How do I get an A+ from the Site Scanner?
The Site Scanner requires the following combination of settings in order to get an A+:
If you are running Windows Server 2016 or 2019, using the PCI 3.2 or Strict templates and adding HSTS to your website will result in an A+.
If you are running Windows Server 2012 R2 or lower this update (KB3174644) must be applied. Then select the PCI 3.2 or Strict template and check TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 and TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 in the Cipher Suites tab. Finally add HSTS to your website.