Frequently Asked Questions

On this page we will try to answer questions that are often asked. If your question is not answered here, please contact us at sigma-support(at)

Every registered user at SIGMA can send out ten invitations. So if you know somebody who is registered just ask them to send you one. If you do not know anybody who is registered, you can ask us ;)

We decided to use the invitation system for several reasons: SIGMA is still under development and some functionality may change or be eventually removed. We simply thought it best to keep the active user base smaller to avoid issues.

Another reason is this site is not a commercial site. It is privately developed and run. A larger user base may actually drive us to the point where the cost of running the site becomes too expensive and we would have to severly limit the usage by the individual user.

SIGMA avoids using cookies as far as possible and uses only a session cookie to manage its functionality. When this cookie times out (or is timed out by a security concious browser) you are logged out. Simple as that. Keeping you logged in may be comfortable, but it is also a security risk. And since SIGMA also serves as a prototype for my user management I try to keep as secure as possible.

In the background SIGMA maintains a central table with alle the sites ever registered. When you add a site to your list that is already in that table then you are shown the results immediately and you also have access to the historical data.

When you enter a site that does not exist at SIGMA yet, it is added to the central table and a scan is scheduled. The internal queue manager then picks up the site, submits it to SSL Labs for scanning, and picks up the results when the scanning is done. This process can take up to 30 minutes depending on the nuber of endpoints at your site and the current number of active scans.

Well, we never claimed to be a complete replacement for SLL Labs. The goal of SIGMA is to make it easier keepimg an overview over a lot of sites and for this the available information should be enough. At the same time we are continually tweaking the available functionality and if you covince us to add a certain information (and we have the time for it) we will add it.

You can't, sorry. At the moment each site is automatically queued for a rescan every three days. while best practices do change they usually do not change that quickly. If we become aware of a current threat any admin can queue one or all sites for a rescan manually.

If for some reason the certificate of your site is not trusted your site is assigned the grade 'T'. In these cases the second grade indicates what the grade would be if your certificate were valid.