95
EXCEPTIONAL

[ cyphers ] score

TLS Validated by [ cyphers ] scout
FEB 2026

Harden your TLS Now

This endpoint looks well-configured. You can still enhance your connection security.

This is my server Get a free TLS certificate, generate a hardened server config, and verify your score improvement. Launch Remediation Wizard
I'm connecting to it Use a Cyphers proxy or SDK integration to connect safely with enforced TLS best practices on your side. View Safe Connection Tools

Connect Safely via Cyphers Proxy

[cyphers] Endpoint Tools allow you to connect safely to a server even though it will allow for insecure connections. Your connection will be secure regardless of the server's security posture.

These proxies don't modify the remote server — they enforce TLS best practices on your side of the connection. Traffic is routed through the Cyphers proxy network which negotiates the strongest available cipher suite and rejects connections that fall below your configured threshold.

Certificate

Subject www.bbc.com
Issuer GlobalSign RSA OV SSL CA 2018
Valid From 27/06/2025
Valid Until 27/07/2026
Days Remaining 158
Key RSA 2048-bit
OCSP Stapling Yes
SCT No

Compliance Status

PCI-DSS 4.2.1
Passed
NDcPP FCS_TLS_EXT.1
Passed
HIPAA
Passed

Supported Cipher Suites

11 ciphers across 2 protocols — 3 insecure
TLS1.3 3 ciphers
TLS_AES_128_GCM_SHA256 STRONG
TLS_AES_256_GCM_SHA384 STRONG
TLS_CHACHA20_POLY1305_SHA256 STRONG
TLS1.2 8 ciphers 3 insecure
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ACCEPTABLE
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ACCEPTABLE
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ACCEPTABLE
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ACCEPTABLE
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ACCEPTABLE
TLS_RSA_WITH_AES_128_GCM_SHA256 INSECURE
TLS_RSA_WITH_AES_128_CBC_SHA INSECURE
TLS_RSA_WITH_AES_256_CBC_SHA INSECURE

Protocols

2 of 4 supported
TLS 1.0 Disabled
TLS 1.1 Disabled
TLS 1.2 Enabled OK
TLS 1.3 Enabled GOOD

Findings

0 Critical
0 Major
0 Minor
5 Info
Protocol
TLS 1.3 Support INFO
TLS 1.3 is supported
Certificate
Certificate Validity INFO
Certificate is valid for 158 more days
OCSP Stapling INFO
OCSP stapling is enabled
Certificate Transparency (SCT) INFO
-5 pts
No Signed Certificate Timestamps (SCT) found
Observed: No SCT in TLS handshake or certificate
Expected: SCT present for Certificate Transparency compliance
Remediation: Use a CA that supports Certificate Transparency. Most modern CAs include SCTs by default.
Loading fix...
Headers
HSTS INFO
HSTS is enabled with max-age=31536000 seconds
All Clear

No failed checks detected. This endpoint has a healthy TLS configuration.

Recommended Profile

Based on the current score (95), we recommend the Exceptional hardening profile for your client-side tools:

Score History

Scan History

Scan ID Score Tier Findings Time
sc_21395260-cb5 95/100 Exceptional [] 5 2/18/2026, 7:46:13 PM
sc_9343f5d6-77e 95/100 Exceptional [] 5 2/18/2026, 7:44:55 PM