This post is regarding the SSL Labs server test.
Today many sites are CDN based, hence the same site is distributed across many different local IPs around the world.
This may lead to a non-unified actual SSL implementation, where, for example, you may scan a specific IP that will show a grade of “A” but the actual status for the same site, but for another IP, located in another geo-location – would actually be “C”, but it is not scanned as your DNS query never got its IP as a DNS reply.
So, I suggest that:
- You will add to the results page a note that the results are location depended and they are may not cover all of the site’s actual SSL implementation, around the world (if such distribution is used)
- You will add to the results page the geo location of the queried DNS (in a country level, I think it is accurate enough) and possibly the IP address of the queried DNS
- If possible, maybe with a CDN partner (for a pay or as a kind of marketing move), you will add to the initial page, where users enter the FQDN to scan – add a GUI element to choose a geo-location scan source, so the scan will run based on querying a geo-matching DNS server (I guess per country, begin with at least major countries at each continent). This way it will be possible to scan for various geo-locations and get a more accurate view of the real SSL status for a site, from many geo-“views”