Check DNS, Urls + Redirects, Certificates and Content of your Website

How do I use that tool?

• Insert a valid domain name, without http:// or https://, without www:
  • yourdomain.com
  If you check a domain name, non-www and www (if defined), http and https is checked.
• Add a port or / and a file and path:
  • yourdomain.com:5001
  • yourdomain.com/subfolder-of-your-domain
  • yourdomain.com/subfolder/file-to-check.html
  • yourdomain.com:5001/subfolder/file-to-check.html
• Insert a valid / public ipv4- or ipv6-address:
  • 1.1.1.1
  • 2a01:238:301b::1226
  • ipv6 with port:
    [2a01:238:301b::1226]:443
• If you check an ip address, you may add your domain name in the "hostname" field.
  That's helpful if your domain has an ipv4-address and if you want to add an ipv6-address.
  You can check your ipv6-address without having an AAAA-record in your DNS.
  Checking ip addresses no DNS-checks are done -> that's very short.

• First click: The IDN is transformed to the xn-- version.
• Second click: The check starts with the xn-- version.
• The result of an IDN-check shows both versions.

Which Grade should I have?

• If it is your first certificate: Grade B without HSTS and without Cookie errors.
• If your certificate renew works: Grade A with HSTS. If your certificate renew really works, you may add the domain to the Google Preload list. Then browsers use always https to connect your domain. That's Grade A+.
• Short:
  Fatal:
  • Domain doesn't end with a public suffix, isn't registered, private ip addresses are defined (Z, U, Y).
  • Port 80 and port 443 must answer, no TCP-errors (V, W), Timeouts (T), Server Errors (S)
  • No global SSL error (P), http over port 443 or https over port 80 (Q)
  • All certificates are valid (no N), no misconfiguration (M), no wrong redirects (R)
  • No old/weak connection (O), no Loop (L), no different ip addresses of the same domain name with different answers (K)
  • No mixed content / missing resources, errors in svg definitions etc. (I)
  If you have one of these errors, users may have problems using your site.
  Better:
  • No http result (H)
  • Correct redirects (no F, E, D)
  • If non-www + www is defined: One destination (no C)
  • No cookie errors, all https cookies secure, SameSite-Attribute (B without warnings)
  • If HSTS is defined: No HSTS-parse errors

But if the certificate renew works, HSTS + Preload is an amazing feature. Browsers connect your domain only via https, so it's impossible to add cookies via http.