Does your site offer the modern TLS 1.3 encryption that AI crawlers expect?
Confirms your HTTPS connection uses the current encryption standard rather than an older, deprecated version.
What this signal tests
We open a secure connection to your site and ask which version of TLS, the protocol behind HTTPS, your server is willing to use. We then check whether TLS 1.3, the current standard published in 2018, is on offer. If your server only supports older versions like TLS 1.2 or below, the signal fails. TLS 1.3 is faster and removes weak cryptography the older versions still permit.
Why it matters for your visibility in AI
AI crawlers and shopping agents are increasingly strict about transport security. Many reputation systems that feed AI retrieval pipelines downgrade or skip domains that only offer older TLS, treating them as poorly maintained. That means your content may be quietly excluded from the answers ChatGPT, Perplexity, Google AI Overviews, and similar tools generate. The consequence is invisibility rather than a visible error. Browsers will still load your site over TLS 1.2, so you may not notice anything is wrong. But AI agents making automated decisions about which sources to cite often draw the line at TLS 1.3, particularly for any flow involving transactions, account data, or fact-grounding.
Pass criteria at a glance
| Criterion | Passes when |
|---|---|
| ServerHello advertises 0x0304. |
How we test it
We connect to your domain on port 443 and perform the start of a normal HTTPS handshake, asking the server to list which TLS versions it accepts. We look for the value that represents TLS 1.3 in the server's response. We do not transfer any page content, log in, or do anything beyond confirming what protocol versions your server advertises. The whole check completes in well under a second.
Show technical detection method
TLS ClientHello with supported_versions listing 0x0304; verify ServerHello supported_versions returns 0x0304.
If your site fails: how to fix it
- Identify what serves HTTPS for your site. If you sit behind a CDN like Cloudflare, Fastly, or Akamai, the CDN controls TLS for you and TLS 1.3 is almost always available in the dashboard under SSL or TLS settings.
- If your origin server runs nginx, ensure the ssl_protocols directive reads `ssl_protocols TLSv1.2 TLSv1.3;` and reload the config. For Apache, set `SSLProtocol -all +TLSv1.2 +TLSv1.3` in the SSL virtual host.
- If your site is hosted on a managed platform like Vercel, Netlify, Render, or Cloudflare Pages, TLS 1.3 is enabled by default and you have nothing to change. Confirm by re-running the scan.
- If you cannot edit the server config, contact your hosting provider and ask them to enable TLS 1.3. Most major hosts have supported it for years and only need a flag flipped.
- After making the change, re-test using the SSL Labs server test at ssllabs.com/ssltest or re-run the AI Ready Test scan.
Quick facts
| Maturity | ESTABLISHED |
|---|---|
| Weight | high |
| Category | Trust & Provenance |
Primary sources
Related signals
Frequently asked questions
Will I need IT help to fix this?
Usually no. If your site is behind a CDN or on a managed host, enabling TLS 1.3 is a single setting in the dashboard. Only self-hosted origin servers with custom nginx or Apache configs may require a developer to edit and reload the config file.
Will switching to TLS 1.3 break older browsers or visitors?
No, because servers can offer multiple TLS versions side by side. Modern visitors will use TLS 1.3, while older clients can still connect over TLS 1.2. You only have a problem if you actively disable TLS 1.2, which most guidance does not recommend yet.
How long until the change takes effect?
Immediately for CDN dashboard changes and for server config reloads. There is no DNS propagation to wait for. Once your server starts advertising TLS 1.3, the next handshake from any client, including ours, will reflect it.
Does TLS 1.3 affect my SEO or search rankings?
Indirectly. Search engines and AI crawlers favour sites that signal modern operational hygiene, and TLS 1.3 is one of the cheapest such signals. It is unlikely to be the single deciding factor in a ranking, but combined with other trust signals it contributes to how machine systems weight your domain.
Run your own scan
Run a free scan and see how your site grades across all 155 AI-readiness signals.