The web apps we are deploying under the personal plan have a level B rating on securityheaders.com and an A scoring on ssllabs.com. Our customers require an A rating for securityheaders and an A+ rating on ssllabs.
What do we need to improve/change/do to improve these ratings? Or is it a topic for the Anvil hosting department?
Thanks for your help in advance.
Wim
Hello! When using a custom domain you should be able to tick HSTS.
I use Qualsys for all of my apps and always get an A+
I have found that depending on the domain provider it can also help to do some of the DNSSEC set up (there are instructions for Route 53 in this forum, for example).
It’s also good practice to sort out DKIM, which involves a little back and forth with Anvil support and some updates to your DNS records.
Hi @wim.vandebrug,
First things first – if you’re serving customers, particularly customers with expectations like that, I’d advise against using the Personal Plan! Our $15/mo pocket-money tier is just not built for those expectations.
As for increasing your score, the big thing you can do is enable HSTS for your domain in the Publish dialog. Our internal apps that do that score A and A+ respectively.