Comparing one site to another, I cannot see why one is getting capped at "B" for "BEAST Vulneralbility" when both sites accept TLS_RSA_WITH_AES_256_CBC_SHA.
Maybe I'm missing something, but I don't see it. This is irrigardless of that my site shouldn't even be listed as "vulnerable" since OpenSSL versions 0.9.6d and later mitigates BEAST with an “empty TLS record”. (Sources: http://blogs.cisco.com/security/beat-the-beast-with-tls/ - Fourth paragraph; http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html#NOTES)
So, basically I'm asking why my site is listed as vulnerable and DuckDuckGo isn't when both sites offer CBC ciphers? The kicker is that both my site and Wikimedia Blog are using identical webservers, so I feel it's not a configuration issue.