Check DNS, Urls + Redirects, Certificates and Content of your Website

0 in Queue, 0 of max. 8 Checks (16:11:06)

Why should you only use Prefix - Cookies? |

Hall of Fame - A+ and A

Short FAQ show

How do I use that tool?
- Insert a valid domain name, without http:// or https://, without www:
  - yourdomain.com
  If you check a domain name, non-www and www (if defined), http and https is checked.
- Add a port or / and a file and path:
  - yourdomain.com:5001
  - yourdomain.com/subfolder-of-your-domain
  - yourdomain.com/subfolder/file-to-check.html
  - yourdomain.com:5001/subfolder/file-to-check.html
- If a port is added, http / https of that port is checked. Never add mail ports. Your mail port isn't a http/https-port.
- Insert a valid / public ipv4- or ipv6-address:
  - 1.1.1.1
  - 2a01:238:301b::1226
  - ipv6 with port:
    [2a01:238:301b::1226]:443
- If you check an ip address, you may add your domain name in the "hostname" field.
  That's helpful if your domain has an ipv4-address and if you want to add an ipv6-address.
  You can check your ipv6-address without having an AAAA-record in your DNS.
  Checking ip addresses no DNS-checks are done -> that's very short and helpful, if your name server is buggy / slow.
  Sample: https://check-your-website.server-daten.de/?q=2a01:238:301b::1226&h=www.server-daten.de - Grade A.
Never check _acme-challenge - Subdomains. That's a valid dns name, but not a valid domain name, because it starts with a "_". So it's impossible to connect that subdomain via http / https. Check your main domain example.com. The _acme-challenge.example.com TXT entry ist checked, see the TXT part.
If you check a port, normally one check (http or https) is wrong. Ignore that wrong result. Typical programs use only one protocol with one port. There are some programs (Ookla Speedtest, VestaCP, WebMin, DirectAdmin) who are able to use one port with both protocols http/https.
Insert a valid Internationalized Domain Name (IDN)
- First click: The IDN is transformed to the xn-- version.
- Second click: The check starts with the xn-- version.
- The result of an IDN-check shows both versions.
Sometimes special code parts are updated. That requires, that no check is running. So new jobs are added to the Queue, but not executed (max. 0 Checks). Wait some minutes.
QR Code of your domain name required? Double-click in the text box.
Which Grade should I have, if the domain name has a website?
- If it is your first certificate: Grade B without HSTS and without Cookie errors. Yes, without HSTS, don't add HSTS if it's your first certificate.
- If your certificate renew works: Grade A with HSTS. If your certificate renew really works, you may add the domain to the Google Preload list. Then browsers use always https to connect your domain. That's Grade A+.
- Short:
  Fatal:
  - Domain doesn't end with a public suffix, isn't registered, private ip addresses are defined (Z, U, Y).
  - Port 80 and port 443 must answer, no TCP-errors (V, W), Timeouts (T), Server Errors (S)
  - No global SSL error or only Tls.1.3 (P), http over port 443 or https over port 80 (Q)
  - All certificates are valid (no N), no misconfiguration (M), no wrong redirects (R)
  - No old/weak connection or insecure Cipher Suites (O), no Loop (L), no different ip addresses of the same domain name with different answers (K)
  - No mixed content / missing resources, errors in svg definitions etc. (I)
  If you have one of these errors, users may have problems using your site.
  Better:
  - No http result (H)
  - Correct redirects (no F, E, D)
  - If non-www + www is defined: One destination (no C)
  - No cookies via http or cookie errors, all https cookies secure, SameSite-Attribute (B without warnings)
  - If HSTS is defined: No HSTS-parse errors
If you use HSTS and your certificate is invalid (wrong domain name, expired, revoked), visitors can't create an exception in their browser. So it's impossible to visit your site. HSTS requires an always valid certificate, so you shouldn't add HSTS if you don't know your certificate renew works.

But if the certificate renew works, HSTS + Preload is an amazing feature. Browsers connect your domain only via https, so it's impossible to add cookies via http.
If your domain is preloaded: That means, your domain is in the alpha source code of Chrome included. Beta follows, then the stable version, two months. Check chrome://net-internals/#hsts - there "Query HSTS/PKP domain". Use server-daten.de to see the output of a preloaded domain, compare it with your domain. If you see "Not found", you have to wait some weeks.
I dont't run a website, I want to check my mail server ...
May be you have a pure mail server without a website. Then check it.
All standard mail ports are checked: 25, 110, 143, 465, 587, 993, 995. With their certificates, port 25 / 587 via STARTTLS.
See the Connections- and the Portcheck-Part.
Check your mail server Cipher Suites: Port 25, 465, 587, 993, 995.
Port 25 / 587 have an additional Open-Relay-Check. That's tested after switching to TLS via STARTTLS.
Some informations are domain-specific. If you check mail.yourdomain.net, you won't see a MX-result (because you don't have own MX entries with mail.yourdomain.net). Instead check yourdomain.net.
The result-calculation is website-specific. If you check a pure mail server without port 80 / 443, ignore the grade.
Don't check your mail ports directly, yourdomain.com:25, yourdomain.com:465 etc. is always wrong. Your mail port isn't a http- or https-port. To check your mail ports, check yourdomain.com
Cipher Suites...
219 Cipher Suites are checked with an own-compiled OpenSsl-Version 1.1.1 (started 2022-08-09). That works with ipv4 and ipv6
That version checks some old and normally deactivated ciphers: RC4, -NULL-, anonymous ciphers.
15 additional Ciphers are checked with the old OpenSsl 0.9.8. Ciphers with MD5, Export-Ciphers. That doesn't work with IPv6. These Ciphers are removed in OpenSsl 1.0.2.
Official versions: 1.1.1 doesn't check weak ciphers, 1.0.2 doesn't work with ipv6. Using these official versions it was impossible to check ipv6 with RC4 / -NULL- / anon.
Check of one combination Domain + IP + Port: Max. 60 - 120 seconds. Longer: Your configuration is too slow or you use too much Cipher Suites. Max. 10 - 20 are required. Half of all Cipher Checks need max. 120 seconds, 2 checks per second.
Ssl2 / Ssl3 active, insecure Ciphers or missing FS (Forward Secrecy) - Grade O. That's a global server configuration, so all ports are used to calculate the result.
Older results are not recalculated, so you may see results Grade B + no FS etc.

...

skip EDNS-Check

skip Content-Check

check links

∑

A+

Top + Preload

687

Top

2996

no HSTS, unsecure Cookies

13019

Many http status 200

6868

redir http ⇒ http

637

http ⇒ https other domain

6340

https ⇒ http

972

result http

7991

Content problems

21738

General Configuration

2050

ip addresses with diff. status

219

Loop - fatal

4144

Misconfiguration

7325

Certificate not trusted

86248

old connection

9820

Tls-Protocol error

7317

http sent over port 443

5669

redir not existing domain

1103

Server error (500)

10782

Timeout

51067

Unknown - no dns / wrong IDN

17136

Connect failure

41461

wrong Web-Response

9517

DNS-problem Nameserver

59949

private IP

7494

private, tld not in PSL

3495

⁕

running jobs

⁂

Queue

error

started

2018-10-27

2,430 days

Domains

158.87 / day

386,049

last 24 h

Dom./Checks

25/26

Checks

235.84 / day

573,086

Do you like this page? Support this tool, add a link on your page:

<a href="https://check-your-website.server-daten.de/" target="_blank">Check your Website</a>

Do you really want to support this project? Donate: Check-your-website, IBAN DE98 1001 0010 0575 2211 07, SWIFT/BIC PBNKDEFF, Euro

QR-Code of this page - https://check-your-website.server-daten.de/

share.google/qBhK4Lu4QqzEpzimN	O
cssl.top	V
ledermann.dev	A+
griemel.de	X
skrebl.eu	X
legitstore.com.ng	L
rus-trust.ru	X
sebselis.org	O
thrigun.com	H
sailorenergy.net	X
infinityfree.net	I
10.0.0.1/8080	Y
roboty.club	X
gitlab.timobile-dev.com	V
al-aboudi.com	N
phpadmin.mx.aladar.com	O
botlb.duckdns.org	T
vpn.scaleagilesolutions.com	T
dtac.co.th	X-
firelightserver.ddns.net	X
ctlgop.duckdns.org	N
hp-67.com	A+
iam.ma	X
spazia.fr/.well-known/acme-challenge/test	X
n8n-tech.cloud	N
youtube.com	I-
weblabsur.com	H
10.168.2.100	Y
mailstore.krackoweragrar-ag.de	Y
feend.space	P
voltagehosting.net	X
cdn5.filehaus.su/files/1731746463_67273/The_Actions_and_Behaviors_of_NantoTheDutchie__c0mplexFox__and_ShepGoesBlep_-_Google_Docs.pdf	V
t33n.ru	U
185.182.193.203:25461	P
fredflix.fr	N

ledermann.dev	A+
hp-67.com	A+
server-daten.de	A+
thrigun.com	H
infinityfree.net	I
legitstore.com.ng	L
al-aboudi.com	N
ctlgop.duckdns.org	N
n8n-tech.cloud	N
share.google/qBhK4Lu4QqzEpzimN	O
sebselis.org	O
phpadmin.mx.aladar.com	O
botlb.duckdns.org	T
vpn.scaleagilesolutions.com	T
cssl.top	V
gitlab.timobile-dev.com	V
griemel.de	X
skrebl.eu	X
rus-trust.ru	X
sailorenergy.net	X
roboty.club	X
dtac.co.th	X
firelightserver.ddns.net	X
iam.ma	X
spazia.fr/.well-known/acme-challenge/test	X
10.0.0.1/8080	Y

10.0.0.1/8080	Y
griemel.de	X
skrebl.eu	X
rus-trust.ru	X
sailorenergy.net	X
roboty.club	X
dtac.co.th	X
firelightserver.ddns.net	X
iam.ma	X
spazia.fr/.well-known/acme-challenge/test	X
cssl.top	V
gitlab.timobile-dev.com	V
botlb.duckdns.org	T
vpn.scaleagilesolutions.com	T
share.google/qBhK4Lu4QqzEpzimN	O
sebselis.org	O
phpadmin.mx.aladar.com	O
al-aboudi.com	N
ctlgop.duckdns.org	N
n8n-tech.cloud	N
legitstore.com.ng	L
infinityfree.net	I
thrigun.com	H
ledermann.dev	A+
hp-67.com	A+

Check DNS, Urls + Redirects, Certificates and Content of your Website

How do I use that tool?

Which Grade should I have, if the domain name has a website?

I dont't run a website, I want to check my mail server ...

Cipher Suites...

∑

Current

Good

Worst