Check DNS, Urls + Redirects, Certificates and Content of your Website

Short FAQ show
  • How do I use that tool?

    • Insert a valid domain name, without http:// or https://, without www:
      • yourdomain.com
      If you check a domain name, non-www and www (if defined), http and https is checked.
    • Add a port or / and a file and path:
      • yourdomain.com:5001
      • yourdomain.com/subfolder-of-your-domain
      • yourdomain.com/subfolder/file-to-check.html
      • yourdomain.com:5001/subfolder/file-to-check.html
    • Insert a valid / public ipv4- or ipv6-address:
      • 1.1.1.1
      • 2a01:238:301b::1226
      • ipv6 with port:
        [2a01:238:301b::1226]:443
    • If you check an ip address, you may add your domain name in the "hostname" field.
      That's helpful if your domain has an ipv4-address and if you want to add an ipv6-address.
      You can check your ipv6-address without having an AAAA-record in your DNS.
      Checking ip addresses no DNS-checks are done -> that's very short.
  • If you check a port, normally one check (http or https) is wrong. Ignore that wrong result. Typical programs use only one protocol with one port. There are some programs (Ookla Speedtest, VestaCP, WebMin) who are able to use one port with both protocols http/https.
  • Insert a valid Internationalized Domain Name (IDN)
    • First click: The IDN is transformed to the xn-- version.
    • Second click: The check starts with the xn-- version.
    • The result of an IDN-check shows both versions.
  • Which Grade should I have?

    • If it is your first certificate: Grade B without HSTS and without Cookie errors.
    • If your certificate renew works: Grade A with HSTS. If your certificate renew really works, you may add the domain to the Google Preload list. Then browsers use always https to connect your domain. That's Grade A+.
    • Short:
      Fatal:
      • Domain doesn't end with a public suffix, isn't registered, private ip addresses are defined (Z, U, Y).
      • Port 80 and port 443 must answer, no TCP-errors (V, W), Timeouts (T), Server Errors (S)
      • No global SSL error (P), http over port 443 or https over port 80 (Q)
      • All certificates are valid (no N), no misconfiguration (M), no wrong redirects (R)
      • No old/weak connection (O), no Loop (L), no different ip addresses of the same domain name with different answers (K)
      • No mixed content / missing resources, errors in svg definitions etc. (I)
      If you have one of these errors, users may have problems using your site.
      Better:
      • No http result (H)
      • Correct redirects (no F, E, D)
      • If non-www + www is defined: One destination (no C)
      • No cookie errors, all https cookies secure, SameSite-Attribute (B without warnings)
      • If HSTS is defined: No HSTS-parse errors
  • If you use HSTS and your certificate is invalid (wrong domain name, expired, revoked), visitors can't create an exception in their browser. So it's impossible to visit your site. HSTS requires an always valid certificate, so you shouldn't add HSTS if you don't know your certificate renew works.

    But if the certificate renew works, HSTS + Preload is an amazing feature. Browsers connect your domain only via https, so it's impossible to add cookies via http.


Do you like this page? Support this tool, add a link on your page:

<a href="https://check-your-website.server-daten.de/" target="_blank">Check your Website</a>