SSL Labs / Qualys SSL scanner
SSL Labs is a free TLS/SSL assessment service from Qualys that probes a server's HTTPS configuration — protocols, ciphers, certificate chain, and known vulnerabilities — and produces a letter-grade report. It runs on demand when someone tests a hostname, connecting to the public HTTPS endpoint rather than crawling page content. It appears in logs as TLS handshakes and probes against port 443, not as content indexing.
What this means
Qualys SSL Labs assesses how well a web server is configured for HTTPS. When a hostname is submitted, it connects to the public HTTPS endpoint and tests supported protocols, cipher suites, certificate validity and chain, and exposure to known TLS weaknesses, then assigns a grade.
This is configuration assessment, not crawling. SSL Labs does not index your page content; it evaluates the security of the TLS layer. Treat its probes as security-testing traffic, typically initiated by you or a third party checking your site.
How it identifies itself
SSL Labs is an on-demand service: probes occur when a hostname is submitted to the public test or its API. The activity shows up as TLS handshakes and HTTPS connections from Qualys SSL Labs infrastructure rather than as a documented robots.txt crawl token.
Because it operates over the TLS layer, robots.txt does not govern it. Identify it by the probe pattern against port 443 and Qualys SSL Labs origin context.
- Operator: Qualys (SSL Labs assessment service)
- Scope: TLS/SSL configuration — protocols, ciphers, certificate chain
- On-demand: runs when a hostname is submitted for assessment
robots.txt considerations
robots.txt does not control SSL Labs, because the assessment operates at the TLS/transport layer rather than crawling pages. There is no content crawl to disallow.
If you do not want third parties assessing your TLS publicly, that is a network/exposure decision, not a robots.txt one. The assessment only reads what your public HTTPS endpoint already presents to any client.
How it appears in analytics and logs
An SSL Labs probe means someone requested a TLS/SSL assessment of your hostname. It is on-demand security-scanning traffic against your HTTPS endpoint, not a human visit, not search indexing, and not necessarily an attack — usually an operator or third party checking your configuration.
Diagnostic use case
Recognise SSL Labs probes in logs when someone tests your HTTPS configuration, distinguish a TLS assessment from a content crawl or hostile scan, and read it as an on-demand security check.
What WebmasterID can help detect
WebmasterID classifies SSL Labs probes server-side as security-scanning bot activity and surfaces them on the bot-intelligence surface, so on-demand TLS assessments stay separate from human analytics.
Common mistakes
- Mistaking an SSL Labs TLS probe for a content crawler or a hostile attack.
- Expecting robots.txt to stop a TLS-layer assessment — it cannot.
- Counting security-scan probes as human visits in analytics.
Privacy and accuracy notes
Identification uses only the request characteristics and TLS handshake. No visitor identity is involved. WebmasterID records the probe as a bot event, separate from human analytics, and never attaches it to a profile.
Related pages
- Netsparker / Invicti scanner
Netsparker, rebranded as Invicti, is a commercial dynamic application security testing (DAST) scanner. It crawls a target web application and actively tests inputs for vulnerabilities such as injection and misconfiguration, producing a security report. It is a security-testing tool meant to be run against your own sites with authorization, not a search engine, and its traffic looks like aggressive crawling plus probe requests.
- Qualys web application scanner
Qualys operates security scanning that assesses web applications and infrastructure for vulnerabilities and misconfigurations. Some Qualys scanning is authorised by the site owner (an internal security assessment); some is part of broader internet measurement. It is a security tool, not a search crawler, and its probes appear in logs as scanning rather than content fetching for ranking.
- Security scanners vs search crawlers
Security scanners (Censys, Shodan, BinaryEdge, Qualys and similar) probe hosts, ports, and application surface to assess exposure and find vulnerabilities. Search crawlers (Googlebot, Bingbot) fetch and index content to rank it. Confusing the two leads to wrong robots.txt decisions and misread logs: robots.txt governs content crawling, not port scanning, and scan traffic should never be counted as audience.
- Website observability
See security scanners and probes reaching your site, recorded server-side.
Sources and verification notes
- Qualys SSL Labs — SSL Server TestOn-demand TLS/SSL assessment service; operates at the TLS layer, not via page crawling.
Last reviewed 2026-06-24. Facts are checked against primary/official sources where available; uncertain specifics are marked “Data not yet verified” rather than guessed.