1.5 Validate and Monitor
Configuring TLS, especially for use on web sites, has become increasingly complex in recent years. There are so many options to choose that you're virtually guaranteed to get something wrong when you first try. Moreover, things change—sometimes accidentally, sometimes silently through software upgrades. For that reason, we recommend that you find a reliable configuration assessment tool that you trust. Use it periodically to ensure that you stay secure.
Several modern browser technologies come with reporting facilities, which can give you real-time insight into problems that your users are experiencing. CSP supports reporting and even a report-only mode without policy enforcement. A more recent technology, called Network Error Logging (NEL), provides reporting for a wide variety of network problems, including TLS and PKI.1