The SSL Pulse dashboard is a great way to track the progress of the top sites, but the ordering needs some improvement.
- Please can you move "Protocol support" and "Best protocol support" to places 3 and 4. These are the most important measures of website security.
- BEAST and SPDY are both deprecated, so there is no need to track them anymore.
- "OCSP Stapling" is a feature, so should be placed next to HTTP/2
- "0-Length Padding Oracle" is an OpenSSL issue, so should go next to "CVE-2014-0224". The DOODLE and POODLE attacks should be together in a square.
I hope with the forced move to TLS 1.2 that CRIME, DROWN, Heartbleed, RC4 and ROBOT will become legacy problems.
Thanks for making SSLlabs freely available, we have used it to ensure all of our sites are A or A+