!

Mace

1 Like

This is actually outside the scope of Let's Encrypt which only provides certificates signed by a CA. You'll need to take their advice regarding HTTP headers to fix that particular score.

Running ssllabs.com test on the mentioned site reveals an A+ rating for certificate and protocol, so Let's Encrypt is doing everything it possibly can.

1 Like