Security
OCSP Stapling
Server attaches a fresh signed revocation status during the TLS handshake — so clients don't have to call out to the CA. Faster handshakes, better privacy.
What it is
RFC 6066 status_request extension. The TLS server fetches an OCSP response from its CA periodically and 'staples' it to the handshake. Clients verify the response without making a separate OCSP call to the CA.
Why it matters
Without stapling, the browser leaks the visited hostname to the CA on every cold connection — and may soft-fail revocation if OCSP is slow. Stapling fixes both. Combined with Must-Staple (RFC 7633), it becomes hard-fail.
Who it applies to
Every HTTPS endpoint — usually a one-flag origin or CDN setting.
How WQI scores it
Web Quality Index considers this standard satisfied when the supporting factor passes.
| # | Factor | Status |
|---|---|---|
| 91 | OCSP stapling | planned |
0 of 1 supporting factors are currently collected. Sites where the remaining 1 haven't been measured will show as partial or unknown on this standard until the data lands.