ITPIN shouldn't be compliant if crypto and cert don't have data i.e N/A

[sayaHub]

As shown in the picture below

[tallardyce]

Hey, adding to this -- I don't think the ITPIN column is necessarily the concern but rather the N/A. another example:

This domain gets an A+ on SSL Labs and Hardenize passes all tests, including the certificates -- it reports a good chain.

I did notice that the domain uses a number of app-sec headers, which may be interrupting sslyze? AFAIK sslyze only checks the HTTPS endpoint, which is where the headers are set.

X-Content-Type-Options: nosniff, NOSNIFF X-Frame-Options: SAMEORIGIN, SAMEORIGIN X-Permitted-Cross-Domain-Policies: master-only X-Powered-By: PHP/5.6.18-1+deb.sury.org~trusty+1 X-UA-Compatible: IE=edge X-XSS-Protection: 1; mode=block