Security Check
Free TLS & SSL Grade Check
Check your domain TLS configuration and get an SSL Labs-equivalent grade. Identifies weak cipher suites, deprecated protocol versions, certificate issues, and missing HSTS.
Check your TLS grade →What's Checked
- SSL Labs equivalent A+ through F grade
- TLS protocol version assessment (1.0, 1.1, 1.2, 1.3)
- Cipher suite strength review
- Forward secrecy verification
- Certificate chain completeness check
- Certificate validity and expiry
- HSTS header presence and duration
- HSTS preload eligibility
TLS is not just HTTPS — configuration matters
Having a padlock in the browser bar is the minimum. How TLS is configured determines whether it actually protects your users. A server that supports TLS 1.0 or weak cipher suites is vulnerable to downgrade attacks even with a valid certificate. VP Shield assesses your TLS configuration the same way SSL Labs does — identifying the exact issues pulling your grade down.
Common Questions
- What does SSL Labs A+ mean?
- An SSL Labs A+ grade indicates that your TLS configuration uses modern protocols (TLS 1.2 and 1.3 only), strong cipher suites with forward secrecy, a valid certificate chain, and an HSTS header with a minimum 6-month max-age. It is the gold standard for HTTPS configuration.
- Why would I be graded below A?
- Common reasons include: TLS 1.0 or 1.1 still enabled, weak cipher suites (RC4, DES, 3DES, CBC-mode without mitigations), missing or short HSTS header, incomplete certificate chain, or a certificate issued by an untrusted CA. VP Shield explains which specific issues are affecting your grade.
- My site uses Cloudflare. Does that affect my TLS grade?
- Yes — Cloudflare terminates TLS at its edge, so your grade reflects Cloudflare's TLS configuration, not your origin server's. Cloudflare's default settings often achieve a high grade, but HSTS must be configured in the Cloudflare dashboard to reach A+.
Run a free domain security scan
VP Shield checks DNS, TLS, email authentication, security headers, and subdomain takeover risk for any domain. Free, no login, two minutes.
Related Services
Free DNS Hygiene Check
Instantly check your domain DNS configuration for dangling CNAMEs, missing CAA records, nameserver consistency issues, and other misconfigurations that expose your organisation to attack.
Check your DNS →Free Email Authentication Check
Check your domain SPF, DKIM, and DMARC configuration in seconds. See whether your domain can currently be spoofed for phishing email and get specific fixes to close the gap.
Check email authentication →Free HTTP Security Headers Check
Check your website HTTP security headers — CSP, HSTS, X-Frame-Options, Referrer-Policy, Permissions-Policy — and get a Mozilla Observatory-equivalent grade with specific recommendations.
Check security headers →